You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
My local network is behind a Cloudflare Zero Trust proxy. Typically, I would need to install the Cloudflare CA certificate on any container running on my local M1 Macbook Pro that needs external internet access.
However, I am unsure how to do this for devcontainers that install "features" such as the devcontainer in this template repository. I have attempted to define my own Dockerfile that installs the necessary cert but the feature installation still fails. When I attempt to start the devcontainer, I receive the following error.
[2024-01-07T23:37:20.400Z] Resolving Feature dependencies for 'ghcr.io/devcontainers/features/docker-in-docker:2'...
[2024-01-07T23:37:20.400Z] * Processing feature: ghcr.io/devcontainers/features/docker-in-docker:2
[2024-01-07T23:37:20.474Z] Error: unable to get local issuer certificate
[2024-01-07T23:37:20.474Z] at TLSSocket.onConnectSecure (node:_tls_wrap:1543:34)
[2024-01-07T23:37:20.475Z] at TLSSocket.emit (node:events:513:28)
[2024-01-07T23:37:20.475Z] at TLSSocket._finishInit (node:_tls_wrap:962:8)
[2024-01-07T23:37:20.475Z] at ssl.onhandshakedone (node:_tls_wrap:746:12)
Would you happen to have a recommendation for resolving this issue? I can't seem to get past this on my own.
The text was updated successfully, but these errors were encountered:
Update: While this is technically still an issue, I was able to implement a workaround.
Workaround: In Cloudflare Zero Trust, I had to define a Gateway -> Firewall policies -> HTTP policy to "Do Not Inspect" each of the URLs that were being impacted by this issue. This includes Docker container registries, NPM registries, VSCode extension registries, etc.
While a bit tedious to determine and implement, this workaround does bypass the reported issue. However, it would still be nice to find a way to not have to manually identify each URL that needs to effectively be allow-listed.
My local network is behind a Cloudflare Zero Trust proxy. Typically, I would need to install the Cloudflare CA certificate on any container running on my local M1 Macbook Pro that needs external internet access.
However, I am unsure how to do this for devcontainers that install "features" such as the devcontainer in this template repository. I have attempted to define my own Dockerfile that installs the necessary cert but the feature installation still fails. When I attempt to start the devcontainer, I receive the following error.
Would you happen to have a recommendation for resolving this issue? I can't seem to get past this on my own.
The text was updated successfully, but these errors were encountered: