Https between my docker containers and my native community pc, later deploy to Raspberry Pi?

I've examined an strategy between 2 Docker containers in my community - however also needs to work from any shopper within the community to the a server hosted in a container.

Create the certificates on the PI internet hosting the server container:

mkdir -p /tmp/certs
export CERTPASS=$(pwgen)
echo $CERTPASS >/tmp/certs/myservercert.txt
openssl req -x509 
    -passout env:CERTPASS 
    -subj "/CN=server.my.web" 
    -newkey rsa:4096 
    -keyout /tmp/certs/familyboardkey.pem 
    -out /tmp/certs/myservercert.pem 
    -days 365
openssl pkcs12 -export 
    -out /tmp/certs/myservercert.pfx 
    -inkey /tmp/certs/familyboardkey.pem 
    -in /tmp/certs/myservercert.pem 
    -passin env:CERTPASS 
    -passout env:CERTPASS
openssl pkcs12 -in /tmp/certs/myservercert.pfx 
    -passin env:CERTPASS 
    -clcerts -nokeys -out /tmp/certs/myservercert.crt

Begin the server with mounted certificates folder:

docker run -d 
    --name myserver 
    -p 5001:5001 
    -p 5000:5000 
    -e ASPNETCORE_Kestrel__Certificates__Default__Password="$(cat /tmp/certs/myservercert.txt)" 
    -e ASPNETCORE_Kestrel__Certificates__Default__Path="/tmp/certs/myservercert.pfx" 
    --mount sort=bind,supply=/tmp/certs/,goal=/tmp/certs/ 
    --restart all the time 
    myserver

For my server https://github.com/KaiWalter/familyboard-aspnetcore I created this straightforward check console shopper:

utilizing System.Web.Http.Json;
utilizing System.Safety.Authentication;
utilizing System.Safety.Cryptography.X509Certificates;

var certificateName = System.Surroundings.GetEnvironmentVariable("CERTNAME");

var handler = new HttpClientHandler();
handler.ClientCertificateOptions = ClientCertificateOption.Handbook;
handler.ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator;
handler.SslProtocols = SslProtocols.Tls12;
handler.ClientCertificates.Add(new X509Certificate2(certificateName));
var shopper = new HttpClient(handler);

var responseHttp = await shopper.GetFromJsonAsync<DateFormatInfo>("http://server.my.web:5000/api/calendar/dateformatinfo");
Console.WriteLine($"MonthNames: {responseHttp.MonthNames.Depend}");
Console.WriteLine($"WeekDayNames: {responseHttp.WeekDayNames.Depend}");

var responseHttps = await shopper.GetFromJsonAsync<DateFormatInfo>("https://server.my.web:5001/api/calendar/dateformatinfo");
Console.WriteLine($"MonthNames: {responseHttps.MonthNames.Depend}");
Console.WriteLine($"WeekDayNames: {responseHttps.WeekDayNames.Depend}");

public class DateFormatInfo
{
    public Record<string> MonthNames { get; set; }
    public Record<string> WeekDayNames { get; set; }
}

The road handler.ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator; is required to beat System.Safety.Authentication.AuthenticationException: The distant certificates is invalid due to errors within the certificates chain: UntrustedRoot for the self-signed certificates.

docker run -it --network host 
    -e CERTNAME="/tmp/certs/myservercert.crt" 
    --mount sort=bind,supply=/tmp/certs/,goal=/tmp/certs/ 
    myclient

Does this make sense for you?



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *