Docker Community Forums

Share and learn in the Docker community.

Update-ca-certificates not working with node:14-alpine

Hi all,

I want to get a project with nodejs running in a docker container. As my base image I would like to use node:14-alpine. My problem is that my company uses their own ssl certificates that I need to add to the certificate store. Because of that I do the following in my dockerfile. Install ca-certificate, add the certificates under /usr/local/share/ca-certificates and call update-ca-certificates. This seems to be not the correct way because when installing dependencies this message appears. When I use alpine:latest as a base image this message does not appear. How do I add the certificates correctly to the certificate store with node:14-alpine? :

node-pre-gyp WARN Using request for node-pre-gyp https download 
node-pre-gyp WARN Pre-built binaries not installable for argon2@0.26.2 and node@14.14.0 (node-v83 ABI, musl) (falling back to source compile with node-gyp) 
node-pre-gyp WARN Hit error self signed certificate in certificate chain
gyp ERR! find Python 
gyp ERR! find Python Python is not set from command line or npm configuration
gyp ERR! find Python Python is not set from environment variable PYTHON
gyp ERR! find Python checking if "python" can be used
gyp ERR! find Python - "python" is not in PATH or produced an error
gyp ERR! find Python checking if "python2" can be used
gyp ERR! find Python - "python2" is not in PATH or produced an error
gyp ERR! find Python checking if "python3" can be used
gyp ERR! find Python - "python3" is not in PATH or produced an error
gyp ERR! find Python
gyp ERR! find Python **********************************************************
gyp ERR! find Python You need to install the latest version of Python.
gyp ERR! find Python Node-gyp should be able to find and use Python. If not,
gyp ERR! find Python you can try one of the following options:
gyp ERR! find Python - Use the switch --python="/path/to/pythonexecutable"
gyp ERR! find Python   (accepted by both node-gyp and npm)
gyp ERR! find Python - Set the environment variable PYTHON
gyp ERR! find Python - Set the npm configuration variable python:
gyp ERR! find Python   npm config set python "/path/to/pythonexecutable"
gyp ERR! find Python For more information consult the documentation at:
gyp ERR! find Python https://github.com/nodejs/node-gyp#installation
gyp ERR! find Python **********************************************************
gyp ERR! find Python
gyp ERR! configure error
gyp ERR! stack Error: Could not find any Python installation to use
gyp ERR! stack     at PythonFinder.fail (/usr/local/lib/node_modules/npm/node_modules/node-gyp/lib/find-python.js:307:47)
gyp ERR! stack     at PythonFinder.runChecks (/usr/local/lib/node_modules/npm/node_modules/node-gyp/lib/find-python.js:136:21)
gyp ERR! stack     at PythonFinder.<anonymous> (/usr/local/lib/node_modules/npm/node_modules/node-gyp/lib/find-python.js:179:16)
gyp ERR! stack     at PythonFinder.execFileCallback (/usr/local/lib/node_modules/npm/node_modules/node-gyp/lib/find-python.js:271:16)
gyp ERR! stack     at exithandler (child_process.js:315:5)
gyp ERR! stack     at ChildProcess.errorhandler (child_process.js:327:5)
gyp ERR! stack     at ChildProcess.emit (events.js:315:20)
gyp ERR! stack     at Process.ChildProcess._handle.onexit (internal/child_process.js:275:12)
gyp ERR! stack     at onErrorNT (internal/child_process.js:465:16)
gyp ERR! stack     at processTicksAndRejections (internal/process/task_queues.js:80:21)
gyp ERR! System Linux 4.19.76-linuxkit
gyp ERR! command "/usr/local/bin/node" "/usr/local/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "configure" "--fallback-to-build" "--module=/directus/node_modules/argon2/lib/binding/napi-v3/argon2.node" "--module_name=argon2" "--module_path=/directus/node_modules/argon2/lib/binding/napi-v3" "--napi_version=7" "--node_abi_napi=napi" "--napi_build_version=3" "--node_napi_label=napi-v3"
gyp ERR! cwd /directus/node_modules/argon2
gyp ERR! node -v v14.14.0
gyp ERR! node-gyp -v v5.1.0
gyp ERR! not ok
node-pre-gyp ERR! build error
node-pre-gyp ERR! stack Error: Failed to execute '/usr/local/bin/node /usr/local/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js configure --fallback-to-build --module=/directus/node_modules/argon2/lib/binding/napi-v3/argon2.node --module_name=argon2 --module_path=/directus/node_modules/argon2/lib/binding/napi-v3 --napi_version=7 --node_abi_napi=napi --napi_build_version=3 --node_napi_label=napi-v3' (1)     
node-pre-gyp ERR! stack     at ChildProcess.<anonymous> (/directus/node_modules/node-pre-gyp/lib/util/compile.js:83:29)
node-pre-gyp ERR! stack     at ChildProcess.emit (events.js:315:20)
node-pre-gyp ERR! stack     at maybeClose (internal/child_process.js:1048:16)
node-pre-gyp ERR! stack     at Process.ChildProcess._handle.onexit (internal/child_process.js:288:5)
node-pre-gyp ERR! System Linux 4.19.76-linuxkit
node-pre-gyp ERR! command "/usr/local/bin/node" "/directus/node_modules/.bin/node-pre-gyp" "install" "--fallback-to-build"
node-pre-gyp ERR! cwd /directus/node_modules/argon2
node-pre-gyp ERR! node -v v14.14.0
node-pre-gyp ERR! node-pre-gyp -v v0.14.0
node-pre-gyp ERR! not ok
Failed to execute '/usr/local/bin/node /usr/local/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js configure --fallback-to-build --module=/directus/node_modules/argon2/lib/binding/napi-v3/argon2.node --module_name=argon2 --module_path=/directus/node_modules/argon2/lib/binding/napi-v3 --napi_version=7 --node_abi_napi=napi --napi_build_version=3 --node_napi_label=napi-v3' (1)
npm WARN notsup Unsupported engine for keyv-memcache@0.8.0: wanted: {"node":"^10.16.0"} (current: {"node":"14.14.0","npm":"6.14.8"})
npm WARN notsup Not compatible with your version of node/npm: keyv-memcache@0.8.0
npm WARN stylelint-config-prettier@8.0.2 requires a peer of stylelint@>=11.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN directus-project@1.0.0 No repository field.

npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! argon2@0.26.2 install: `node-pre-gyp install --fallback-to-build`
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the argon2@0.26.2 install script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

npm ERR! A complete log of this run can be found in:
npm ERR!     /root/.npm/_logs/2020-10-23T12_10_29_282Z-debug.log

/etc/ssl/certs/ca-certificates.crt is actually appending each individual cert from /usr/local/share/ca-certificates.

Get a clean environment (This was my first major issue)
Break your certs chain into a separate parts for each BEGIN/END pair you have.
company-Root.crt
company-X.crt
company-Y.crt
company-Z.crt
company-Issuing.crt
If you’re being extra careful, load one at a time, starting with the company-Root.crt cert, then run update-ca-certificates.
Repeat until all certs have been processed.
Verify that /etc/ssl/certs/ca-certificates.crt contains the updates at the bottom of the file.