Docker commands and Dockerfile examples

To install docker on fedora

$ sudo dnf config-manager --add-repo https://download.docker.com/linux/fedora/docker-ce.repo

$ sudo dnf install docker-ce docker-ce-cli containerd.io 

$ sudo systemctl start docker

$ sudo docker run hello-world

To build and run an image

First, create a Dockerfile under the current directory (see below).

$ sudo docker build -t myimagename:myimageversion .

$ sudo docker  run -p 8888:8080 myimagename:myimageversion

or 

$ sudo docker run --net=host myimagename:myimageversion

Other commands

$ sudo docker image ls

$ sudo docker rmi image-hash

$ sudo docker ps -as

$ sudo docker rm container-hash

$ sudo docker run -it myimagename:myimageversion bash

Dockerfile of adding self CA and Bouncy Castle jar

FROM tomcat:9.0.44-jdk8

# Add myCA certificate

ADD myCA.crt /usr/local/share/ca-certificates/

RUN chmod 644 /usr/local/share/ca-certificates/myCA.crt && update-ca-certificates

# Add Bouncy Castle provider

RUN echo '' >> "/usr/local/openjdk-8/jre/lib/security/java.security"

RUN echo 'security.provider.10=org.bouncycastle.jce.provider.BouncyCastleProvider' >> "/usr/local/openjdk-8/jre/lib/security/java.security"

ADD bcprov-jdk15on.jar /usr/local/openjdk-8/jre/lib/ext/

# Add web app

ADD myapp.war  /usr/local/tomcat/webapps/

EXPOSE 8080

CMD ["catalina.sh", "run"]

Eclipse cannot connect to a server due to certification error

If "Install New Software" fails in Eclipse and it complains that the server's certificate is not trusted, that may be because the Java instance that Eclipse uses does not have the needed CA in its keystore.

Another symptom is that when you try to access Eclipse Marketplace in Eclipse (Help|Eclipse Marketplace...), exceptions are thrown complaining about the server certificate.

Usually Eclipse uses the Java in the system, and you can simple add the CA into the keystore following this post.

Sometimes Eclipse uses a different Java instance and to find out which one it is, you need to go to the installation of Eclipse and find this file eclipse.ini. Use a text editor to open it. Find the line -vm. Under it is the Java instance that Elipse uses.

Go to where the Java instance locates, and enter its lib/security/ directory. Follow this post to add the new CA to cacerts, e.g.:

$ keytool -import -alias CloudService -keystore cacerts -file "/path/to/CloudServiceRootCA.cer"

Adding a CA to the trust store for Eclipse

If a Eclipse plugin uses a self-signed updating web site, you may encounter the authentication failure error when updating the plugin.

The solution is to add the CA of the self-signed certificate to the trust store that Eclipse uses.

By default, Eclipse uses the Java trust store at $JAVA_HOME/lib/security/cacerts.

To list the certificates in it, go to $JAVA_HOME/lib/security/ and run command:
$ $JAVA_HOME/bin/keytool -list -keystore ./cacerts

You may not have the permission to add a new certificate into the default trust store. We can make a copy of the default trust store and add the new certificate in the new copy.
$ cd /path/to/my/trust/store/location
$ cp $JAVA_HOME/lib/security/cacerts mytruststore

The password of Java's default cacerts is "changeit". You will need to input it when adding a new certificate into mytruststore.

Run the following command to import the new certificate (e.g. cloudServicesRootCA.cer, this post shows how to download the certificate of a CA) into mytruststore:
$ $JAVA_HOME/bin/keytool -alias cloudServicesRootCA -import -file cloudServicesRootCA.cer -keystore mytruststore

Exit Eclipse if you are running it and let Eclipse know the new trust store by adding it to Eclipse's configuration file eclipse.ini which locates in the root directory of the Eclipse installation. Use an editor to open eclipse.ini and add/modify these two parameters:
-Djavax.net.ssl.trustStore=/path/to/my/trust/store/location/mytruststore
-Djavax.net.ssl.trustStorePassword=changeit

InstallCert.java - to solve the SSL handshake problem

If a web server is using a self-signed or unknown certificate, your JSSE application will encounter the javax.net.ssl.SSLHandshakeException complaining "unable to find valid certification path to requested target" when trying to connect to it.

If you know for sure that the server can be trusted, you can use InstallCert.java to add the server's certificate to your trusted keystore:

1. Google and download InstallCert.java

2. Compile InstallCert.java
      javac InstallCert.java

3. Access the server with InstallCert to retrieve the certificate:
      java InstallCert <server_name>:<port>

4. Add the server's certificate to the keystore jssecacerts in the same directory. The file jssecacerts will be generated if it is not there.

5. Copy jssecacerts into your $JAVA_HOME/jre/lib/security directory

Now your JSSE application should be able to handshake successfully with the server.

Allow Microsoft Edge to visit self-signed HTTPS websites | Resolve certificate error issues | Microsoft Edge

If the website is using a self-signed certificate or an invalid certificate, Microsoft Edge shows an error page. Unlike Firefox or Google Chrome, it won't give you the choice of bypassing the error and continuing to the website.

To resolve this, one way is to make Edge trust the (self-signed) certificate. To do that, we follow 2 steps: 1) download the root certificate; 2) Import the root certificate. We have to download and import the root certificate because only importing the certificate for the website does not work as Edge will validate the whole path of the certificate. The details of the procedure are:

Step 1, download the root certificate:

1. When seeing the Certificate Error page, click on the Certificate Error icon on the left side of the location bar of the browser.
2. In the little popup, click on the View certificate link.
3. In the Certification Information side window, the path of the certificate is posted.
4. Click on the root certificate on the top. 
5. At the bottom, there is an Export to file button. Click on the button to download the root certificate.

Step 2, import the root certificate

1. Click on the Start menu of Windows 10.
2. Input "Control Panel". In the middle of you keying in the words, the hints will show you the choice and you can select Control Panel from the list.
3. At the top right side of the Control Panel, change the "View by:" option to "small icons".
4. Find and click on the Internet Options icon.
5. In the Internet Options dialog, select the Content tab.
6. Find and click on the Certificate button.
7. (Important!) Select the Trusted Root Certification Authorities tab.
8. Click on the Import... button to import the downloaded root certificate.

 Notes:

1. As we explained earlier, we need to import the root certificate. If there are intermediate certificates, you may need to import them too.
2. If you are concerned to make such "unsafe" changes to your computer, you can download the Microsoft Edge VM (
   https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/
   ), make the changes on the VM and play with it.