Menu
i tried to build a container that runs my Quarkus application in JVM mode, i was able to run
./mvnw package
docker build -f src/main/docker/Dockerfile.jvm -t quarkus/myapp-jvm .
but when I ran
docker run -i --rm -p 8080:8080 quarkus/myapp-jvm
it failed with error:
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I've already installed the certs
echo $GRAALVM_HOME
export JAVA_HOME=$GRAALVM_HOME
echo $JAVA_HOME
/Library/Java/JavaVirtualMachines/graalvm-ce-java17-22.0.0.2/Contents/Home
sudo keytool -importcert -file netskope-bundle.pem -alias netskope-bundle -keystore $JAVA_HOME/lib/security/cacerts
on my box i also have Java 13 installed and added the same certs there too /Library/Java/JavaVirtualMachines/zulu-13.jdk/Contents/Home
my setup:
java -version
openjdk version "17.0.2" 2022-01-18
OpenJDK Runtime Environment GraalVM CE 22.0.0.2 (build 17.0.2+8-jvmci-22.0-b05)
OpenJDK 64-Bit Server VM GraalVM CE 22.0.0.2 (build 17.0.2+8-jvmci-22.0-b05, mixed mode, sharing)
mvn -version
Apache Maven 3.8.4 (9b656c72d54e5bacbed989b64718c159fe39b537)
Maven home: /usr/local/Cellar/maven/3.8.4/libexec
Java version: 17.0.2, vendor: GraalVM Community, runtime: /Library/Java/JavaVirtualMachines/graalvm-ce-java17-22.0.0.2/Contents/Home
Default locale: en_US, platform encoding: UTF-8
OS name: "mac os x", version: "10.15.7", arch: "x86_64", family: "mac"
why do i still get this error?
576
I believe you are receiving this error because the certificates aren't in the cacerts of the JVM running inside your container.
I guess you only imported the certificates to the host machine.
In this project I added to the Dockerfile one instruction to copy the cert file and then another to import it to the JVM cacerts:
COPY certificates /tmp/ssl
RUN keytool -importcert -noprompt -keystore /etc/alternatives/jre/lib/security/cacerts -storepass changeit -file /tmp/ssl/b3-api.crt -alias "b3-api-root"
FROM registry.access.redhat.com/ubi8/ubi-minimal:8.3
ARG JAVA_PACKAGE=java-11-openjdk-headless
ARG RUN_JAVA_VERSION=1.3.8
ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en'
# Install java and the run-java script
# Also set up permissions for user `1001`
RUN microdnf install curl ca-certificates ${JAVA_PACKAGE} \
&& microdnf update \
&& microdnf clean all \
&& mkdir /deployments \
&& chown 1001 /deployments \
&& chmod "g+rwX" /deployments \
&& chown 1001:root /deployments \
&& curl https://repo1.maven.org/maven2/io/fabric8/run-java-sh/${RUN_JAVA_VERSION}/run-java-sh-${RUN_JAVA_VERSION}-sh.sh -o /deployments/run-java.sh \
&& chown 1001 /deployments/run-java.sh \
&& chmod 540 /deployments/run-java.sh \
&& echo "securerandom.source=file:/dev/urandom" >> /etc/alternatives/jre/lib/security/java.security
# Configure the JAVA_OPTIONS, you can add -XshowSettings:vm to also display the heap size.
ENV JAVA_OPTIONS="-Dquarkus.http.host=0.0.0.0 -Djava.util.logging.manager=org.jboss.logmanager.LogManager"
# We make four distinct layers so if there are application changes the library layers can be re-used
COPY --chown=1001 target/quarkus-app/lib/ /deployments/lib/
COPY --chown=1001 target/quarkus-app/*.jar /deployments/
COPY --chown=1001 target/quarkus-app/app/ /deployments/app/
COPY --chown=1001 target/quarkus-app/quarkus/ /deployments/quarkus/
COPY certificates /tmp/ssl
RUN keytool -importcert -noprompt -keystore /etc/alternatives/jre/lib/security/cacerts -storepass changeit -file /tmp/ssl/b3-api.crt -alias "b3-api-root"
EXPOSE 8080
USER 1001
ENTRYPOINT [ "/deployments/run-java.sh" ]
If you imported the certificates correctly to the cacerts of the JVM of your host machine, running the application like this should work:
./mvnw quarkus:dev
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
