I'm trying to connect to an HTTPS session created in Go from a Docker container, it works fine when I run it on my local, but as soon as I try to run it in the container I can't access to the URL.
func main() {
// I'm using Go-Chi V5
r := chi.NewRouter()
// TLS connection. Inspired from https://blog.cloudflare.com/exposing-go-on-the-internet
tlsConfig := &tls.Config{
PreferServerCipherSuites: true,
CurvePreferences: []tls.CurveID{
tls.CurveP256,
tls.X25519,
},
MinVersion: tls.VersionTLS12,
CipherSuites: []uint16{
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
},
}
srv := &http.Server{
Addr: "localhost:9090",
ReadTimeout: 5 * time.Second,
WriteTimeout: 20 * time.Second,
IdleTimeout: 200 * time.Second,
TLSConfig: tlsConfig,
Handler: r,
}
r.Get("/", func(w http.ResponseWriter, r *http.Request) {
w.Write([]byte("hello world"))
})
err := srv.ListenAndServeTLS("./.dev/localhost.crt", "./.dev/localhost.key")
if err != nil {
log.Fatalf("server failed to start: %v", err)
}
}
My Dockerfile:
FROM golang:1.17-buster AS build
WORKDIR /app
COPY go.mod .
COPY go.sum .
RUN go mod download
COPY ./.dev/localhost.key .
COPY ./.dev/localhost.crt .
COPY . .
RUN go build -o /dev-admin ./cmd/admin
##
## Deploy
##
FROM gcr.io/distroless/base-debian10
WORKDIR /
COPY --from=build /dev-admin /dev-admin
COPY --from=build ./app/localhost.key ./.dev/localhost.key
COPY --from=build ./app/localhost.crt ./.dev/localhost.crt
EXPOSE 9090
EXPOSE 443
ENTRYPOINT ["/dev-admin"]
docker-compose.yml:
version: '3.9'
services:
web:
image: api_test
build: .
ports:
- '9090:9090'
volumes:
- .:/app
$ curl https://localhost:9090
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:9090
The container works fine when I try the normal HTTP version, so there is a blockage on the HTTPS only and I can't figure out what it is.
CodePudding user response:
You are specifying the address to listen on in your Server
definition:
srv := &http.Server{
Addr: "localhost:9090",
...
change this to:
srv := &http.Server{
Addr: ":9090",
...
The reason that this change is needed is that the address "specifies the TCP address for the server to listen on". When you specify localhost:9090
you are binding to the loopback interface within the container and, in most cases, this is not accessible externally (see this question for more info).
CodePudding user response:
The problem seems to be in your docker-compose.yaml. You only forward port 9090. though SSL needs 443.
Like this, it should work:
version: '3.9'
services:
web:
image: api_test
build: .
ports:
- '9090:9090'
- '443:443'
volumes:
- .:/app