Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Cannot connect to HTTPS (443) from a docker image

I installed docker on a new dedicated server (on a generic ubuntu 14.0 - linux kernel 3.13.0-71). I installed an ubuntu docker image to test the environment. ( docker run -it ubuntu bash ) and I installed curl with openssl support.

When I try to get the content of an HTTP page, I have no problem. When I try to load an HTTPS page, my connection is refused:

root@835f01fef568:/# curl https://www.google.com
curl: (7) Failed to connect to www.google.com port 443: Connection refused

in verbose mode I have:

root@835f01fef568:/# curl -V https://www.google.com
curl 7.35.0 (x86_64-pc-linux-gnu) libcurl/7.35.0 OpenSSL/1.0.1f zlib/1.2.8 libidn/1.28 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smtp smtps telnet tftp 
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP 

and if I try to log the trace in a file, I have:

== Info: Rebuilt URL to: https://www.google.com/
== Info: Hostname was NOT found in DNS cache
== Info:   Trying 173.194.123.81...
== Info: connect to 173.194.123.81 port 443 failed: Connection refused
== Info:   Trying 173.194.123.84...
== Info: connect to 173.194.123.84 port 443 failed: Connection refused
== Info:   Trying 173.194.123.80...
== Info: connect to 173.194.123.80 port 443 failed: Connection refused
== Info:   Trying 173.194.123.82...
== Info: connect to 173.194.123.82 port 443 failed: Connection refused
== Info:   Trying 173.194.123.83...
== Info: connect to 173.194.123.83 port 443 failed: Connection refused
== Info:   Trying 2607:f8b0:4006:80c::1013...
== Info: Immediate connect fail for 2607:f8b0:4006:80c::1013: Network is unreachable
== Info: Failed to connect to www.google.com port 443: Connection refused
== Info: Closing connection 0

I am a bit lost on what I can do :( It is not a DNS problem since I can ping server or CURL http content on port 80. It only related to SSL connections. Is there someone here with any idea about this issue?

Thanks

like image 383
user1649194 Avatar asked Oct 18 '22 20:10

user1649194


2 Answers

I found the source of the problem. Here it was related to an iptables issue of the main host

with the command iptables -L -t nat I discovered that there was a pre-routing activated on all https traffic redirected to the port 9092, used by another service.

like image 119
user1649194 Avatar answered Nov 13 '22 00:11

user1649194


I had the same problem. I found that setting the interface of the iptables rule to ‘eth0’ instead of ‘any’ solved the problem.

Here is an example that worked on the host for me:

iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 443 -j DNAT --to-destination 172.17.0.3:8443

Once the interface change to ‘eth0’ wget https://... worked again from within docker.

Hope this helps.

like image 40
Geoff Hayward Avatar answered Nov 13 '22 00:11

Geoff Hayward