search

hashicorp / docker-hub-images

Automatic builds of container images for Docker Hub
Mozilla Public License 2.0
127 stars 111 forks source link

terraform image behind company proxy #89

Closed karlismelderis closed 4 years ago

karlismelderis commented 4 years ago

Hello everyone,

sorry for posting this question but I'm running in circles for a while. we have company proxy and hence I need to run init command like this:

docker run \
    --env TF_LOG="TRACE" \
    --env HTTPS_PROXY="http://fqdn-of-company-proxy---:8081" \
    --env HTTP_PROXY="http://fqdn-of-company-proxy---:8080" \
    --volume '/terraform:/data' \
    --workdir '/data' \
    hashicorp/terraform:0.12.18 \
    init

but and getting back this error:

2020/01/06 18:35:09 [ERR] Checkpoint error: Get https://checkpoint-api.hashicorp.com/v1/check/terraform?arch=amd64&os=linux&signature=2efe935d-c53c-7034-5425-e26d96ca5cd0&version=0.12.18: x509: certificate signed by unknown authority
2020/01/06 18:35:09 [DEBUG] Failed to request discovery document: Get https://registry.terraform.io/.well-known/terraform.json: x509: certificate signed by unknown authority

seems that proxy is behaving like man-in-the-middle and is signing packages.

I was considering to add our CA to trusted list. Do you have an idea how to specify additional trusted CA for terraform image?

karlismelderis commented 4 years ago

after some digging I ended up with creating our own image:

FROM hashicorp/terraform:0.12.18

#add CA
COPY certs/*.crt /usr/local/share/ca-certificates/
RUN update-ca-certificates

ENTRYPOINT ["terraform"]