Unit testing code using Entity Framework Core

https://docs.microsoft.com/en-us/ef/core/miscellaneous/testing/

I tried to use Moq to mock the DbContext and IQueryable<>, but it seems to be really complicated. It’s also not recommended by Microsoft.

For unit testing, it’s recommended to use a real database, perhaps using an in-memory database or a temporary sqlite database. Whatever the type of database you use, install the required NuGet package.

Clipboard sharing not working in Virtualbox with Ubuntu guest OS

If this happens, make sure clipboard sharing is enabled in the guest settings.

If it still doesn’t work, re-insert the VBox Additions ISO to the guest OS and reinstall VBox Additions, reboot guest OS and try again.

It may work for a while until eventually breaking again if Virtualbox is updated. After upgrading Virtualbox, usually there will be a new version of VBox Additions.

Bad Gateway and request header too long errors in nginx reverse proxy server

When the response header is too large, nginx will reject it and return 502 Bad Gateway, this is because the default proxy buffer size is not large enough.

If you inspect the error.log file under /var/nginx, you will find this error

upstream sent too big header while reading response header from upstream

Change the following settings under location to fix this issue by making the buffers larger

proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;

After fixing this, if you encounter error: Request header or cookie too long. You can fix it by setting the buffer size for client header under server configuration context.

large_client_header_buffers 4 24k

Create a self signed root CA certificate that works in Chrome in Ubuntu using openssl

This was really a lot of work as I’m not familiar with SSL and openssl. Took me a few days digging the net and trying many things to eventually make this work.

I was trying to make a Ubuntu client to trust a Windows webserver.

A few things I learned

  • If your certificate only have Common name, but your Subject Alternative Name is not in the cert, Chrome will complain with error ERR_COMMON_NAME_INVALID
    • Which is inaccurate and misleading.
    • Apparently, Common Name has been technically obsolete for 2 decades(!) and now the domain name must be put in SAN, which requires using openssl extension.
  • Using New-SelfSignedCertificateEx from Microsoft to generate the cert in Windows, the cert will not be trusted in Ubuntu, for some unknown reason. However if you install the cert in a Windows client and browse the website, it works.
  • For some application, you need to have a Friendly Name in the cert.

Steps to do it

Instructions are from the below link

https://www.ibm.com/support/knowledgecenter/SSZQDR/com.ibm.rba.doc/LD_rootkeyandcert.html

Generate the private key of the root CA:

openssl genrsa -out rootCAKey.pem 2048

Generate the self-signed root CA certificate, with SAN, you need openssl 1.1.1

openssl req -x509 -sha256 -new -nodes -key rootCAKey.pem -days 3650 -out rootCACert.crt -addext “subjectAltName = DNS:<Your domain name>”

Refer to this stackoverflow question on how to add SAN: https://security.stackexchange.com/questions/74345/provide-subjectaltname-to-openssl-directly-on-the-command-line

Create a pfx file to install in Windows web server.

openssl pkcs12 -export -out rootCACert.pfx -inkey rootCAKey.pem -in rootCACert.crt -name “<Your domain name>”

Afterwards, import the pfx file to the certificate store of the Windows Server using Microsoft Management Console and configure your webserver to use this certificate.

For Ubuntu Client, install to ca-certificates

sudo cp rootCACert.crt /usr/local/share/ca-certificates

sudo update-ca-certificates

Test using cURL, you may need to configure DNS or hosts file

curl https://<Your domain name>

Chrome and Firefox use their own certificate stores, so you need to add the certificates through their settings GUI. cURL will still work if cert doesn’t have SAN, but Chrome will complain as mentioned above.