TLS Communication Error In a Docker Container

Problem

This weekend, I came across with an awkward error that I was not able to access https urls or ssl/tls based services while I was able to access non-tls based services over tcp without any problem inside a container.

First, I taught it was a TLS communication error and start digging around container image base, configurations, ca certificates and etc… But nothing worked. I was right it was a TLS communication error but not at the process level. Before I got into this error, I set up Wireguard Vpn which I added recently into my setup. So I stop working around wiring new container files and changed my way to other part of the setup.


Solution

The setup that my docker daemon was running on a host which was configured with Wireguard VPN. So I started troubleshooting on the network stack and boom…

~# ip link
X: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/none
X: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
    link/ether XX:XX:XX:XX:XX:XX brd ff:ff:ff:ff:ff:ff

The problem was because of different MTU sizes on the docker and wg* interfaces.

The Docker Daemon does not check the MTU size of the any available network interfaces. Therefore, the value of the Docker MTU was set to 1500. When I change MTU size of docker0 interface to 1420 that matches the wireguard default MTU size, everything started working again.

Wireguard Docker Repository

It is also mentioned under others section on the repository.

For some clients (a GL.inet router in my case) you may have trouble with HTTPS (SSL/TLS) due to the MTU on the VPN. Ping and HTTP work fine but HTTPS does not for some sites.

This can be fixed with MSS Clamping. This is simply a checkbox in the OpenWRT Firewall settings interface.

https://github.com/cmulk/wireguard-docker

You can find more information on wireguard-docker repository.

Docker Daemon Configuration

/etc/docker/daemon.json
{
  "mtu": 1420
}

Restart the docker daemon and we are all set. If the output of MTU size doesn’t update suddenly, make sure you have run a container after the configuration.

Apache Flink Stateful Streaming Example

Apache Flink Stateful Streaming

Today, We will create simple Apache Flink stateful streaming word count application to show you up how powerful apis it has and easy to write stateful applications. Stream processing is one of the most important component of modern data driven application pipelines. There is a nice article here which is more about the use cases, stateful term definitions and business values of it. In this article I want to focus more on stateful scenario .

Continue reading

Continuous Integration & Delivery vs Deployment

 

Continuous Integration

 

It is the practice that requires developers to integrate the code into a shared repository at least once a day. The integration is followed up by a build and test steps to solve problems quickly. Then you can fix the problems easily before they get serious. It would be hard to find and fix them on the repository where the developers don’t integrate their changes so often. When they do, they will be able to add new features instead of spending more time on debugging. Everyone can see what is happening on the repository. Unit and Integration tests have important roles on that pipeline. Overall, reduced risks, release more often and provide higher quality products.

“Continuous Integration doesn’t get rid of bugs, but it does make them dramatically easier to find and remove.”

— Martin Fowler, Chief Scientist, ThoughtWorks

Continue reading

.Net Core 2 IdentityServer4 Example – OpenId OAuth2

Since .netCore released I couldn’t find much information about how to implement either oauth2 or openId .I found identityServer4 easy to create an authorization server and did an example how to set it up. I hope this article will be helpful for some who is looking for what it is and how to implement identityserver4 along with refreshtoken on the .net core 2. So,what is IdentityServer4 ? IdentityServer4 is an OpenID Connect and OAuth 2.0 framework for ASP.NET Core. It is free and also has support for commercial uses.We’ll be creating hybrid authentication flow to implement refresh token using grant types Resource Owner Password Credentials(ROPC) and Refresh Token.  I won’t be explaining all protocols here. If you need further information you can checkout IdentityServer4  ,OAuth2 and OpenId. Let’s dig into some coding.

Continue reading

Simpson’s 3 8 Method C Code – Integration

Simpson’s 3 8 Method C Code

I will share the Simpson’s 3 8 Method C Code. There are other methods that can calculate the integration more accurate but today I’ll share one of my class notes which can be helpful who is looking for an easy implementation of this method. The function that I use for this program is ex whose integration is same as itself. You can implement your custom function easily overriding  f(double x) prototype. Program requires lower, upper bound of integration and the n ( part count ) as an input. You can get more accurate results when you give n is high enough. Because the method is applied each part independently. You can check out code of the program below. The method detailed information.

