All geek questions in one place

Docker container does not connect to https terminals

From inside the docker container I run

# openssl s_client -connect rubygems.org:443 -state -nbio 2>&1 | grep "^SSL" SSL_connect:before/connect initialization SSL_connect:SSLv2/v3 write client hello A SSL_connect:error in SSLv2/v3 read server hello A

What i get

I cannot connect to any https site from the docker container. The container runs on openstack vm. Vm can connect via https.

Any tips?

UPDATE

 root@ce239554761d :/# curl -vv https://google.com * Rebuilt URL to: https://google.com/ * Hostname was NOT found in DNS cache * Trying 216.58.217.46... * Connected to google.com (216.58.217.46) port 443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1):

and then it freezes.

In addition, now I am getting intermittent successes.

Security check:

  • Changing ips dockers doesn't fix the problem

  • Docker containers work on my local machine

  • Docker containers work on other clouds.

  • Docker 1.10.0 does not work in vms

  • Docker 1.9.1 works in vms

+5
source share
1 answer

I was provided with a Docker community solution

The OpenStack network seems to use lower MTU values, and Docker does not output MTU parameters from the network interface card from 1.10 .

To run the docker daemon with custom MTU settings, you can follow this blog post that says:

 $ cp /lib/systemd/system/docker.service /etc/systemd/system/docker.service

Edit the line in the new file so that it looks like this:

 ExecStart=/usr/bin/docker daemon -H fd:// –mtu=1454

MTU 1454 is a value that appears to be common with OpenStack. You can watch it on your host using ifconfig.

Finally restart Docker:

 $ sudo systemctl daemon-reload $ sudo service docker restart
+4
source

Source: https://habr.com/ru/post/1242645/

More articles:


All Articles