Blog

Switch Context in Kubernetes with Kubectl

In Kubernetes Context is used to group all access parameters for a specific cluster under a convenient name in a kube config file. You can have multiple config files, but right now will focus on the case when you are using just one and all the contexts are in there.

Location of the default config file is

Linux: “~/.kube/config”
Windows: “$HOME\.kube\config”

The Context has three parameters: Cluster, Namespace and User.

When you use the kubectl it is using the current …

Read more

Cloudflare free tier for home use

A good practice if you expose something from your local network to internet is to go through service like Cloudflare, so you get extra protection. This way you are not going to expose your public API neither.

I have registered a new domain that will be used for the services exposed with Google Domains. Keep in mind that you can register directly with Cloudflare, but I already have domains with Google and this is why registered it there. I just …

Read more

Setup MicroK8s Kubernetes cluster on Ubuntu with ingress and dashboard

So far I have been using only Docker Desktop and the Kubernetes provided with it. It is good enough for development, but I wanted to expose my services so I can access them through the internet and to know that they will start again on machine restart. In addition I would like to run them in a virtual machine (VM), so Windows is no longer an option. That means I need something else. For me the option is Linux and …

Read more

Expanding RAID 1 pool size on Synology NAS by adding more disks

I just received my first Synology NAS (so far I have used asustor) and decided to set it up. Since so far I got only two disks 18TB each I am sure will be enough for now. The idea was to configure them in Synology Hybrid RAID (SHR) and to add more to the same pool when needed.

First I want to say that the 18TB drives are still not officially supported by Synology, but I saw some websites selling …

Read more

Add custom claims to access token in IdentityServer4

All identity providers are flexible and allow you to add custom claims in the issued access token. IdentityServer4 is no different in this scenario. Here is a short manual how to add custom claims in IdentityServer4 access token response.

You need to implement a ProfileService:

public class ProfileService : IProfileService
{
	public ProfileService(
		UserManager<PafUseruserManager)
	{
		_userManager = userManager;
	}

	public async Task GetProfileDataAsync(ProfileDataRequestContext context)
	{
		var user = await _userManager.GetUserAsync(context.Subject);

		var claims = new List<Claim{
			new Claim("custom_claim1", user.CustomClaim1),
			
Read more

Issue access token to IdentityServer 4 from IdentityServer 4

You need sometimes IdentityServer 4 to interact with other services and to need information from them. And in many cases the same instance of the IdentityServer is the one that authorizes the access to those other services. Wee need to issue an access token to our-self in order to get/post the necessary information.

In my case I needed to create a corresponding object in another service on new user registration. To get the access token needed I have used IdentityServerTooks …

Read more

Setup PlantUML with docker and Visual Studio Code locally

PlantUML is a great … I will call it tool for creating so many different diagrams – Sequence, Usecase, Class, State, Deployment and more. It allow to be used from the internet server, but today I will talk on setting it up locally.

First you need to start the docker container. Here I am assuming you already have Docker installed and running. You can see the docker hub page here. It is up to you if you want to …

Read more

Fix Unable to unprotect the message.State. exception on Identity Server redirect

After fixing the 502 Bad Gateway issue I hit another one.

Here is the exception I have from the logs

HTTP POST /signin-oidc responded 500 in 77.6515 ms

System.Exception: An error was encountered while handling the remote login. —> System.Exception: Unable to unprotect the message.State. — End of inner exception stack trace — at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync() at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Serilog.AspNetCore.RequestLoggingMiddleware.Invoke(HttpContext httpContext) at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task)

As mentioned in the previous post – when I run from Visual …

Read more

Solve identity server signin-oidc 502 Bad Gateway error

It was time to run the Identity Server 4 with the rest of the microservices in the Kubernetes cluster on a dedicated machine. I am running single node cluster, since this is not production, but just one of my pet projects and it is running locally. Still, it is going through one more Nginx (on top of the Kubernetes ingress) used to expose over the internet and create the certificates through Let’s Encrypt.

When I run the Identity Server 4 …

Read more

Nginx Proxy Manager and Let’s Encrypt certificates

hero

In my previous for Nginx and Nginx Proxy Manager (NPM), I wrote on how to install NPM, but didn’t configure any certificates.

Out of the box Nginx Proxy Manager supports Let’s Encrypt SSL auto creation and renewal.

There is one limitation – you can create certificates only for specific domains/subdomains directly. If you want to create wildcard certificate you will need to use DNS Challenge.

What does that mean? You need to use some DNS server that allows API …

Read more