Tuesday 30 May 2017

Running a .NET Core Console Application on a Linux container with Docker for Windows

The network information can be determined by running:
docker inspect e8047deb24a8 > docker-image-e8047deb24a8.txt

The file system can be exported by running
docker export e8047deb24a8 > C:\Temp\1\a

The network can be seen with
docker network ls

and inspected in detail with:
docker exec -it --privileged d79699256379 cat /etc/hosts

I added extra_hosts to the docker-compose.vs.debug.yml file

version: '2'

    image: changefeedclient.core:dev
        source: ${DOCKER_BUILD_SOURCE}
      - ./ChangeFeedClient.Core:/app
      - ~/.nuget/packages:/root/.nuget/packages:ro
      - ~/clrdbg:/clrdbg:ro
    entrypoint: tail -f /dev/null
      - "com.microsoft.visualstudio.targetoperatingsystem=linux"
      - "myhost:"

and ran again
docker exec -it --privileged d79699256379 cat /etc/hosts

which showed myhost in the host file.
I then ran 

docker exec -it --privileged a557749dded2 ping myhost

which worked!

I could then access the test webserver on port 81 on the host:
docker exec -it --privileged a557749dded2 curl myhost:81

The host is running OpenSSL. You can check certificates with:
docker exec -it a557749dded2 openssl s_client -connect myhost:8081

Required steps:
1. Set up the route on the container to allow the container to see the host.
2. Set up a proxy on localhost to proxy connections to
3. Install the CA certificate onto Linux

PS C:\Users\AndrewPotts> docker exec -it --privileged a557749dded2 update-ca-certificates
Updating certificates in /etc/ssl/certs... unable to load certificate
140565325366928:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:696:Expecting: TRUSTED CERTIFICATE
unable to load certificate
140089052296848:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:696:Expecting: TRUSTED CERTIFICATE
WARNING: Skipping duplicate certificate CharlesProxy.pem
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d....done.

Import Charles Proxy certificate into the container.
In Charles Proxy, select Help > SSL Proxying > Install Charles Certificate.
The certificate is displayed.
Click the Details tab.
Copy to File.
Select Base-64 Encoded X.509 (CER).
Save it to a file.

Convert the CER into Unix format.
Using Notepad++, Edit -> EOL Conversion -> Unix/OSX Format.

Copy the certificate to the container.

docker cp C:\Users\AndrewPotts\Documents\DocumentDB\CharlesProxy.cer a557749dded2:/usr/local/share/ca-certificates/CharlesProxy.crt

Update the certificates.

docker exec -it --privileged a557749dded2 ls update-ca-certificates

The server responds with in the response body which throws the client.
Set up a rewrite rule to rewrite to

Tried to configured DocDb to run on different direct ports

Changed the connection policy to gateway

Version of the emulator supports network connections!
By setting the following command-line parameters you can connect to the emulator from within a container:

/AllowNetworkAccess /Key=C2y6yDjf5/R+ob0N8A7Cgv30VRDJIWEHLM+4QDU5DE2nQ9nDuVTqobD4b8mGGyPMbIZnqyMsEcaGQy67XIw/Jw==

Note that the containers certificate uses the machine name as the CN, so it is important you set the extra_host and the host file entry to map a relationship between the gateway IP and the certificate CN.

Also, to avoid the SSL self-signed certificate validation errors, you can set the connection policy on the client:


1 comment: