Outdated CentOS 7 distro (philcollins/aurora-centos7 hasn't been rebuilt for seven years) is apparently missing some newer root certificates. In particular, certificates signed by Let's Encrypt were rejected (like the one for nodesource.com).
Improvements:
To properly fix the certificate issues, a new base image was needed. Switched from outdated CentOS 7 base image (philcollins/aurora-centos7) to a CentOS Stream 8 base image (quay.io/centos/centos:stream8). CentOS Linux is dead, so the less stable CentOS Stream was used (see here for why this might be bad choice).
The curl and wget calls were removed for simplification. Maven and NodeJS are now fetched straight from the distro's default package repository (the former as maven instead of apache-maven, both quite possibly in a newer versions). The one external package repository still needed (MongoDB is not available in the official CentOS repositories) is set up through Docker's ADD instruction.
The Dockerfile has been rearranged for build caching, specifically the distro repository is only accessed once and as early as possible. The codebase is injected as late as possible, right before first use.
Please note that I'm no Docker expert, and I'm not sure if any of my changes are following the best practices. Also, I haven't managed to get the container fully working yet, so I couldn't test whether these changes (e.g. version upgrade of NodeJS and Maven) might cause new compatibility issues.
Should you decide to merge this PR, I would recommend squashing the commits. I left the earlier one in for reference, because it illustrates the existing certificate issues, but I don't think it's worth preserving beyond this PR.
In collaboration with: @cspaeth
Issues resolved:
philcollins/aurora-centos7
hasn't been rebuilt for seven years) is apparently missing some newer root certificates. In particular, certificates signed by Let's Encrypt were rejected (like the one for nodesource.com).Improvements:
philcollins/aurora-centos7
) to a CentOS Stream 8 base image (quay.io/centos/centos:stream8
). CentOS Linux is dead, so the less stable CentOS Stream was used (see here for why this might be bad choice).curl
andwget
calls were removed for simplification. Maven and NodeJS are now fetched straight from the distro's default package repository (the former asmaven
instead ofapache-maven
, both quite possibly in a newer versions). The one external package repository still needed (MongoDB is not available in the official CentOS repositories) is set up through Docker'sADD
instruction.Please note that I'm no Docker expert, and I'm not sure if any of my changes are following the best practices. Also, I haven't managed to get the container fully working yet, so I couldn't test whether these changes (e.g. version upgrade of NodeJS and Maven) might cause new compatibility issues.
Should you decide to merge this PR, I would recommend squashing the commits. I left the earlier one in for reference, because it illustrates the existing certificate issues, but I don't think it's worth preserving beyond this PR.