Reputation: 1936
Access a docker container on a non standard SSL port
I'm new to docker and an using v1.8.1 on Ubtuntu 14.04.
I've got Apache setup as a virtual host serving a webite on http://www.domain.com and would like to server PEPS on https://email.domain.com
Note: PEPS only runs on a SSL connection.
I disabled letting apache listen on port 443, as PEPS was complaining that the port is in use.
apache port.conf :
Listen 80
#<IfModule ssl_module>
# Listen 443
#</IfModule>
#<IfModule mod_gnutls.c>
# Listen 443
#</IfModule>
I setup a virtual host for port 80 to point to the website directory. At this point, I am able to access the website at http://www.domain.com and the PEPS container at https://www.domain.com I can even fetch the PEPS login page via the curl command.
curl -vk https://localhost:443
In order to serve PEPS on https://mail.domain.com, I'll first need to run PEPS on another port (9091) and then create a reverse proxy for mail.domain.com:443 to point to localhost:9091.
I change the port PEPS runs on in the makefile and rebuilt/restarted the container. Verified that PEPS was running on 9091 by running
netstat -tapen | grep ":9091 "
Running the curl command, I see the following error.
croydon@vps138520:~/PEPS$ curl -vk https://localhost:9091
* Rebuilt URL to: https://localhost:9091/
* Hostname was NOT found in DNS cache
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 9091 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to localhost:9091
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to localhost:9091
Any thoughts as to why this might be? Accessing a container from a non standard SSL port results in an error.
croydon@vps138520:~/PEPS$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
238dd721273e smtpin "/sbin/my_init" 32 minutes ago Up 32 minutes 0.0.0.0:25->25/tcp, 0.0.0.0:587->587/tcp peps_smtpin
603a5dc16a8e peps "/sbin/my_init" 32 minutes ago Up 32 minutes 443/tcp, 0.0.0.0:9091->9091/tcp, 8999/tcp peps_server
4573ee08c153 smtpout "/sbin/my_init" 32 minutes ago Up 32 minutes 25/tcp, 0.0.0.0:465->465/tcp peps_smtpout
028f4b0cb61e solr "/bin/bash -c 'cd /op" 32 minutes ago Up 32 minutes 8983/tcp peps_solr
452c6a557f65 mongod "/usr/bin/mongod --po" 32 minutes ago Up 32 minutes 27017/tcp peps_mongod
croydon@vps138520:~$ openssl s_client -connect localhost:9091
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 295 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
croydon@vps138520:~$ openssl s_client -connect localhost:9091 -ssl3
CONNECTED(00000003)
140545670362784:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:598:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : SSLv3
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1440181543
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
Upvotes: 2
Views: 2449
Answers (1)
Reputation: 1936
The issue was with the SSL certificate. When I was hosting the container on the public 443 port, the certificate had the domain name of: domain.com.
However, when hosting it on port 9091, I had to create a new certificate with the domain name of: localhost
Upvotes: 1
Related Questions
- curl certificate fail in docker container
- Cannot reach SSL IP when in docker container over bridge. Getting SSL_ERROR_SYSCALL
- connecting to docker with curl
- Why is it not possible to connect to my container from outside
- Docker container can't curl, SSL wrong version number
- Using SSL with docker containers
- HTTPS request from Docker container to LAN IP fails, but curl works
- SSL: how to get access to HTTPS in docker container
- Connecting to Docker API with curl
- Nginx SSL inside a docker container