Skip to main content

Posts

Safari (older than 14.1.1) rejects TURN's TLS connections with Let's Encrypt certificates

Summary We could not make a video call successfully on Safari older than 14.1.1. The call kept disconnecting for some seconds. We got the following error in Nginx’s log SSL: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:SSL alert number 48   Root cause The Safari didn’t trust our TLS certificates (certified by Let’s Encrypt) when establishing a TLS connection into our TURN server. It is a known issue that could be found at Bug 219274 - ICE does not resolve for `turns` relay candidates rooted in LetsEncrypt CA . The issue was just recently fixed (end of 2020), therefore old versions of Safari still meet the issues.   Solution In our development environment, we replaced the untrusted certificate with a trusted one. We will warn our customers about this issue in our installation guide. Technical explained WebKit is a browser engine developed by Apple and primarily used in its Safari web browser, as well as all iOS web browsers. The WebRTC of WebKit relied on the upstr
Recent posts

There is no expert, there is only us

Once I was chatting with my teammates... Me : "I wonder why it is always necessary to refer to this source, that source, has anyone done it, is there any research? While no problem is the same, no situation is the same. Why not use our own brains to create a whole new one? Why do we have to be the insiders to consult the outsiders? Isn't that very paradoxical?" My teammate : "I agree with your point that no two situations will be exactly the same and that there is no one size fits all. But there's one like this, I don't think it's all the problems we're dealing with that only we can meet. So of course, if I can find a source to refer to first, it's still better. Just like when implementing a software feature, not every problem is the same. But I still have to go check to see if I'm the only one I've met? Or if someone has met me, I have to see if their method suits me before I decide to try it, but I don't blindly "they do it, I f

Quiz Marker - Chấm điểm AI (Beta) Available Now!

My Fansipanio Team has just launched our first product #QuizMarker, an efficient AI assistant for Vietnamese school teachers to mark their students' quizzes today. Visit Quiz Maker - Chấm điểm AI: Trợ lý chấm thi trắc nghiệm đắc lực của giáo viên for the detail.

Debugging the issue of using NFS shares for PSMDB on OpenShift

I have recently been trying to use PSMDB (Percona Server for MongoDB) as an open-source and free alternative for MongoDB Enterprise Server. I encountered an issue that the pod could not be initialized successfully with Persistent Volumes using NFS shares. I got the logs from the failed pod as follow: ------ ++ id -u ++ id -g + install -o 1000730000 -g 0 -m 0755 -D /ps-entry.sh /data/db/ps-entry.sh install: cannot change ownership of '/data/db/ps-entry.sh': Operation not permitted ---- I would like to share the steps how I used for debugging. The PSMD StatefulSet was deployed onto my OpenShift 3 OKD. Check the container mount info Go to a pod I could see the mount info as below mongod-data → /data/db read-write - mongod-data: Persistent volume claim name - /data/db: container mounted directory Check Persistent volume binding Go to the storage, I could know which persistent volume was bound to the corresponding persistent volume claim. Bound to volume psmdb-mongodb-data-0 Check P

PSMDB - A MongoDB alternative for having Encryption At Rest

Encryption is the most popular tool for securing data both in transit and at rest. - For protecting data in transit, we can configure to use the TLS connection - For protecting data at rest, we can use Percona Server for MongoDB (PSMDB), an open-source alternative for MongoDB Enterprise. License PSMDB Docker images follow the SSPL license. Therefore, it is not a problem when I only have my containers deployed in on-premises environments. Running MongoDB Replication on OpenShift I have successfully installed the replication by following the guide Install Percona Server for MongoDB on OpenShift . In order to make it work properly with my needs, I disabled some features from the default deployment. See the detail in this change Basically, I needed to create a CRD (Custom Resource Definition) to let OpenShift/Kubernetes what PSMDB is. Then, I deployed the Operator pod. Finally, I deployed the PSMDB StatefulSet. I used NFS shares for Persistent Volumes. Create CRD for PSMDB 2 git clone http