Docker Community Forums

Share and learn in the Docker community.

Cannot connect to HTTPS (443) from a docker image


(Nantoniazzi) #1

Hi,

I installed docker on a new dedicated server (on a generic ubuntu 14.0 - linux kernel 3.13.0-71).
I installed an ubuntu docker image to test the environment. ( docker run -it ubuntu bash ) and I installed curl with openssl support.

When I try to get the content of an HTTP page, I have no problem. When I try to load an HTTPS page, my connection is refused:

root@835f01fef568:/# curl https://www.google.com
curl: (7) Failed to connect to www.google.com port 443: Connection refused

in verbose mode I have:

root@835f01fef568:/# curl -V https://www.google.com
curl 7.35.0 (x86_64-pc-linux-gnu) libcurl/7.35.0 OpenSSL/1.0.1f zlib/1.2.8 libidn/1.28 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smtp smtps telnet tftp 
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP 

and if I try to log the trace in a file, I have:

== Info: Rebuilt URL to: https://www.google.com/
== Info: Hostname was NOT found in DNS cache
== Info:   Trying 173.194.123.81...
== Info: connect to 173.194.123.81 port 443 failed: Connection refused
== Info:   Trying 173.194.123.84...
== Info: connect to 173.194.123.84 port 443 failed: Connection refused
== Info:   Trying 173.194.123.80...
== Info: connect to 173.194.123.80 port 443 failed: Connection refused
== Info:   Trying 173.194.123.82...
== Info: connect to 173.194.123.82 port 443 failed: Connection refused
== Info:   Trying 173.194.123.83...
== Info: connect to 173.194.123.83 port 443 failed: Connection refused
== Info:   Trying 2607:f8b0:4006:80c::1013...
== Info: Immediate connect fail for 2607:f8b0:4006:80c::1013: Network is unreachable
== Info: Failed to connect to www.google.com port 443: Connection refused
== Info: Closing connection 0

I am a bit lost on what I can do :frowning:
It is not a DNS problem since I can ping server or CURL http content on port 80. It only related to SSL connections.
Is there someone here with any idea about this issue?

Thanks


(Nantoniazzi) #2

I found the source of the problem. Here it was related to an iptables issue of the main host

with the command iptables -L -t nat I discovered that there was a pre-routing activated on all https traffic redirected to the port 9092, used by another service.


(Rupyr19) #3

Hi,
I’m trying to install docker on ubuntu 18.04. When i’m running the “curl” command to add key, i’m getting error “curl: (7) Failed to connect to download.docker.com port 443: Connection timed out
gpg: no valid OpenPGP data found.”

and when i run “iptables -L -t nat” i got :-

Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DOCKER all – anywhere anywhere ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DOCKER all – anywhere !localhost/8 ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all – 172.17.0.0/16 anywhere

Chain DOCKER (2 references)
target prot opt source destination
RETURN all – anywhere anywhere

I don’t know what to do next. Please help me with this. The same problem occur with me whenever i try to connect HTTPS, my connection refused. Please help!


(Geoffhayward) #4

I found that setting the interface to ‘eth0’ over ‘any’ solved the problem.

Here is an example that worked on the host for me:

iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 443 -j DNAT --to-destination 172.17.0.3:8443

Once the interface change to ‘eth0’ wget https://google.com worked again from within docker.

Hope this helps someone.