Tuesday, 30 May 2017

Running a .NET Core Console Application on a Linux container with Docker for Windows

The network information can be determined by running:
docker inspect e8047deb24a8 > docker-image-e8047deb24a8.txt

The file system can be exported by running
docker export e8047deb24a8 > C:\Temp\1\a

The network can be seen with
docker network ls

and inspected in detail with:
docker exec -it --privileged d79699256379 cat /etc/hosts

I added extra_hosts to the docker-compose.vs.debug.yml file

version: '2'

services:
  changefeedclient.core:
    image: changefeedclient.core:dev
    build:
      args:
        source: ${DOCKER_BUILD_SOURCE}
    volumes:
      - ./ChangeFeedClient.Core:/app
      - ~/.nuget/packages:/root/.nuget/packages:ro
      - ~/clrdbg:/clrdbg:ro
    entrypoint: tail -f /dev/null
    labels:
      - "com.microsoft.visualstudio.targetoperatingsystem=linux"
    extra_hosts:
      - "myhost:10.0.75.1"

and ran again
docker exec -it --privileged d79699256379 cat /etc/hosts

which showed myhost in the host file.
I then ran 

docker exec -it --privileged a557749dded2 ping myhost

which worked!

I could then access the test webserver on port 81 on the host:
docker exec -it --privileged a557749dded2 curl myhost:81

The host is running OpenSSL. You can check certificates with:
docker exec -it a557749dded2 openssl s_client -connect myhost:8081


Required steps:
1. Set up the route on the container to allow the container to see the host.
2. Set up a proxy on localhost to proxy connections to 127.0.0.1
3. Install the CA certificate onto Linux

PS C:\Users\AndrewPotts> docker exec -it --privileged a557749dded2 update-ca-certificates
Updating certificates in /etc/ssl/certs... unable to load certificate
140565325366928:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:696:Expecting: TRUSTED CERTIFICATE
unable to load certificate
140089052296848:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:696:Expecting: TRUSTED CERTIFICATE
WARNING: Skipping duplicate certificate CharlesProxy.pem
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d....done.


Import Charles Proxy certificate into the container.
In Charles Proxy, select Help > SSL Proxying > Install Charles Certificate.
The certificate is displayed.
Click the Details tab.
Copy to File.
Select Base-64 Encoded X.509 (CER).
Save it to a file.

Convert the CER into Unix format.
Using Notepad++, Edit -> EOL Conversion -> Unix/OSX Format.
Save.

Copy the certificate to the container.

docker cp C:\Users\AndrewPotts\Documents\DocumentDB\CharlesProxy.cer a557749dded2:/usr/local/share/ca-certificates/CharlesProxy.crt

Update the certificates.

docker exec -it --privileged a557749dded2 ls update-ca-certificates


The server responds with 127.0.0.1:8081 in the response body which throws the client.
Set up a rewrite rule to rewrite 127.0.0.1:8081 to 10.0.75.1:8080.
https://www.charlesproxy.com/documentation/tools/rewrite/

Tried to configured DocDb to run on different direct ports

Changed the connection policy to gateway




Update!
Version 1.14.32.2 of the emulator supports network connections!
By setting the following command-line parameters you can connect to the emulator from within a container:

/AllowNetworkAccess /Key=C2y6yDjf5/R+ob0N8A7Cgv30VRDJIWEHLM+4QDU5DE2nQ9nDuVTqobD4b8mGGyPMbIZnqyMsEcaGQy67XIw/Jw==

Note that the containers certificate uses the machine name as the CN, so it is important you set the extra_host and the host file entry to map a relationship between the gateway IP and the certificate CN.

Also, to avoid the SSL self-signed certificate validation errors, you can set the connection policy on the client:

connectionPolicy.DisableSSLVerification

No comments:

Post a Comment