AuthorSinan Bir

TLS Communication Error In a Docker Container

Problem

This weekend, I came across with an awkward error that I was not able to access https urls or ssl/tls based services while I was able to access non-tls based services over tcp without any problem inside a container.

First, I taught it was a TLS communication error and start digging around container image base, configurations, ca certificates and etc… But nothing worked. I was right it was a TLS communication error but not at the process level. Before I got into this error, I set up Wireguard Vpn which I added recently into my setup. So I stop working around wiring new container files and changed my way to other part of the setup.


Solution

The setup that my docker daemon was running on a host which was configured with Wireguard VPN. So I started troubleshooting on the network stack and boom…

The problem was because of different MTU sizes on the docker and wg* interfaces.

The Docker Daemon does not check the MTU size of the any available network interfaces. Therefore, the value of the Docker MTU was set to 1500. When I change MTU size of docker0 interface to 1420 that matches the wireguard default MTU size, everything started working again.

Wireguard Docker Repository

It is also mentioned under others section on the repository.

For some clients (a GL.inet router in my case) you may have trouble with HTTPS (SSL/TLS) due to the MTU on the VPN. Ping and HTTP work fine but HTTPS does not for some sites.

This can be fixed with MSS Clamping. This is simply a checkbox in the OpenWRT Firewall settings interface.

https://github.com/cmulk/wireguard-docker

You can find more information on wireguard-docker repository.

Docker Daemon Configuration

Restart the docker daemon and we are all set. If the output of MTU size doesn’t update suddenly, make sure you have run a container after the configuration.

Asynchronous Server Application Example – Java

Async Server

Asynchronous server application is not suspended while it waits for a connection from a client. If we spin up threads for each session, then the server waits for the IO operations which we don’t want. This example project shows handling tcp sockets Asynchronously without running separate threads for each session.

The example async socket server is available on github.

Continue reading

Apache Flink Stateful Streaming Example

Apache Flink Stateful Streaming

Today, We will create simple Apache Flink stateful streaming word count application to show you up how powerful apis it has and easy to write stateful applications. Stream processing is one of the most important component of modern data driven application pipelines. There is a nice article here which is more about the use cases, stateful term definitions and business values of it. In this article I want to focus more on stateful scenario .

Continue reading

Continuous Integration & Delivery vs Deployment

 

Continuous Integration

 

It is the practice that requires developers to integrate the code into a shared repository at least once a day. The integration is followed up by a build and test steps to solve problems quickly. Then you can fix the problems easily before they get serious. It would be hard to find and fix them on the repository where the developers don’t integrate their changes so often. When they do, they will be able to add new features instead of spending more time on debugging. Everyone can see what is happening on the repository. Unit and Integration tests have important roles on that pipeline. Overall, reduced risks, release more often and provide higher quality products.

“Continuous Integration doesn’t get rid of bugs, but it does make them dramatically easier to find and remove.”

— Martin Fowler, Chief Scientist, ThoughtWorks

Continue reading

.Net Core 2 IdentityServer4 Example – OpenId OAuth2

Since .netCore released I couldn’t find much information about how to implement either oauth2 or openId .I found identityServer4 easy to create an authorization server and did an example how to set it up. I hope this article will be helpful for some who is looking for what it is and how to implement identityserver4 along with refreshtoken on the .net core 2. So,what is IdentityServer4 ? IdentityServer4 is an OpenID Connect and OAuth 2.0 framework for ASP.NET Core. It is free and also has support for commercial uses.We’ll be creating hybrid authentication flow to implement refresh token using grant types Resource Owner Password Credentials(ROPC) and Refresh Token.  I won’t be explaining all protocols here. If you need further information you can checkout IdentityServer4  ,OAuth2 and OpenId. Let’s dig into some coding.

Continue reading

© 2021 Sinan Bir

Up ↑