docker inspect e8047deb24a8 > docker-image-e8047deb24a8.txt
The file system can be exported by running
docker export e8047deb24a8 > C:\Temp\1\a
The network can be seen with
docker network ls
and inspected in detail with:
docker exec -it --privileged d79699256379 cat /etc/hosts
I added extra_hosts to the docker-compose.vs.debug.yml file
version: '2'
services:
changefeedclient.core:
image: changefeedclient.core:dev
build:
args:
source: ${DOCKER_BUILD_SOURCE}
volumes:
- ./ChangeFeedClient.Core:/app
- ~/.nuget/packages:/root/.nuget/packages:ro
- ~/clrdbg:/clrdbg:ro
entrypoint: tail -f /dev/null
labels:
- "com.microsoft.visualstudio.targetoperatingsystem=linux"
extra_hosts:
- "myhost:10.0.75.1"
and ran again
docker exec -it --privileged d79699256379 cat /etc/hosts
which showed myhost in the host file.
I then ran
docker exec -it --privileged a557749dded2 ping myhost
which worked!
I could then access the test webserver on port 81 on the host:
docker exec -it --privileged a557749dded2 curl myhost:81
The host is running OpenSSL. You can check certificates with:
docker exec -it a557749dded2 openssl s_client -connect myhost:8081
Required steps:
1. Set up the route on the container to allow the container to see the host.
2. Set up a proxy on localhost to proxy connections to 127.0.0.1
3. Install the CA certificate onto Linux
PS C:\Users\AndrewPotts> docker exec -it --privileged a557749dded2 update-ca-certificates
Updating certificates in /etc/ssl/certs... unable to load certificate
140565325366928:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:696:Expecting: TRUSTED CERTIFICATE
unable to load certificate
140089052296848:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:696:Expecting: TRUSTED CERTIFICATE
WARNING: Skipping duplicate certificate CharlesProxy.pem
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d....done.
Import Charles Proxy certificate into the container.
In Charles Proxy, select Help > SSL Proxying > Install Charles Certificate.
The certificate is displayed.
Click the Details tab.
Copy to File.
Select Base-64 Encoded X.509 (CER).
Save it to a file.
Convert the CER into Unix format.
Using Notepad++, Edit -> EOL Conversion -> Unix/OSX Format.
Save.
Copy the certificate to the container.
docker cp C:\Users\AndrewPotts\Documents\DocumentDB\CharlesProxy.cer a557749dded2:/usr/local/share/ca-certificates/CharlesProxy.crt
Update the certificates.
docker exec -it --privileged a557749dded2 ls update-ca-certificates
The server responds with 127.0.0.1:8081 in the response body which throws the client.
Set up a rewrite rule to rewrite 127.0.0.1:8081 to 10.0.75.1:8080.
https://www.charlesproxy.com/documentation/tools/rewrite/
Tried to configured DocDb to run on different direct ports
Changed the connection policy to gateway
Update!
Version 1.14.32.2 of the emulator supports network connections!
By setting the following command-line parameters you can connect to the emulator from within a container:
/AllowNetworkAccess /Key=C2y6yDjf5/R+ob0N8A7Cgv30VRDJIWEHLM+4QDU5DE2nQ9nDuVTqobD4b8mGGyPMbIZnqyMsEcaGQy67XIw/Jw==
Note that the containers certificate uses the machine name as the CN, so it is important you set the extra_host and the host file entry to map a relationship between the gateway IP and the certificate CN.
Also, to avoid the SSL self-signed certificate validation errors, you can set the connection policy on the client:
connectionPolicy.DisableSSLVerification
I could then access the test webserver on port 81 on the host:
docker exec -it --privileged a557749dded2 curl myhost:81
The host is running OpenSSL. You can check certificates with:
docker exec -it a557749dded2 openssl s_client -connect myhost:8081
Required steps:
1. Set up the route on the container to allow the container to see the host.
2. Set up a proxy on localhost to proxy connections to 127.0.0.1
3. Install the CA certificate onto Linux
PS C:\Users\AndrewPotts> docker exec -it --privileged a557749dded2 update-ca-certificates
Updating certificates in /etc/ssl/certs... unable to load certificate
140565325366928:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:696:Expecting: TRUSTED CERTIFICATE
unable to load certificate
140089052296848:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:696:Expecting: TRUSTED CERTIFICATE
WARNING: Skipping duplicate certificate CharlesProxy.pem
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d....done.
Import Charles Proxy certificate into the container.
In Charles Proxy, select Help > SSL Proxying > Install Charles Certificate.
The certificate is displayed.
Click the Details tab.
Copy to File.
Select Base-64 Encoded X.509 (CER).
Save it to a file.
Convert the CER into Unix format.
Using Notepad++, Edit -> EOL Conversion -> Unix/OSX Format.
Save.
Copy the certificate to the container.
docker cp C:\Users\AndrewPotts\Documents\DocumentDB\CharlesProxy.cer a557749dded2:/usr/local/share/ca-certificates/CharlesProxy.crt
Update the certificates.
docker exec -it --privileged a557749dded2 ls update-ca-certificates
The server responds with 127.0.0.1:8081 in the response body which throws the client.
Set up a rewrite rule to rewrite 127.0.0.1:8081 to 10.0.75.1:8080.
https://www.charlesproxy.com/documentation/tools/rewrite/
Tried to configured DocDb to run on different direct ports
Changed the connection policy to gateway
Update!
Version 1.14.32.2 of the emulator supports network connections!
By setting the following command-line parameters you can connect to the emulator from within a container:
/AllowNetworkAccess /Key=C2y6yDjf5/R+ob0N8A7Cgv30VRDJIWEHLM+4QDU5DE2nQ9nDuVTqobD4b8mGGyPMbIZnqyMsEcaGQy67XIw/Jw==
Note that the containers certificate uses the machine name as the CN, so it is important you set the extra_host and the host file entry to map a relationship between the gateway IP and the certificate CN.
Also, to avoid the SSL self-signed certificate validation errors, you can set the connection policy on the client:
connectionPolicy.DisableSSLVerification
great
ReplyDelete