tnc1997 / samples

MIT License
54 stars 41 forks source link

The two ssl files appear to be swapped #46

Closed biseconocom closed 1 year ago

biseconocom commented 1 year ago

Describe the bug In the tutorial "adding-multitenancy-to-an-aspnet-core-6-application" when build as described, on the first call from the browser to one.example.local, I get the following error message in the docker console:

nginx.1 2023/09/26 19:48:54 [error] 134#134: 9 cannot load certificate "data:": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE) while SSL handshaking, client: 172.25.0.1, server: 0.0.0.0:443 nginx.1 2023/09/26 19:48:54 [error] 134#134: 10 cannot load certificate "data:": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE) while SSL handshaking, client: 172.25.0.1, server: 0.0.0.0:443

Expected behavior We expect to get "Tenant 1" message.

Additional context Mattias Geniar points out the certificate files may have been swapped: https://ma.ttias.be/nginx-ssl-certificate-errors-pem_read_bio_x509_aux-pem_read_bio_x509-ssl_ctx_use_privatekey_file/#PEM_read_bio_X509_AUX Can you assist me on this issue?

tnc1997 commented 1 year ago

Hi @biseconocom, unfortunately I am having difficulties reproducing the issue that you describe.

Following the Getting Started guide in the readme yields the following output:

