Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Setting up local https network to mock amazonaws.com in docker

Tags:

docker

https

amazon-web-services

docker-compose

traefik

I have a requirement where I need to setup a spoof/mock an AWS server in my local docker compose network... The requirement is to be able to test a set of microservice without letting the microservices know that the endpoint is not actually AWS.

enter image description here

For examples if a microservice, which uses the AWS-SDK, tries to make a service call to create a queue, it makes a call to https://eu-west-1.queue.amazonaws.com. I have a local dns server installed which resolves the same to a reverse proxy server(Traefik) which in turn resolves it to the mock server.

When the service call is made, the service call fails at reverse proxy level stating the below error 

traefik_1     | time="2018-10-11T15:11:28Z" level=debug msg="http: TLS handshake error from 10.5.0.7:59058: remote error: tls: unknown certificate authority"

can anyone help me in setting up the system in such a way that the call is made successfully....

like image 440
Fr_nkenstien Avatar asked Oct 11 '18 15:10

Fr_nkenstien

2 Answers

You're not going to be able to MITM the https api request and return a different response. You can give the SDK a different url to hit (without https, or with a self-signed cert), and then set up a proxy to proxy requests to amazon when you want them to be send to amazon, and to your other service when you want to mock them.

Some random information on how to change the api request url in the javascript SDK: https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/specifying-endpoints.html (as an example)

like image 135
maxm Avatar answered Oct 04 '22 18:10

maxm

tls: unknown certificate authority

Based on this error message you need to update the list of trusted CA's in your environment. This needs to be done inside each image (or resulting container) that will connect to your mock service. The process varies based on the base image you select, and this question on unix.se covers many of the methods.

The Debian process:

apt-get install ca-certificates
cp cacert.pem /usr/share/ca-certificates
dpkg-reconfigure ca-certificates

The CentOS process:

cp cacert.pem /etc/pki/ca-trust/source/anchors/
update-ca-trust extract

The Alpine process:

apk add --no-cache ca-certificates
mkdir /usr/local/share/ca-certificates
cp cacert.pem /usr/local/share/ca-certificates/
update-ca-certificates
like image 35
BMitch Avatar answered Oct 04 '22 18:10

BMitch
Sign in to Comment

Related questions

Generate S3 URL in "path-style" format
How to Set Up Debugging with Dockerized SAM Local
AWS Boto / Warrant library: SRP authentication and credentials error
Asynchronous HTTP request in AWS Lambda
Error in reading awsconfiguration.json for GoogleSignIn
What is an ECS Task Group and how do I create one?
aws cloudfront api endpoint responding with Forbidden(403)
AWS Glue export to parquet issue using glueContext.write_dynamic_frame.from_options
Trace full-request / response bodies in AWS ApiGateway (not truncated)
AWS AppSync Versioning
awscli - lambda function update trigger
What is maximum length of AWS ARN?
AWS Lambda Policy Length Exceeded - adding rules to a lambda function
Increasing AWS Lambda response body payload size
AWS Cloudformation | Configure Lambda to Use Latest Version of Code in S3 Bucket
AWS Lambda async code execution
AWS API Gateway: API Key Limit
List S3 objects with public read permissions (in private bucket)
s3 proxy on kubernetes using Ingress
Amazon athena can't read S3 JSON Object files and Athena select query returns empty result sets for JSON key columns

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!