Pages

Tuesday, 29 September 2020

DNS not working inside docker containers on CentOS 8

ISSUES

Till today (Sep 30, 2020), docker is still NOT officially supported on CentOS 8 due to the conflicts between Docker.com and RedHat.

When installed on CentOS 8, docker containers run into DNS issues right away. 

There're two ways to solve this for now.

SOLUTION1

Change firewalld's backend from nftables to iptables

# cat /etc/firewalld/firewall.conf  | grep Backend
FirewallBackend=iptables
# systemctl restart firewalld

SOLUTION2

Add SNAT to the public zone.

# firewall-cmd --zone=public --add-masquerade --permanent
# firewall-cmd --reload
# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp0s25
  sources:
  services: cockpit dhcpv6-client http smtp ssh
  ports: 8888/udp 8000/tcp 8087/tcp
  protocols:
  masquerade: yes
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

USEFUL links

https://github.com/docker/for-linux/issues/957

at No comments:

Thursday, 24 September 2020

How web servers provide HTTP GET/POST to CGI apps

 HTTP client---(HTTP GET/POST)---web server---(Environment variables/stdin)---CGI app

  • For an HTTP GET request, web servers receive a query string from the client, then put it as Environment variable QUERY_STRING into the CGI app's process.
  • For an HTTP POST request, web servers receive form data from the client, then write to the CGI app's standard input, and denote the data length by Environment variable CONTENT_LENGTH.

Below is a demonstration.

CGI app

As environment variables and standard input are used by any process, any application can work as a CGI app.

Below is a simple bash script CGI app that prints out HTTP GET/POST data.

$ cat ./cgi-bin/app.sh

#!/bin/bash
# http header
echo -n 'Cotent-Type: text/plain'
echo -ne '\r\n\r\n'

# http GET query string becomes cgi app's environment variable $QUERY_STRING
echo $QUERY_STRING

# http POST form data becomes input to cgi app's stdin
# the data length is saved in $CONTENT_LENGTH
if [[ ! -z  $CONTENT_LENGTH ]]; then
    read -n $CONTENT_LENGTH post_data
    echo $post_data
fi

Web server

For simplicity, python's http.server module is used as our Web server.

$ python -m http.server --cgi 8000

HTTP client

Any web client works but here we use curl for demonstration.

$ curl --data 'form data or json' 'http://192.168.0.31:8000/cgi-bin/app.sh?x=2&y=2'
x=2&y=2
form data or json




at No comments:

Thursday, 10 September 2020

NFS home can cause ssh login failure

 Recently, I came across two ssh login failure issues due to NFS home.


  • If the user's NFS home cannot be mounted properly, ssh login will just fail instead of skip over the home.

  • If the user's home doesn't exist at all, ssh will skip it and let it login successfully.

at No comments: