Generate Dev Certificate inside a docker image - asp.net

I have a .NET application and I wish, in production, generate a dev certificate (self-signed).
Locally, to do this I use the following commands:
dotnet dev-certs https --clean
dotnet dev-certs https
dotnet dev-certs https --trust
So I tried 2 methods, but none seems to work.
I have search for the .pfx file into my "/root/.aspnet/https" (/data/socloze/web/keys/https in real, because of the volume mapping), but this folder does not exists.
Method 1 : Create the certificate at image build
In the DockerFile file, I have the following
### >>> GLOBALS
ARG ENVIRONMENT="Production"
ARG PROJECT="Mycorp.MyApp.Web"
### <<<
#--------------------------------------------------
# Build / Publish
#--------------------------------------------------
# debian buster - AMD64
FROM mcr.microsoft.com/dotnet/sdk:5.0 AS build
### >>> IMPORTS
ARG ENVIRONMENT
ARG PROJECT
### <<<
ARG NUGET_CACHE=https://api.nuget.org/v3/index.json
ARG NUGET_FEED=https://api.nuget.org/v3/index.json
# Copy sources
COPY src/ /app/src
ADD common.props /app
WORKDIR /app
# Installs NodeJS to build typescripts
#RUN apt-get update -yq && apt-get upgrade -yq && apt-get install -yq curl git nano
#RUN curl -sL https://deb.nodesource.com/setup_8.x | bash - && apt-get install -yq nodejs build-essential
#RUN npm install -g npm
#RUN npm install
RUN apt-get update
RUN apt-get install curl
RUN curl -sL https://deb.nodesource.com/setup_14.x | bash -
RUN apt-get install -y nodejs
RUN npm install /app/src/MyCorp.Core.Blazor/
#RUN npm install -g parcel-bundler
# Installs the required dependencies on top of the base image
# Publish a self-contained image
RUN apt-get update && apt-get install -y libgdiplus libc6-dev && dotnet dev-certs https --clean && dotnet dev-certs https && dotnet dev-certs https --trust &&\
dotnet publish --self-contained --runtime linux-x64 -c Debug -o out src/${PROJECT};
#--------------------------------------------------
# Execute
#--------------------------------------------------
# Start a new image from aspnet runtime image
FROM mcr.microsoft.com/dotnet/sdk:5.0 AS runtime
### >>> IMPORTS
ARG ENVIRONMENT
ARG PROJECT
### <<<
#ENV DOTNET_GENERATE_ASPNET_CERTIFICATE=true
ENV ASPNETCORE_ENVIRONMENT=${ENVIRONMENT}
ENV ASPNETCORE_URLS="http://+:80;https://+:443;https://+:44390"
#ENV ASPNETCORE_URLS="http://+:80"
ENV PROJECT="${PROJECT}.dll"
# Make logs a volume for persistence
VOLUME /app/Logs
# App directory
WORKDIR /app
# Copy our build from the previous stage in /app
COPY --from=build /app/out ./
RUN apt-get update && apt-get install -y ffmpeg libgdiplus libc6-dev
# Ports
EXPOSE 80
EXPOSE 443
EXPOSE 44390
# Execute
ENTRYPOINT dotnet ${PROJECT}
Method 2 : Create the certificate by using docker-compose
The other way, is to generate the certificate once the container start, in my myappstack.yaml I have the following:
version: '3.3'
services:
web:
image: registry.gitlab.com/mycorp/myapp/socloze.web:1.1.1040
command:
- sh -c "dotnet dev-certs https --clean"
- sh -c "dotnet dev-certs https"
- sh -c "dotnet dev-certs https --trust"
- sh -c "echo MYPASS | sudo -S -k update-ca-certificates"
volumes:
- keys-vol:/root/.aspnet
- logs-vol:/app/Logs
- sitemap-vol:/data/sitemap/
networks:
- haproxy-net
- socloze-net
configs:
-
source: socloze-web-conf
target: /app/appsettings.json
logging:
driver: json-file
deploy:
placement:
constraints:
- node.role == manager
networks:
haproxy-net:
external: true
socloze-net:
external: true
volumes:
keys-vol:
driver: local
driver_opts:
device: /data/socloze/web/keys
o: bind
type: none
logs-vol:
driver: local
driver_opts:
device: /data/socloze/web/logs
o: bind
type: none
sitemap-vol:
driver: local
driver_opts:
device: /data/sitemap
o: bind
type: none
configs:
socloze-web-conf:
external: true
But none seems to work. I know that the first method has already worked, but I can't make it work again.

