Skip to content

Instantly share code, notes, and snippets.

@fititnt

fititnt/0-curl-for-https-does-not-work-on-a-docker-container.sh

Created February 24, 2018 07:04
Show Gist options
  • Save fititnt/db2e78a43ff280117d0b6f08deff92cf to your computer and use it in GitHub Desktop.
Save fititnt/db2e78a43ff280117d0b6f08deff92cf to your computer and use it in GitHub Desktop.
Download ZIP
curl for https websites does not work on docker containers debug info
Raw
0-curl-for-https-does-not-work-on-a-docker-container.sh
# A container does not work using https
rocketchat@a119923c6d95:/app/bundle$ curl -vv https://google.com
* Rebuilt URL to: https://google.com/
* Hostname was NOT found in DNS cache
* Trying 158.69.212.215...
* connect to 158.69.212.215 port 1080 failed: Connection refused
* Failed to connect to rocketchat.teste.chatops.win port 1080: Connection refused
* Closing connection 0
curl: (7) Failed to connect to rocketchat.teste.chatops.win port 1080: Connection refused
rocketchat@a119923c6d95:/app/bundle$
# HTTP works fine
rocketchat@a119923c6d95:/app/bundle$ curl -vv http://google.com
* Rebuilt URL to: http://google.com/
* Hostname was NOT found in DNS cache
* Trying 172.217.13.238...
* Connected to google.com (172.217.13.238) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.38.0
> Host: google.com
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Location: http://www.google.com/
< Content-Type: text/html; charset=UTF-8
< Date: Sat, 24 Feb 2018 06:56:56 GMT
< Expires: Mon, 26 Mar 2018 06:56:56 GMT
< Cache-Control: public, max-age=2592000
* Server gws is not blacklisted
< Server: gws
< Content-Length: 219
< X-XSS-Protection: 1; mode=block
< X-Frame-Options: SAMEORIGIN
<
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>
* Connection #0 to host google.com left intact
Raw
1-tcpdump-for-curl-trying-to-access-https-on-host.sh
root@gaia:~# tcpdump -vv -i any port 1080
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
01:15:35.574854 IP (tos 0x0, ttl 64, id 61222, offset 0, flags [DF], proto TCP (6), length 60)
172.20.0.2.36600 > vps168887.vps.ovh.ca.socks: Flags [S], cksum 0x1f62 (incorrect -> 0x933d), seq 2165275147, win 29200, options [mss 1460,sackOK,TS val 431405 ecr 0,nop,wscale 7], length 0
01:15:35.574908 IP (tos 0x0, ttl 64, id 61222, offset 0, flags [DF], proto TCP (6), length 60)
172.20.0.2.36600 > vps168887.vps.ovh.ca.socks: Flags [S], cksum 0x1f62 (incorrect -> 0x933d), seq 2165275147, win 29200, options [mss 1460,sackOK,TS val 431405 ecr 0,nop,wscale 7], length 0
01:15:35.574978 IP (tos 0x0, ttl 64, id 12896, offset 0, flags [DF], proto TCP (6), length 40)
vps168887.vps.ovh.ca.socks > 172.20.0.2.36600: Flags [R.], cksum 0x0251 (correct), seq 0, ack 2165275148, win 0, length 0
01:15:35.574986 IP (tos 0x0, ttl 64, id 12896, offset 0, flags [DF], proto TCP (6), length 40)
vps168887.vps.ovh.ca.socks > 172.20.0.2.36600: Flags [R.], cksum 0x0251 (correct), seq 0, ack 1, win 0, length 0
Raw
2-extra-info.sh
root@gaia:~# cat /etc/*release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04.4 LTS"
NAME="Ubuntu"
VERSION="16.04.4 LTS (Xenial Xerus)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 16.04.4 LTS"
VERSION_ID="16.04"
HOME_URL="http://www.ubuntu.com/"
SUPPORT_URL="http://help.ubuntu.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
VERSION_CODENAME=xenial
UBUNTU_CODENAME=xenial
root@gaia:~# iptables -L -tnat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DOCKER all -- anywhere anywhere ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DOCKER all -- anywhere !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 172.17.0.0/16 anywhere
MASQUERADE all -- 172.19.0.0/16 anywhere
MASQUERADE all -- 172.23.0.0/16 anywhere
MASQUERADE all -- 172.21.0.0/16 anywhere
MASQUERADE all -- 172.18.0.0/16 anywhere
MASQUERADE all -- 172.22.0.0/16 anywhere
MASQUERADE all -- 172.25.0.0/16 anywhere
MASQUERADE all -- 172.20.0.0/16 anywhere
MASQUERADE all -- 172.24.0.0/16 anywhere
MASQUERADE tcp -- 172.23.0.2 172.23.0.2 tcp dpt:http-alt
MASQUERADE tcp -- 172.23.0.2 172.23.0.2 tcp dpt:https
MASQUERADE tcp -- 172.19.0.2 172.19.0.2 tcp dpt:http
MASQUERADE tcp -- 172.23.0.2 172.23.0.2 tcp dpt:http
Chain DOCKER (2 references)
target prot opt source destination
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.23.0.2:8080
DNAT tcp -- anywhere anywhere tcp dpt:https to:172.23.0.2:443
DNAT tcp -- anywhere anywhere tcp dpt:8100 to:172.19.0.2:80
DNAT tcp -- anywhere anywhere tcp dpt:http to:172.23.0.2:80
root@gaia:~# docker version
Client:
Version: 17.05.0-ce
API version: 1.29
Go version: go1.7.5
Git commit: 89658be
Built: Thu May 4 22:10:54 2017
OS/Arch: linux/amd64
Server:
Version: 17.05.0-ce
API version: 1.29 (minimum version 1.12)
Go version: go1.7.5
Git commit: 89658be
Built: Thu May 4 22:10:54 2017
