c#dockerasp.net-coresslcentos
centos 8 on build docker error :Encryption(ssl/tls) handshake failed
I try to run it from Visual Studio Code can find the local database and connect to it. change database setting the environment variable run docker container, But when I run the app in the docker container cannot connect to the database the running container it returns this error :
I try openssl build tecmint.local.crt and tecmint.local.key Copy the tecmint.local.crt file to two directory:
/usr/local/share/ca-certificates/extra
and
/etc/pki/ca-trust/source/anchors
#centos 8 directory#
[root@localhost extra]# cd /etc/ssl/private
[root@localhost private]# ls
tecmint.local.crt tecmint.local.key
[root@localhost extra]# cd /etc/pki/ca-trust/source/anchors
[root@localhost anchors]# ls
openssl-1.1.1k openssl-1.1.1k.tar.gz tecmint.local.crt
[root@localhost anchors]# cd /usr/local/share/ca-certificates/extra
[root@localhost extra]# ls
tecmint.local.crt
then docker run dockerfile
and Mount the certs onto the Docker container using :
docker run -v /usr/local/share/ca-certificates/extra:/app/build -d 39bc3b53bb17 "update-ca-certificates"
#Dockerfile #
FROM mcr.microsoft.com/dotnet/aspnet:5.0-focal AS base
WORKDIR /app
EXPOSE 8000
ENV ASPNETCORE_ENVIRONMENT=Development
ENV ASPNETCORE_URLS=http://+:8000
RUN adduser -u 5678 --disabled-password --gecos "" appuser && chown -R appuser /app
USER appuser
FROM mcr.microsoft.com/dotnet/sdk:5.0-focal AS build
WORKDIR /src
COPY ["MVCVue.csproj", "./"]
RUN dotnet restore "MVCVue.csproj"
COPY . .
WORKDIR "/src/."
RUN dotnet build "MVCVue.csproj" -c Release -o /app/build
FROM build AS publish
RUN dotnet publish "MVCVue.csproj" -c Release -o /app/publish /p:UseAppHost=false
FROM base AS final
WORKDIR /app
COPY --from=publish /app/publish .
ENTRYPOINT ["dotnet", "MVCVue.dll"]
#Startup#
public void ConfigureServices(IServiceCollection services)
{
services.AddControllersWithViews();
services.AddDbContext<cpteContext>(options =>
options.UseSqlServer(Configuration.GetConnectionString("BloggingDatabase")));
services.AddAntiforgery(opiton => {
opiton.FormFieldName = "MyAntiForgeryField";
opiton.HeaderName = "ANTI-TOKEN-HEADERNAME";
});
}
#DbContext#
public partial class testContext : DbContext
{
public cpteContext(){}
public cpteContext(DbContextOptions<cpteContext> options) : base(options){}
public virtual DbSet<Board> Boards { get; set; }
public virtual DbSet<Operator> Operators { get; set; }
protected override void OnConfiguring(DbContextOptionsBuilder optionsBuilder)
{
var configuration = new ConfigurationBuilder()
.SetBasePath(Directory.GetCurrentDirectory())
.AddJsonFile("appsettings.json")
.Build();
if (!optionsBuilder.IsConfigured)
{
var connectionString = configuration.GetConnectionString("BloggingDatabase");
optionsBuilder.UseSqlServer(connectionString);
}
}
#appsettings.json#
"ConnectionStrings": {
"BloggingDatabase": "Server=xxx.xxx.xxx.xxx;Database=testdb;Trusted_Connection=True;User Id=myid;Password=myPassword;Integrated Security=false;"
},
Solution
On many Linux distributions, the OpenSSL configuration file is at /etc/ssl/openssl.cnf.
code add-in openssl.cnf
openssl_conf = default_conf
[ default_conf ]
ssl_conf = ssl_sect
[ssl_sect]
system_default = system_default_sect
[system_default_sect]
MinProtocol = TLSv1.0
CipherString = DEFAULT@SECLEVEL=2
Reference: https://learn.microsoft.com/zh-tw/dotnet/core/compatibility/cryptography/5.0/default-cipher-suites-for-tls-on-linux
openssl.cnf copy in /usr/local/ssl/openssl.cnf
or
use the following workaround in Dockerfile.
RUN sed -i 's/TLSv1.2/TLSv1.0/g' /etc/ssl/openssl.cnf
Reference :https://github.com/microsoft/azuredatastudio/issues/11249
if is Server Certificate validation when TLS encryption is enforced by the target Server you must at least add this setting to your connection string (to enforce use of SSL):
trustservercertificate=true
- When did C allow casting constants and variables to struct for assignment?
- Why in C can I initialize more values than the size of an array?
- What Values of Variables x and y Will Produce Incorrect Results When Testing for Overflow After Subtraction of x-y in the Following Program?
- How to write a general-type queue library in c?
- Which gcc and g++ version support which standard of c and c++?
- How to dereference a member in a struct whose definition is not visible?
- How to name a type in a meaningful way?
- In this case, how to achieve modularity and information hiding at the same time?
- What are Vectors and < > in C?
- Using c to create a file and write+read to it, what went wrong?
- Why does 1.0/100.0 == 0.1/10.0 give True?
- How to organize the receive msg and user current input in C network such that it's clean
- Using inclusive scan syntax in OpenMP in the C language
- Unable to understand context in book "OOP in C" by Axel Schreiner
- variable-length array in struct with TI compiler in C (socket programming)
- A faster way to test 32bpp DDBs for a valid Alpha channel
- How can I compile the zephyr example-application as a freestanding application?
- Why does my forked process sometimes overwrite data in a file?
- _Generic in C needs typecasting?
- Declaring/defining an unused variable changes the output from an unrelated variable
- How to use gdb to explore the stack/heap?
- How can I read an input string of unknown length?
- Confused by difference between expression inside if and expression outside if
- Fast Arc Cos algorithm?
- Discrepancy of `unsigned long` size between llvm and gcc in riscv32
- GCC (C) - error: 'x' redeclared as different kind of symbol
- Why does GCC’s static analyser falsely warn that a pointer to an allocated memory block itself stored in an allocated memory block may leak?
- c language gcc compiler *.i file #3 "" 2 what is this?
- How to make clang compile to llvm IR
- Hashtable implementation in C