Related

Impossible to start Symfony 5 server on Docker container (symfony serve -d)

I trying to create Docker container to contenerized my Symfony 5 application.
I create first a Dockerfile
FROM php:7.4-fpm-alpine
# Update
RUN apk --no-cache update
RUN apk --no-cache add bash git
# Install Node
RUN apk --no-cache add --update nodejs npm
RUN apk --no-cache add --update python3
RUN apk --no-cache add --update make
RUN apk --no-cache add --update g++
# Install pdo
RUN docker-php-ext-install pdo_mysql
# Install Composer
RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
# Symfony CLI
RUN curl -sS https://get.symfony.com/cli/installer | bash && mv /root/.symfony/bin/symfony /usr/local/bin/symfony
# WORK DIR
COPY . /var/www/html
WORKDIR /var/www/html
RUN composer update
RUN composer install
RUN npm install
# Start Symfony server on Port 8000
EXPOSE 8000
RUN symfony serve -d
Then I created a docker-compose.yml file (where I simply redirect port 8000 of the container to port 8080 on my machine).
version: '3.8'
services:
php-fpm:
container_name: infolea
build: ./
ports:
- 8080:8000
volumes:
- ./:/var/www/html
Then, I build my image docker-compose build.
Then, I run my image docker-compose up -d.
On my browser, the localhost:8080 link doesn't display anything.
Then I restart the symfony server by typing symfony serve -d on the terminal of my container and on localhost:8080 I can see my application working.
Something is weard, is that when I verified if my server is not started yet on my docker container terminal, I got this :
docker container terminal
What i want, it's to start my Symfony server dirrectly, without retapping symfony serve -d.
How can i do it ?
Try using CMD istead of RUN
CMD ["/usr/local/bin/symfony", "local:server:start" , "--port=8000", "--no-tls"]
see https://docs.docker.com/engine/reference/builder/#cmd

Unable to configure ASP.NET HTTPS endpoint in Linux docker on Windows

I'm having issues trying to debug a docker container pointed at the "Production" ASPNETCORE_ENVIRONMENT in Visual Studio. The "Development" environment works fine. I'm trying to debug against a production container because we are having issues with the different appsettings file per environment.
This is my error:
Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date.
To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'.
For more information on configuring HTTPS see https://go.microsoft.com/fwlink/?linkid=848054.
I've looked through a few articles but nothing seems to work when debugging against production. When I remove https from the launchSettings.json the site doesn't run at all.
https://github.com/dotnet/dotnet-docker/blob/master/samples/host-aspnetcore-https.md
Unable to configure ASP.NET HTTPS endpoint in Windows docker container
https://learn.microsoft.com/en-us/aspnet/core/security/enforcing-ssl?view=aspnetcore-3.1&tabs=visual-studio#trust-the-aspnet-core-https-development-certificate-on-windows-and-macos
Environment:
Windows 10
Linux Containers
ASP.NET Core 3.1
launchSettings:
"Docker": {
"commandName": "Docker",
"launchBrowser": true,
"launchUrl": "{Scheme}://{ServiceHost}:{ServicePort}",
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Production",
"ASPNETCORE_URLS": "https://+:443;http://+:80",
},
"httpPort": 51934,
"useSSL": true,
"sslPort": 44349
}
DockerFile
#Depending on the operating system of the host machines(s) that will build or run the containers, the image specified in the FROM statement may need to be changed.
#For more information, please see https://aka.ms/containercompat
FROM mcr.microsoft.com/dotnet/core/aspnet:3.1.2-bionic AS base
WORKDIR /app
EXPOSE 80
RUN apt update && DEBIAN_FRONTEND=noninteractive apt install -y tzdata
RUN apt install -y --allow-unauthenticated \
libc6-dev \
libgdiplus \
libx11-dev \
&& rm -rf /var/lib/apt/lists/*
FROM mcr.microsoft.com/dotnet/core/sdk:3.1-bionic AS build
WORKDIR /src
COPY src .
RUN dotnet restore "ExampleApp.Web/ExampleApp.Web.csproj"
COPY . .
WORKDIR "/src/ExampleApp.Web"
RUN dotnet dev-certs https --trust
RUN dotnet build "ExampleApp.Web.csproj" -c Release -o /app/build
FROM build AS publish
RUN dotnet publish "ExampleApp.Web.csproj" -c Release -o /app/publish
FROM base AS final
WORKDIR /app
COPY --from=publish /app/publish .
ENV ASPNETCORE_ENVIRONMENT Production
ENTRYPOINT ["dotnet", "ExampleApp.Web.dll", "--environment=Production"]
Some options
Option 1:
inside the app, configure like so, it should work
WebHost.CreateDefaultBuilder(args)
.UseStartup<Startup>()
.UseUrls(YourWebAppUrls)
.UseKestrel()
.ConfigureKestrel(options =>
{
options.ListenAnyIP(51934); // whatever your port
})
.UseIIS()
Option 2:
In your build tasks you can add this to the command line see here
Close your browsers so that they do not cache the certificate because that will cause other issues.
On the commandline run this
dotnet dev-certs https --clean
then run
dotnet dev-certs https -t
Option 3:
Self signed Cert
Option 4:
Run these commands from here
dotnet dev-certs https -ep ${HOME}/.aspnet/https/aspnetapp.pfx -p { password here }
dotnet dev-certs https --trust
Windows using Windows containers
Generate certificate and configure local machine:
dotnet dev-certs https -ep %USERPROFILE%\.aspnet\https\aspnetapp.pfx -p { password here }
dotnet dev-certs https --trust
Run the Container Image with Core configured for HTTPS:
docker pull mcr.microsoft.com/dotnet/core/samples:aspnetapp
docker run --rm -it -p 8000:80 -p 8001:443 -e ASPNETCORE_URLS="https://+;http://+" -e ASPNETCORE_HTTPS_PORT=8001 -e ASPNETCORE_Kestrel__Certificates__Default__Password="password" -e ASPNETCORE_Kestrel__Certificates__Default__Path=\https\aspnetapp.pfx -v %USERPROFILE%\.aspnet\https:C:\https\ mcr.microsoft.com/dotnet/core/samples:aspnetapp