docker compose up --build
[+] Building 0.3s (18/18) FINISHED                                                                                                                                                                                                                                                                           docker:default
 => [application internal] load build definition from Dockerfile                                                                                                                                                                                                                                                       0.0s
 => => transferring dockerfile: 612B                                                                                                                                                                                                                                                                                   0.0s
 => [application internal] load .dockerignore                                                                                                                                                                                                                                                                          0.0s
 => => transferring context: 380B                                                                                                                                                                                                                                                                                      0.0s
 => [application internal] load metadata for mcr.microsoft.com/dotnet/sdk:6.0                                                                                                                                                                                                                                          0.2s
 => [application internal] load metadata for mcr.microsoft.com/dotnet/aspnet:6.0                                                                                                                                                                                                                                       0.2s
 => [application build 1/7] FROM mcr.microsoft.com/dotnet/sdk:6.0@sha256:64c2462d35728440e47dd6dec28099461fd89fef5cf13815d640df112c0333f9                                                                                                                                                                              0.0s
 => [application internal] load build context                                                                                                                                                                                                                                                                          0.0s
 => => transferring context: 536B                                                                                                                                                                                                                                                                                      0.0s
 => [application base 1/2] FROM mcr.microsoft.com/dotnet/aspnet:6.0@sha256:fee44277c9c0d56ef90e1863b3ff4bfad95b9b3aef766f12b0af5660d8c993df                                                                                                                                                                            0.0s
 => CACHED [application base 2/2] WORKDIR /app                                                                                                                                                                                                                                                                         0.0s
 => CACHED [application final 1/2] WORKDIR /app                                                                                                                                                                                                                                                                        0.0s
 => CACHED [application build 2/7] WORKDIR /src                                                                                                                                                                                                                                                                        0.0s
 => CACHED [application build 3/7] COPY [Application/Application.csproj, Application/]                                                                                                                                                                                                                                 0.0s
 => CACHED [application build 4/7] RUN dotnet restore "Application/Application.csproj"                                                                                                                                                                                                                                 0.0s
 => CACHED [application build 5/7] COPY . .                                                                                                                                                                                                                                                                            0.0s
 => CACHED [application build 6/7] WORKDIR /src/Application                                                                                                                                                                                                                                                            0.0s
 => CACHED [application build 7/7] RUN dotnet build "Application.csproj" -c Release -o /app/build                                                                                                                                                                                                                      0.0s
 => CACHED [application publish 1/1] RUN dotnet publish "Application.csproj" -c Release -o /app/publish                                                                                                                                                                                                                0.0s
 => CACHED [application final 2/2] COPY --from=publish /app/publish .                                                                                                                                                                                                                                                  0.0s
 => [application] exporting to image                                                                                                                                                                                                                                                                                   0.0s
 => => exporting layers                                                                                                                                                                                                                                                                                                0.0s
 => => writing image sha256:d65a129979a0c31459d9e77cd67dfa7a0f005acbb51cddf3ae1c9dd7283dc0f4                                                                                                                                                                                                                           0.0s
 => => naming to docker.io/library/adding-multitenancy-to-an-aspnet-core-6-application-application                                                                                                                                                                                                                     0.0s
[+] Running 2/0
 ✔ Container adding-multitenancy-to-an-aspnet-core-6-application-proxy-1        Created                                                                                                                                                                                                                                0.0s
 ✔ Container adding-multitenancy-to-an-aspnet-core-6-application-application-1  Created                                                                                                                                                                                                                                0.0s
Attaching to adding-multitenancy-to-an-aspnet-core-6-application-application-1, adding-multitenancy-to-an-aspnet-core-6-application-proxy-1
adding-multitenancy-to-an-aspnet-core-6-application-proxy-1        | Info: running nginx-proxy version 1.3.1-40-g67ab97e
adding-multitenancy-to-an-aspnet-core-6-application-proxy-1        | Warning: A custom dhparam.pem file was provided. Best practice is to use standardized RFC7919 DHE groups instead.
adding-multitenancy-to-an-aspnet-core-6-application-proxy-1        | Warning: TRUST_DOWNSTREAM_PROXY is not set; defaulting to "true". For security, you should explicitly set TRUST_DOWNSTREAM_PROXY to "false" if there is not a trusted reverse proxy in front of this proxy.
adding-multitenancy-to-an-aspnet-core-6-application-proxy-1        | Warning: The default value of TRUST_DOWNSTREAM_PROXY might change to "false" in a future version of nginx-proxy. If you require TRUST_DOWNSTREAM_PROXY to be enabled, explicitly set it to "true".
adding-multitenancy-to-an-aspnet-core-6-application-proxy-1        | forego      | starting dockergen.1 on port 5000
adding-multitenancy-to-an-aspnet-core-6-application-proxy-1        | forego      | starting nginx.1 on port 5100
adding-multitenancy-to-an-aspnet-core-6-application-proxy-1        | nginx.1     | 2023/09/26 21:08:59 [notice] 17#17: using the "epoll" event method
adding-multitenancy-to-an-aspnet-core-6-application-proxy-1        | nginx.1     | 2023/09/26 21:08:59 [notice] 17#17: nginx/1.25.2
adding-multitenancy-to-an-aspnet-core-6-application-proxy-1        | nginx.1     | 2023/09/26 21:08:59 [notice] 17#17: built by gcc 12.2.0 (Debian 12.2.0-14)
adding-multitenancy-to-an-aspnet-core-6-application-proxy-1        | nginx.1     | 2023/09/26 21:08:59 [notice] 17#17: OS: Linux 5.15.90.4-microsoft-standard-WSL2
adding-multitenancy-to-an-aspnet-core-6-application-proxy-1        | nginx.1     | 2023/09/26 21:08:59 [notice] 17#17: getrlimit(RLIMIT_NOFILE): 1048576:1048576
adding-multitenancy-to-an-aspnet-core-6-application-proxy-1        | nginx.1     | 2023/09/26 21:08:59 [notice] 17#17: start worker processes
adding-multitenancy-to-an-aspnet-core-6-application-proxy-1        | nginx.1     | 2023/09/26 21:08:59 [notice] 17#17: start worker process 24
adding-multitenancy-to-an-aspnet-core-6-application-proxy-1        | nginx.1     | 2023/09/26 21:08:59 [notice] 17#17: start worker process 25
adding-multitenancy-to-an-aspnet-core-6-application-proxy-1        | nginx.1     | 2023/09/26 21:08:59 [notice] 17#17: start worker process 26
adding-multitenancy-to-an-aspnet-core-6-application-proxy-1        | nginx.1     | 2023/09/26 21:08:59 [notice] 17#17: start worker process 27
adding-multitenancy-to-an-aspnet-core-6-application-proxy-1        | nginx.1     | 2023/09/26 21:08:59 [notice] 17#17: start worker process 28
adding-multitenancy-to-an-aspnet-core-6-application-proxy-1        | nginx.1     | 2023/09/26 21:08:59 [notice] 17#17: start worker process 29
adding-multitenancy-to-an-aspnet-core-6-application-proxy-1        | nginx.1     | 2023/09/26 21:08:59 [notice] 17#17: start worker process 30
adding-multitenancy-to-an-aspnet-core-6-application-proxy-1        | nginx.1     | 2023/09/26 21:08:59 [notice] 17#17: start worker process 31
adding-multitenancy-to-an-aspnet-core-6-application-proxy-1        | nginx.1     | 2023/09/26 21:08:59 [notice] 17#17: start worker process 32
adding-multitenancy-to-an-aspnet-core-6-application-proxy-1        | nginx.1     | 2023/09/26 21:08:59 [notice] 17#17: start worker process 33
adding-multitenancy-to-an-aspnet-core-6-application-proxy-1        | nginx.1     | 2023/09/26 21:08:59 [notice] 17#17: start worker process 34
adding-multitenancy-to-an-aspnet-core-6-application-proxy-1        | nginx.1     | 2023/09/26 21:08:59 [notice] 17#17: start worker process 35
adding-multitenancy-to-an-aspnet-core-6-application-proxy-1        | nginx.1     | 2023/09/26 21:08:59 [notice] 17#17: start worker process 36
adding-multitenancy-to-an-aspnet-core-6-application-proxy-1        | nginx.1     | 2023/09/26 21:08:59 [notice] 17#17: start worker process 37
adding-multitenancy-to-an-aspnet-core-6-application-proxy-1        | nginx.1     | 2023/09/26 21:08:59 [notice] 17#17: start worker process 38
adding-multitenancy-to-an-aspnet-core-6-application-proxy-1        | nginx.1     | 2023/09/26 21:08:59 [notice] 17#17: start worker process 39
adding-multitenancy-to-an-aspnet-core-6-application-proxy-1        | nginx.1     | 2023/09/26 21:08:59 [notice] 17#17: start worker process 40
adding-multitenancy-to-an-aspnet-core-6-application-proxy-1        | nginx.1     | 2023/09/26 21:08:59 [notice] 17#17: start worker process 41
adding-multitenancy-to-an-aspnet-core-6-application-proxy-1        | nginx.1     | 2023/09/26 21:08:59 [notice] 17#17: start worker process 42
adding-multitenancy-to-an-aspnet-core-6-application-proxy-1        | nginx.1     | 2023/09/26 21:08:59 [notice] 17#17: start worker process 43
adding-multitenancy-to-an-aspnet-core-6-application-proxy-1        | nginx.1     | 2023/09/26 21:08:59 [notice] 17#17: start worker process 44
adding-multitenancy-to-an-aspnet-core-6-application-proxy-1        | nginx.1     | 2023/09/26 21:08:59 [notice] 17#17: start worker process 45
adding-multitenancy-to-an-aspnet-core-6-application-proxy-1        | nginx.1     | 2023/09/26 21:08:59 [notice] 17#17: start worker process 46
adding-multitenancy-to-an-aspnet-core-6-application-proxy-1        | nginx.1     | 2023/09/26 21:08:59 [notice] 17#17: start worker process 47
adding-multitenancy-to-an-aspnet-core-6-application-proxy-1        | dockergen.1 | 2023/09/26 21:08:59 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification 'nginx -s reload'
adding-multitenancy-to-an-aspnet-core-6-application-proxy-1        | dockergen.1 | 2023/09/26 21:08:59 Watching docker events
adding-multitenancy-to-an-aspnet-core-6-application-proxy-1        | dockergen.1 | 2023/09/26 21:08:59 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification 'nginx -s reload'
adding-multitenancy-to-an-aspnet-core-6-application-application-1  | info: Microsoft.Hosting.Lifetime[14]
adding-multitenancy-to-an-aspnet-core-6-application-application-1  |       Now listening on: http://[::]:80
adding-multitenancy-to-an-aspnet-core-6-application-application-1  | info: Microsoft.Hosting.Lifetime[0]
adding-multitenancy-to-an-aspnet-core-6-application-application-1  |       Application started. Press Ctrl+C to shut down.
adding-multitenancy-to-an-aspnet-core-6-application-application-1  | info: Microsoft.Hosting.Lifetime[0]
adding-multitenancy-to-an-aspnet-core-6-application-application-1  |       Hosting environment: Development
adding-multitenancy-to-an-aspnet-core-6-application-application-1  | info: Microsoft.Hosting.Lifetime[0]
adding-multitenancy-to-an-aspnet-core-6-application-application-1  |       Content root path: /app/
adding-multitenancy-to-an-aspnet-core-6-application-proxy-1        | nginx.1     | one.example.local 172.23.0.1 - - [26/Sep/2023:21:09:11 +0000] "GET / HTTP/2.0" 200 15 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36" "172.23.0.2:80"
adding-multitenancy-to-an-aspnet-core-6-application-proxy-1        | nginx.1     | two.example.local 172.23.0.1 - - [26/Sep/2023:21:09:14 +0000] "GET / HTTP/2.0" 200 15 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36" "172.23.0.2:80"

