Running on Ubuntu 18.04, I have a project that is using self-signed TLS certs. After creating the certs, I’ve added them to my computer’s trust store, which works without any issues. I’ve configured /etc/hosts to map a domain name to 127.0.0.102, and then using iptables as a proxy to redirect traffic from 127.0.0.102 to 127.0.0.1:4002. This is so I can have docker-compose expose several ports at once.

If I run my program outside of Docker, it will start up on port 4002 and will work without any issues. TLS in the browser is a lock and no cert issues at all.

If I run it from within a Docker container, however, it stops working. Every browser returns a different TLS error. In Firefox I get PR_END_OF_FILE_ERROR, in Chrome, I get ERR_CONNECTION_CLOSED or ERR_CONNECTION_CLOSED randomly, in curl I get SSL_ERROR_SYSCALL.

I’m configuring iptables with this command:

sudo iptables -t nat -A OUTPUT -p tcp --dport 443 -d 127.0.0.102 -j DNAT --to-destination 127.0.0.1:4002.

I’m totally at a loss. Did I misconfigure iptables or something?

Does anyone know what could be going on? I’m guessing since TLS itself does work when outside of Docker, it has something to do with either Docker or iptables…

Any help would be greatly appreciated.

Did you solve this by any chance?

You don’t want the approach of aico0maik2eiz8nahxoo, it is unneccary complicated.

Just add you certificates to you https enabled application OR introduce a reverse proxy container that uses the custom certificate to terminate TLS and forward http to the target container.

While approach is always the same, the way it needs to be configured will vary depding on the target application.