The Spring Framework has a very useful feature which is the generation of a docker image through the spring-boot-maven-plugin. Simply runningmvn spring-boot:build-image will create a docker compatible OCI image.
But if you are behind a corporate proxy, this error is likely to happen:
[INFO] [creator] BellSoft Liberica JRE 17.0.6: Contributing to layer[INFO] [creator] Downloading from https://github.com/bell-sw/Liberica/releases/download/17.0.6+10/bellsoft-jre17.0.6+10-linux-amd64.tar.gz[INFO] [creator] unable to invoke layer creator[INFO] [creator] unable to get dependency jre[INFO] [creator] unable to download https://github.com/bell-sw/Liberica/releases/download/17.0.6+10/bellsoft-jre17.0.6+10-linux-amd64.tar.gz[INFO] [creator] unable to request https://github.com/bell-sw/Liberica/releases/download/17.0.6+10/bellsoft-jre17.0.6+10-linux-amd64.tar.gz[INFO] [creator] Get https://github.com/bell-sw/Liberica/releases/download/17.0.6+10/bellsoft-jre17.0.6+10-linux-amd64.tar.gz: x509: certificate signed by unknown authority[INFO] [creator] ERROR: failed to build: exit status 1This happens because the corporation's certificate used in the proxy server is not known by the build process. When the buildpack tries download needed artifacts used inside the build process, it stops because the certificate is not trusted.
spring-boot-maven-plugin usesCloud Native Buildpacks under the hood, and it allows somecustomization of the build process.
We need to put our corporate root CA certificates into the buildpack. For this we will create the filesmycert.cer andtype in the structure below:
.├── pom.xml└── src └── main └── bindings └── ca-certificates ├── mycert.cer └── typesrc/main/bindings/ca-certificates/mycert.cer:
-----BEGIN CERTIFICATE-----Base64–encoded certificate-----END CERTIFICATE----------BEGIN CERTIFICATE-----Base64–encoded certificate-----END CERTIFICATE-----src/main/bindings/ca-certificates/type:
ca-certificatesThe following Maven configuration will add the certificate to the buildpack.
pom.xml:
<plugin><groupId>org.springframework.boot</groupId><artifactId>spring-boot-maven-plugin</artifactId><configuration><image><env><SERVICE_BINDING_ROOT>/bindings</SERVICE_BINDING_ROOT></env><bindings><binding>${project.basedir}/src/main/bindings/ca-certificates:/bindings/ca-certificates</binding></bindings></image></configuration></plugin>Now,mvn spring-boot:build-image should work!
Top comments(4)
Hello Eduardo!
Thank you for your article. It's help me to setup my build process.
Thanks! This is a simple solution, but the information has all been scattered around and assumes prior knowledge of buildpacks...
I added the section in pom.xml and used open ssl to create a pem cert . But I am not getting past the error. What could be wrong for me ? (disabling corp vpn resolves but i need to make it work with corp vpn)
I am using spring boot 3.1.1
[INFO] [creator] Get "github.com/bell-sw/Liberica/releas... tls: failed to verify certificate: x509: certificate signed by unknown authority
<build> <plugins> <plugin> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-maven-plugin</artifactId> <configuration> <image> <env> <SERVICE_BINDING_ROOT>/bindings</SERVICE_BINDING_ROOT> </env> <bindings> <binding>${basedir}/bindings/ca-certificates:/platform/bindings/ca-certificates</binding> </bindings> </image> </configuration> </plugin> </plugins> </build>Probably you are using the wrong certificate.
Themycert.cer file should containg the public certficate used by your company to sign the incoming traffic from the internet.
The certificate is expected to be in x509 format.
For further actions, you may consider blocking this person and/orreporting abuse