Could you archive your clone of the sample and share it so that I can investigate further?

biseconocom commented 1 year ago

example.local.zip OpenSSL is 3.1.2 CertUtil: version: Lang 04b00409 (1200.1033) File 10.0:22621.1 Product 10.0:22621.1 Docker version 24.0.6

tnc1997 commented 1 year ago

It looks like your example.local.crt file contains a private key and your example.local.key file contains a public certificate.

When the public certificate and private key were generated, did the file names potentially get switched around?

Could you check that the OpenSSL command is executed as per the Getting Started guide in the readme:

openssl req -x509 -nodes -newkey rsa:4096 -keyout example.local.key -out example.local.crt -subj "/CN=localhost" -addext "subjectAltName=DNS:localhost,DNS:*.example.local"

This command should output the key to example.local.key and the certificate to example.local.crt.

biseconocom commented 1 year ago

The problems appears earlier in the Program.cs at configuration of the DbContext. There are no arguments attached to the run command. Can this be configured in the Docker file?

tnc1997 commented 1 year ago

The problems appears earlier in the Program.cs at configuration of the DbContext. There are no arguments attached to the run command. Can this be configured in the Docker file?

Hi @biseconocom, looking at the log messages in your first comment, it appears that the SSL errors are coming from the nginx container and not the application container.