OS/Arch: linux/amd64
Experimental: false
root@gaia:~# docker inspect testerocketchat_rocketchat_1
[
{
"Id": "a119923c6d95013171169dfa04983b1bab1c6e2956595742d45752938d66ff01",
"Created": "2018-02-24T05:41:22.890070025Z",
"Path": "node",
"Args": [
"main.js"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 3382,
"ExitCode": 0,
"Error": "",
"StartedAt": "2018-02-24T05:42:02.507335937Z",
"FinishedAt": "2018-02-24T05:41:45.041675974Z"
},
"Image": "sha256:2b61cd454b4e212b5b510402c6f9cc01ab57c1c82793e928e994cba3aa24ef27",
"ResolvConfPath": "/var/lib/docker/containers/a119923c6d95013171169dfa04983b1bab1c6e2956595742d45752938d66ff01/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/a119923c6d95013171169dfa04983b1bab1c6e2956595742d45752938d66ff01/hostname",
"HostsPath": "/var/lib/docker/containers/a119923c6d95013171169dfa04983b1bab1c6e2956595742d45752938d66ff01/hosts",
"LogPath": "/var/lib/docker/containers/a119923c6d95013171169dfa04983b1bab1c6e2956595742d45752938d66ff01/a119923c6d95013171169dfa04983b1bab1c6e2956595742d45752938d66ff01-json.log",
"Name": "/testerocketchat_rocketchat_1",
"RestartCount": 0,
"Driver": "aufs",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "docker-default",
"ExecIDs": [
"d63fe8562a3f2e637d587b86eb2e3962eae06b1a821c6d3c33311a9d273f7c6b"
],
"HostConfig": {
"Binds": [
"/home/gaia/containers/teste-rocketchat/uploads:/app/uploads:rw"
],
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {
"max-file": "3",
"max-size": "10m"
}
},
"NetworkMode": "traefik_frontend",
"PortBindings": {},
"RestartPolicy": {
"Name": "unless-stopped",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": [],
"CapAdd": null,
"CapDrop": null,
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": null,
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": null,
"DeviceCgroupRules": null,
"DiskQuota": 0,
"KernelMemory": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": -1,
"OomKillDisable": false,
"PidsLimit": 0,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0
},
"GraphDriver": {
"Data": null,
"Name": "aufs"
},
"Mounts": [
{
"Type": "bind",
"Source": "/home/gaia/containers/teste-rocketchat/uploads",
"Destination": "/app/uploads",
"Mode": "rw",
"RW": true,
"Propagation": ""
}
],
"Config": {
"Hostname": "a119923c6d95",
"Domainname": "",
"User": "rocketchat",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"3000/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"HTTPS_PROXY=https://rocketchat.teste.chatops.win",
"ROOT_URL=https://rocketchat.teste.chatops.win",
"HTTP_PROXY=http://rocketchat.teste.chatops.win",
"MONGO_OPLOG_URL=mongodb://mongo:27017/local",
"MAIL_URL=smtp://smtp.email",
"MONGO_URL=mongodb://mongo:27017/rocketchat",
"PORT=3000",
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"NODE_VERSION=8.9.4",
"YARN_VERSION=1.3.2",
"RC_VERSION=0.60.4",
"DEPLOY_METHOD=docker-official",
"HOME=/tmp",
"Accounts_AvatarStorePath=/app/uploads"
],
"Cmd": [
"node",
"main.js"
],
"ArgsEscaped": true,
"Image": "rocket.chat:latest",
"Volumes": {
"/app/uploads": {}
},
"WorkingDir": "/app/bundle",
"Entrypoint": null,
"OnBuild": null,
"Labels": {
"com.docker.compose.config-hash": "7a7f3aba6c1d706d4777055b2255e6e25b197c714db4ebc905386bca644142b2",
"com.docker.compose.container-number": "1",
"com.docker.compose.oneoff": "False",
"com.docker.compose.project": "testerocketchat",
"com.docker.compose.service": "rocketchat",
"com.docker.compose.version": "1.18.0",
"traefik.backend": "teste-rocketchat",
"traefik.frontend.rule": "Host: rocketchat.teste.chatops.win",
"traefik.port": "3000"
}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "82f4ed228dd771451d41f6ea5e6a604c2b4d1b8e8b009a8309166d7ffa6f3a19",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {
"3000/tcp": null
},
"SandboxKey": "/var/run/docker/netns/82f4ed228dd7",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "",
"Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"MacAddress": "",
"Networks": {
"testerocketchat_default": {
"IPAMConfig": null,
"Links": null,
"Aliases": [
"rocketchat",
"a119923c6d95"
],
"NetworkID": "850145f284907563a730035f0e188b7bb98722075ecd32513e8bfced383e98c5",
"EndpointID": "d8b83d2dfb5d4c7d894a6a23e63e92ef8b4a7a7984d5446dfdf0adb4bc8214fe",
"Gateway": "172.20.0.1",
"IPAddress": "172.20.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:14:00:02"
},
"traefik_frontend": {
"IPAMConfig": null,
"Links": null,
"Aliases": [
"rocketchat",
"a119923c6d95"
],
"NetworkID": "112c8dce49e1a01687c45ee7b7d3b755ae64079c171939d78490a00b60aeb7ea",
"EndpointID": "bfd9d0cee29ea3f8bf1f0a8e60427f14bfce046df7fb4603663d7e9b8fbbad73",
"Gateway": "172.21.0.1",
"IPAddress": "172.21.0.4",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:15:00:04"
}
}
}
}
]
root@gaia:~#
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment