As noted in https://github.com/wikimedia/service-template-node/pull/120, when the node.js service template is running in a Docker container created from the production variant of the following Blubberfile, external HTTPS requests fail with an SSL error.
version: v3 base: docker-registry.wikimedia.org/nodejs-slim lives: in: /srv/service runs: environment: { APP_BASE_PATH: /srv/service } variants: build: base: docker-registry.wikimedia.org/nodejs-devel apt: { packages: [git, build-essential, python-pkgconfig] } node: { requirements: [package.json] } runs: { environment: { LINK: g++ } } development: includes: [build] entrypoint: [node, server.js] test: includes: [build] entrypoint: [npm, test] prep: includes: [build] node: { env: production } production: copies: prep node: { env: production } entrypoint: [node, server.js]
Here is the full trace:
Error: unable to get local issuer certificate at Error (native) at TLSSocket.<anonymous> (_tls_wrap.js:1092:38) at emitNone (events.js:86:13) at TLSSocket.emit (events.js:185:7) at TLSSocket._finishInit (_tls_wrap.js:610:8) at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:440:38)
Interestingly, if the curl or wget package is installed, the error does not occur.