Docker Community Forums

Share and learn in the Docker community.

Self-signed cert error only in Docker container

Running on Ubuntu 18.04, I have a project that is using self-signed TLS certs. After creating the certs, I’ve added them to my computer’s trust store, which works without any issues. I’ve configured /etc/hosts to map a domain name to 127.0.0.102, and then using iptables as a proxy to redirect traffic from 127.0.0.102 to 127.0.0.1:4002. This is so I can have docker-compose expose several ports at once.

If I run my program outside of Docker, it will start up on port 4002 and will work without any issues. TLS in the browser is a lock and no cert issues at all.

If I run it from within a Docker container, however, it stops working. Every browser returns a different TLS error. In Firefox I get PR_END_OF_FILE_ERROR, in Chrome, I get ERR_CONNECTION_CLOSED or ERR_CONNECTION_CLOSED randomly, in curl I get SSL_ERROR_SYSCALL.

I’m configuring iptables with this command:

sudo iptables -t nat -A OUTPUT -p tcp --dport 443 -d 127.0.0.102 -j DNAT --to-destination 127.0.0.1:4002.

I’m totally at a loss. Did I misconfigure iptables or something?

Does anyone know what could be going on? I’m guessing since TLS itself does work when outside of Docker, it has something to do with either Docker or iptables…

Any help would be greatly appreciated.