Migrating from standard to flexible environment in google app engine

I'm migrating my standard environment app to flexible environment in GAE and facing issues.
app.yaml snippet
runtime: custom
env: flex
api_version: 1
threadsafe: true
handlers:
- url: /.*
script: main.app
Dockerfile
FROM gcr.io/google_appengine/python-compat-multicore
RUN apt-get update -y
RUN apt-get install -y python-pip build-essential libssl-dev libffi-dev python-dev libxml2-dev libxslt1-dev xmlsec1
RUN apt-get install -y curl unzip
RUN curl https://dl.google.com/dl/cloudsdk/release/google-cloud-sdk.tar.gz > /tmp/google-cloud-sdk.tar.gz
RUN mkdir -p /usr/local/gcloud
RUN tar -C /usr/local/gcloud -xvf /tmp/google-cloud-sdk.tar.gz
RUN /usr/local/gcloud/google-cloud-sdk/install.sh
RUN curl https://storage.googleapis.com/appengine-sdks/featured/google_appengine_1.9.40.zip > /tmp/google_appengine_1.9.40.zip
RUN unzip /tmp/google_appengine_1.9.40.zip -d /usr/local/gae
ENV PATH $PATH:/usr/local/gcloud/google-cloud-sdk/bin
ENV PATH $PATH:/usr/local/gae/google_appengine/
COPY . /app
WORKDIR /app
ENV MODULE_YAML_PATH app.yaml
RUN pip install -r requirements.txt
issue while running gcloud app deploy(stack trace)
File "/env/local/lib/python2.7/site-packages/google/appengine/ext/vmruntime/vmconfig.py", line 63, in BuildVmAppengineEnvConfig
escaped_appid = appid.replace(':', '_').replace('.', '_')
AttributeError: 'NoneType' object has no attribute 'replace'
Is there anything which I'm missing in dockerfile? What are the other configuration changes which should be done such that there is not much application level code changes. Is it advidsable to use webapp2 in flexible environment
We're working on a better error message, but this is happening because you're trying to use the python-compat-multicore runtime. That runtime is not supported on env:flex, and has been deprecated. We're asking folks to follow this guide to upgrade to runtime:python:
https://cloud.google.com/appengine/docs/flexible/python/migrating