Continue reading

Lagrange Interpolation C Code

In numerical analysis, Lagrange polynomials are used for polynomial interpolation. For a given set of distinct points x_j and numbers y_j, the Lagrange polynomial is the polynomial of the least degree that at each point x_j assumes the corresponding value y_j (i.e. the functions coincide at each point). The interpolating polynomial of the least degree is unique, however, and it is therefore more appropriate to speak of “the Lagrange form” of that unique polynomial rather than “the Lagrange interpolation polynomial”, since the same polynomial can be arrived at through multiple methods.

Continue reading

Arduino Timer Kullanımı Kesmeler – Interrupts

Arduino Timer Kullanımı ve Ayarlanması

Merhaba arkadaşlar, bu makalemde arduino ve aynı zamanda avr 8 bit mimarisine sahip işlemcilerde timer kullanımından bahsetmek istiyorum. Arduino adı altında toplanan nerdeyse tüm hazır boardlarda kullanılan işlemciler atmega firmasına ait olan avr-8 bit veya 32 bit işlemcileridir. Bu işlemcilerde timer kullanmaktan bahsetmeden önce bu mimariye sahip tüm işlemciler benzer şekilde ayarlamalar yapabileceğinizi belirtmek isterim. Her işlemcide benim örnek vererek anlatacağım timerlar bulunmayabilir.Bunun için gerekli bilgiyi kullandığınız işlemcinin datasheet dosyasından öğrenebilirsiniz. ( Ornek : Atmega328 )

Timer Nedir ?

Continue reading

Web Api Bearer Token Authentication

Bu makalemde front-end ve back-end arasında web api bearer token  authentication kullanımından bahsetmek istiyorum. İlk olarak nedir bu token diyerek başlayıp avantajlarından bahsettikten sonra örnek bir ASP .NET Web Api Üzerinden uygulama ile devam edeceğim.

 

Nedir Bu Token ve Avantajları ?

Kısaca özetlemek gerekirse token’ı anahtar olarak düşünebiliriz. Yani biz back-end serverımıza kullanıcı adımızı ve şifremizi doğrulamak için gönderdiğimizde bize bu doğrulamaya karşılık bir token ( Anahtar ) veriyor. Sonrasında istek gerçekleştirmek istediğimizde bizden kullanıcı adı şifre yerine bu anahtarı bekliyor ve gerekli güvenlik kontrollerini sağlıyor. Burada böyle bir yapının kullanılmasının bize sağladığı avantajlardan başlıcaları;

Continue reading

.Net – NLog Kullanımı ( Error – System Logging )

Merhaba arkadaşlar,uygulama geliştirirken hata yönetimi konusunun önemi bir hayli fazla. Kullanıcının karşılaştığı hataların saklanması bize bu hataların çözümünde büyük bir kolaylık sağlayacaktır. Ben projelerimde kullandığım bir framework olan NLog’tan bahsetmek istiyorum.Bu arada free olması da bir hayli cezbedici. Ayrıca kullanışlı ve kurulumu da bir o kadar kolay. NLog ile bir hata oluştuğu durumda yapabileceklerinizden bahsetmek gerekirse; mail atabilirsiniz,dosyaya yazabilirsiniz, veritabanına ekleyebilirsiniz , console’a çıktı alabilirsiniz ve daha bir çok sağlayıcı ile kullanabilirsiniz. Ben bu makalemde dosyaya saklama işleminden bahsetmek istiyorum. Örnek uygulama için bir konsol projesi oluşturup bu projede genel hata yönetimi entegrasyonunu yapacağız. Şimdi bir örnek ile başlayalım…

Boş bir proje oluşturalım.

Continue reading