Applies to
- Liquibase Pro
- Liquibase Open Source (Community)
Question
Can the Liquibase Docker image use HTTPS URLs instead of HTTP to access Ubuntu archives?
Answer
Yes, the Liquibase Docker image can be configured to use HTTPS URLs to access Ubuntu archives. However, the default Ubuntu archive repositories used in the Liquibase Docker image (e.g., archive.ubuntu.com and security.ubuntu.com) only support HTTP connections, which may cause issues if HTTPS is required or desired.
Issue:
In newer Liquibase Docker images (e.g., v4.18), Ubuntu is used as the base image. If the URLs in /etc/apt/sources.list are modified to use HTTPS, the build process may fail due to the archives not supporting HTTPS.
Solution:
To use HTTPS URLs, you need to switch to Ubuntu mirrors that support HTTPS. Official Ubuntu archive mirrors that allow HTTPS connections can be found on Ubuntu’s Official Archive Mirrors.
Here’s how to modify the Liquibase Dockerfile to use an HTTPS-compliant mirror:
Step 1. Replace HTTP URLs in /etc/apt/sources.list:
Update the sources.list file to point to an HTTPS-compliant mirror. The following commands replace the default URLs with https://mirror.enzu.com/ubuntu, which supports HTTPS:
RUN sed -i.bak 's|http://archive.ubuntu.com/ubuntu|https://mirror.enzu.com/ubuntu|g' /etc/apt/sources.list
RUN sed -i.bak 's|http://security.ubuntu.com/ubuntu|https://mirror.enzu.com/ubuntu|g' /etc/apt/sources.list
RUN sed -i.bak 's/http:/https:/g' /etc/apt/sources.list
These lines replace all HTTP URLs in /etc/apt/sources.list with HTTPS URLs from the specified mirror.
Step 2. Build the Docker Image:
After updating the Dockerfile, build the image using the standard Docker build command:
docker build -t liquibase-https .
Step 3. Alternative Approach:
If switching to an HTTPS mirror is not feasible, consider manually downloading and installing the required packages. You can set up a local directory with the necessary package files and modify the Dockerfile to pull these files during the build process.
Example:
- Download package files to a local directory.
- Modify the Dockerfile to use COPY and dpkg to install the packages.
Example Dockerfile:
Here’s a complete example of a Dockerfile with HTTPS-compatible Ubuntu mirrors:
FROM liquibase/liquibase:v4.18
# Update sources.list to use HTTPS-compliant mirrors
RUN sed -i.bak 's|http://archive.ubuntu.com/ubuntu|https://mirror.enzu.com/ubuntu|g' /etc/apt/sources.list
RUN sed -i.bak 's|http://security.ubuntu.com/ubuntu|https://mirror.enzu.com/ubuntu|g' /etc/apt/sources.list
RUN sed -i.bak 's/http:/https:/g' /etc/apt/sources.list
# Install any additional packages or dependencies
RUN apt-get update && apt-get install -y some-package
# Default command
CMD ["liquibase"]
Notes:
- Always verify the availability and reliability of the chosen mirror.
- Using HTTPS improves security by encrypting data transmission between the server and your environment.
- If required, you can also use custom trusted certificates for HTTPS connections in the Docker build process.
By following this approach, you can successfully configure Liquibase Docker images to use HTTPS URLs, ensuring compatibility with your organization’s security policies.
Related Article(s)
N/A
Comments
0 comments
Article is closed for comments.