Installing rpy2 with Docker is unable to find R path

A Django application using Docker needs to install rpy2 as a dependency. Although I install r-base container and specify it as a dependency, when installing django requirements I keep getting:
Collecting rpy2==2.8.3 (from -r /requirements/base.txt (line 55))
Downloading rpy2-2.8.3.tar.gz (186kB)
Complete output from command python setup.py egg_info:
Error: Tried to guess R's HOME but no command 'R' in the PATH.
How can specify inside Docker where the R path is?
My server.yml looks like this:
version: '2'
services:
r:
build: ./services/r
django:
build:
context: ./myproject/
dockerfile: ./compose/django/Dockerfile
env_file:
- .env
- .env-server
environment:
- DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}#postgres:5432/${POSTGRES_USER}
depends_on:
- postgres
- r
command: /gunicorn.sh
volumes:
- ./myproject:/app
The Dockerfile for django is:
FROM python:2.7
ENV PYTHONUNBUFFERED 1
COPY ./requirements /requirements
RUN pip install -r /requirements/production.txt \
&& pip install -r /requirements/test.txt \
&& groupadd -r django \
&& useradd -r -g django django
COPY . /app
RUN chown -R django /app
COPY ./compose/django/gunicorn.sh /gunicorn.sh
COPY ./compose/django/entrypoint.sh /entrypoint.sh
RUN sed -i 's/\r//' /entrypoint.sh \
&& sed -i 's/\r//' /gunicorn.sh \
&& chmod +x /entrypoint.sh \
&& chown django /entrypoint.sh \
&& chmod +x /gunicorn.sh \
&& chown django /gunicorn.sh
WORKDIR /app
ENTRYPOINT ["/entrypoint.sh"]
The Dockerfile for R is:
FROM r-base
It was easier to just install r inside the django container. So removing the r container and modifiying the django docker file adding this lines, worked:
RUN apt-get --force-yes update \
&& apt-get --assume-yes install r-base-core

(Docker) How to install dependencies, using separate Composer container, in WordPress container?

Dockerfile
FROM wordpress
ENV REFRESHED_AT 2015-08-12
ADD \
composer.json /var/www/html
ADD \
composer.lock /var/www/html
# install the PHP extensions
RUN \
apt-get -qq update && \
apt-get -y upgrade && \
apt-get install -y vim wget && \
rm -rf /var/lib/apt/lists/*
# Symlink User's "wp-content" folder into the newly installed Wordpress
RUN \
rm -rf /usr/src/wordpress/wp-content/plugins/* && \
rm -rf /usr/src/wordpress/wp-content/themes/* && \
cp -fr /usr/src/wordpress/* /var/www/html/ && \
chown -R www-data:www-data /var/www/html/
# volume for mysql database and wordpress install
VOLUME ["/var/www/html/wp-content/plugins", "/var/www/html/wp-content/themes"]
# Define working directory.
WORKDIR /var/www/html/
EXPOSE 80 3306
CMD ["apache2-foreground"]
Docker Compose File
wordpress:
build: .
links:
- mysql
- composer
volumes:
- wp-content/plugins/:/var/www/html/wp-content/plugins
- wp-content/themes/:/var/www/html/wp-content/themes
environment:
- WORDPRESS_DB_PASSWORD=__WORDPRESS_DB_PASSWORD__
- WORDPRESS_DB_NAME=__WORDPRESS_DB_NAME__
# - WORDPRESS_DB_USER=__WORDPRESS_DB_USER__
ports:
- "9888:80"
mysql:
image: mysql:5.7
environment:
- MYSQL_ROOT_PASSWORD=__WORDPRESS_DB_PASSWORD__
- MYSQL_DATABASE=__WORDPRESS_DB_NAME__
composer:
image: composer/composer
Question details
I'm able to ADD the composer.json and composer.lock files to the working directory. I can confirm that these two files are in the working directory.
What I need is for the Dockerfile (or wherever) to also automatically install the dependencies into the working directory.
According to Docker Hub, https://hub.docker.com/r/composer/composer/,
I should be able to docker run -v $(pwd):/app composer/composer install to install the dependencies but how do I do this in Dockerfile?
Also I'm confused because the -v flag, https://docs.docker.com/engine/userguide/dockervolumes/, has to do with mounting the specified host directory into the a container but I've already ADDed the necessary files to the working directory. All I want to do is install the dependencies.
Thank you for your help.
You just need to mount the current directory to /app when running your composer container. I've put together a simple example to illustrate this working at https://gist.github.com/andyshinn/e2c428f2cd234b718239.
The key parts here are the volumes for the composer part of the application and the restart: 'yes' on the primary PHP application (the application likely will not run until Composer has run so you will want it to restart).

Resources