Docker container can't curl, SSL wrong version number
I've edited my question to contain more info about my original problem, oddly the problem still persists in the toy image. So, if someone ever has this problem again this is what solved for me.
The multi stage Dockerfile. It seems both stages need to have access of the proxy envs.
# This image only builds the go binaries
FROM golang:1.10-alpine as goalpine-image
ARG http_proxy
ARG https_proxy
ENV HTTP_PROXY $http_proxy
ENV HTTPS_PROXY $https_proxy
# Build envs
ENV FULL_PATH /go/src/<project-name>
WORKDIR $FULL_PATH
# Add the source code:
ADD . $FULL_PATH
# Build it:
RUN cd $FULL_PATH \
&& apk update \
&& apk add --no-cache curl \
&& CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o bin/<project-name>
# This image holds the binaries from the previous
FROM alpine:3.7
ENV HTTP_PROXY $http_proxy
ENV HTTPS_PROXY $https_proxy
RUN apk update \
&& apk add --no-cache bash curl\
&& mkdir build
ENV WORD_DIR=/build
WORKDIR WORK_DIR
COPY --from=goalpine-image /go/src/<project-name>/bin ./
CMD ["./<project-name>"]
Building:
Make sure to set
http_proxy
andhttps_proxy
as environment variables, mine are in/etc/profile
.
docker build --rm --build-arg http_proxy=$http_proxy --build-arg https_proxy=$https_proxy --network host -t <project-name>:multi-stage .
Running:
docker container run --rm --network host <project-name>:multi-stage
Comments
-
Aristu almost 2 years
I'm developing behind a company proxy, using Linux Mint Sylvia (Docker was installed via the Ubuntu 16.04.3 Xenial source).
$ docker -v Docker version 17.12.1-ce, build 7390fc6
I've followed these steps to actually download some images via docker pull.
My http-proxy.conf:
$ cat /etc/systemd/system/docker.service.d/http-proxy.conf [Service] Environment="HTTP_PROXY=http://my_user:my_pass@company_proxy:3128/" Environment="HTTPS_PROXY=https://my_user:my_pass@company_proxy:3128/" Environment="NO_PROXY=localhost,127.0.0.0/8"
My
/etc/default/docker
:# If you need Docker to use an HTTP proxy, it can also be specified here. #export http_proxy="http://127.0.0.1:3128/" export http_proxy="http://my_user:my_pass@company_proxy:3128" export https_proxy="https://my_user:my_pass@company_proxy:3128" export HTTP_PROXY="http://my_user:my_pass@company_proxy:3128" export HTTPS_PROXY="https://my_user:my_pass@company_proxy:3128"
I need to run
curl
inside a multistage Alpine container, for simplicity purposes I've build this simple image that is similar to what I'm trying to accomplish and has the same error.FROM alpine:3.7 ENV HTTP_PROXY http://my_user:my_pass@company_proxy:3128 ENV HTTPS_PROXY https://my_user:my_pass@company_proxy:3128 RUN apk add --no-cache curl CMD ["curl","-v","--tlsv1","https://www.docker.io/"]
Built with
$ docker build --network host --rm -t test/alpine:curl .
Running without
--network host
.$ docker run --rm test/alpine:curl % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Could not resolve proxy: company_proxy * Closing connection 0 curl: (5) Could not resolve proxy: company_proxy
Running with
--network host
.$ docker run --network host --rm test/alpine:curl % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 10.2.255.0... * TCP_NODELAY set * Connected to company_proxy (10.2.255.0) port 3128 (#0) * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: none * TLSv1.2 (OUT), TLS handshake, Client hello (1): } [233 bytes data] * error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 * Closing connection 0 curl: (35) error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number
I'm a beginner with Docker and have tested this image in 2 wifi networks (both without proxy), the containers runned fine. Any hints on what might be causing this SSL error?
Edit: This is my original problem, I have a multi-stage docker image that runs go code to curl something from firebase.
// main.go package main import ( "os/exec" "os" "log" ) func main() { c := exec.Command("curl","--tlsv1","-kv","-X","PATCH","-d",`{"something" : "something"}`, `https://<firebase-link>`); c.Stdout = os.Stdout c.Stderr = os.Stderr err := c.Run() checkerr(err) } func checkerr(err error) { if err != nil{ log.Fatal(err.Error()) panic(err) } }
The original Dockerfile:
# This image only builds the go binaries FROM golang:1.10-alpine as goalpine-image ENV HTTP_PROXY http://my_user:my_pass@company_proxy:3128 ENV HTTPS_PROXY https://my_user:my_pass@company_proxy:3128 ENV FULL_PATH /go/src/<project-name> WORKDIR $FULL_PATH # Add the source code: ADD . $FULL_PATH # Build it: RUN cd $FULL_PATH \ && CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o bin/<project-name> # This image holds the binaries from the previous FROM alpine RUN apk add --no-cache bash curl\ && mkdir build ENV WORD_DIR=/build WORKDIR WORK_DIR COPY --from=goalpine-image /go/src/<project-name>/bin ./ CMD ["./<project-name>"]
-
Aleh over 5 yearsBefore the first stage you declare
ENV HTTPS_PROXY $https_proxy
but before second stage it isENV HTTPS_PROXY $http_proxy
. I had a similar issue with proxy supporting HTTPS connections at exactly the same URL as HTTP (i.e.http://
scheme for both HTTP and HTTPS). -
Aristu over 5 yearsThanks @Aleh, it's a typo! :)