Cannot connect to HTTPS (443) from a docker image

Hi,

I installed docker on a new dedicated server (on a generic ubuntu 14.0 - linux kernel 3.13.0-71).
I installed an ubuntu docker image to test the environment. ( docker run -it ubuntu bash ) and I installed curl with openssl support.

When I try to get the content of an HTTP page, I have no problem. When I try to load an HTTPS page, my connection is refused:

root@835f01fef568:/# curl https://www.google.com
curl: (7) Failed to connect to www.google.com port 443: Connection refused

in verbose mode I have:

root@835f01fef568:/# curl -V https://www.google.com
curl 7.35.0 (x86_64-pc-linux-gnu) libcurl/7.35.0 OpenSSL/1.0.1f zlib/1.2.8 libidn/1.28 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smtp smtps telnet tftp 
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP 

and if I try to log the trace in a file, I have:

== Info: Rebuilt URL to: https://www.google.com/
== Info: Hostname was NOT found in DNS cache
== Info:   Trying 173.194.123.81...
== Info: connect to 173.194.123.81 port 443 failed: Connection refused
== Info:   Trying 173.194.123.84...
== Info: connect to 173.194.123.84 port 443 failed: Connection refused
== Info:   Trying 173.194.123.80...
== Info: connect to 173.194.123.80 port 443 failed: Connection refused
== Info:   Trying 173.194.123.82...
== Info: connect to 173.194.123.82 port 443 failed: Connection refused
== Info:   Trying 173.194.123.83...
== Info: connect to 173.194.123.83 port 443 failed: Connection refused
== Info:   Trying 2607:f8b0:4006:80c::1013...
== Info: Immediate connect fail for 2607:f8b0:4006:80c::1013: Network is unreachable
== Info: Failed to connect to www.google.com port 443: Connection refused
== Info: Closing connection 0

I am a bit lost on what I can do :frowning:
It is not a DNS problem since I can ping server or CURL http content on port 80. It only related to SSL connections.
Is there someone here with any idea about this issue?

Thanks

I found the source of the problem. Here it was related to an iptables issue of the main host

with the command iptables -L -t nat I discovered that there was a pre-routing activated on all https traffic redirected to the port 9092, used by another service.

Hi,
I’m trying to install docker on ubuntu 18.04. When i’m running the “curl” command to add key, i’m getting error “curl: (7) Failed to connect to download.docker.com port 443: Connection timed out
gpg: no valid OpenPGP data found.”

and when i run “iptables -L -t nat” i got :-

Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DOCKER all – anywhere anywhere ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DOCKER all – anywhere !localhost/8 ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all – 172.17.0.0/16 anywhere

Chain DOCKER (2 references)
target prot opt source destination
RETURN all – anywhere anywhere

I don’t know what to do next. Please help me with this. The same problem occur with me whenever i try to connect HTTPS, my connection refused. Please help!

I found that setting the interface to ‘eth0’ over ‘any’ solved the problem.

Here is an example that worked on the host for me:

iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 443 -j DNAT --to-destination 172.17.0.3:8443

Once the interface change to ‘eth0’ wget https://google.com worked again from within docker.

Hope this helps someone.

I had same problem on container can’t access https service in my vm ex: https://google.com.

I found the different source of problem is docker0 mtu (docker0 is network interface) problem.

so follow the docker document to change your docker interface mtu like or small than your device interface mtu. it’s work for me