Cannot connect to HTTPS (443) from a docker image

Question

I installed docker on a new dedicated server (on a generic ubuntu 14.0 - linux kernel 3.13.0-71). I installed an ubuntu docker image to test the environment. ( docker run -it ubuntu bash ) and I installed curl with openssl support.

When I try to get the content of an HTTP page, I have no problem. When I try to load an HTTPS page, my connection is refused:

root@835f01fef568:/# curl https://www.google.com
curl: (7) Failed to connect to www.google.com port 443: Connection refused

in verbose mode I have:

root@835f01fef568:/# curl -V https://www.google.com
curl 7.35.0 (x86_64-pc-linux-gnu) libcurl/7.35.0 OpenSSL/1.0.1f zlib/1.2.8 libidn/1.28 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smtp smtps telnet tftp 
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP 

and if I try to log the trace in a file, I have:

== Info: Rebuilt URL to: https://www.google.com/
== Info: Hostname was NOT found in DNS cache
== Info:   Trying 173.194.123.81...
== Info: connect to 173.194.123.81 port 443 failed: Connection refused
== Info:   Trying 173.194.123.84...
== Info: connect to 173.194.123.84 port 443 failed: Connection refused
== Info:   Trying 173.194.123.80...
== Info: connect to 173.194.123.80 port 443 failed: Connection refused
== Info:   Trying 173.194.123.82...
== Info: connect to 173.194.123.82 port 443 failed: Connection refused
== Info:   Trying 173.194.123.83...
== Info: connect to 173.194.123.83 port 443 failed: Connection refused
== Info:   Trying 2607:f8b0:4006:80c::1013...
== Info: Immediate connect fail for 2607:f8b0:4006:80c::1013: Network is unreachable
== Info: Failed to connect to www.google.com port 443: Connection refused
== Info: Closing connection 0

I am a bit lost on what I can do :( It is not a DNS problem since I can ping server or CURL http content on port 80. It only related to SSL connections. Is there someone here with any idea about this issue?

Thanks

Answer 1

I found the source of the problem. Here it was related to an iptables issue of the main host

with the command iptables -L -t nat I discovered that there was a pre-routing activated on all https traffic redirected to the port 9092, used by another service.

Answer 2

I had the same problem. I found that setting the interface of the iptables rule to ‘eth0’ instead of ‘any’ solved the problem.

Here is an example that worked on the host for me:

iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 443 -j DNAT --to-destination 172.17.0.3:8443

Once the interface change to ‘eth0’ wget https://... worked again from within docker.

Hope this helps.