Я не могу подключиться к nginx, запущенному в моем контейнере на 443 с моего хоста. Итак, для отладки я настроил простой Python веб-сервер, который обслуживает по SSL.
Это работает внутри контейнера. Например, вот сценарий:
from http.server import HTTPServer, BaseHTTPRequestHandler
import ssl
class SimpleHTTPRequestHandler(BaseHTTPRequestHandler):
def do_GET(self):
self.send_response(200)
self.end_headers()
self.wfile.write(b'Hello, world!')
httpd = HTTPServer(('localhost', 443), SimpleHTTPRequestHandler)
httpd.socket = ssl.wrap_socket (httpd.socket,
keyfile="/etc/nginx/certs/privkey.pem",
certfile='/etc/nginx/certs/cert.pem', server_side=True)
httpd.serve_forever()
Затем:
python3 https.py
и из другой оболочки в контейнер я получаю:
curl -k https://localhost:443
Hello, world!
Вывод журнала сервера:
127.0.0.1 - - [17/Feb/2020 15:11:21] "GET / HTTP/1.1" 200 -
С хоста:
docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1849160a43bc w1 "nginx -g 'daemon of…" 40 minutes ago Up 40 minutes 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp sleepy_chatterjee
, т. Е. 443 должно быть связано между контейнером и хостом.
Однако с хоста:
curl -k https://localhost:443
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:443
Есть предложения, почему я не подключаюсь к контейнеру?
ОБНОВЛЕНИЕ
После привязки к порту 4443 хоста для устранения проблем с хостом, которые у меня возникают (с curl -v):
curl -v -k https://localhost:4443
* Expire in 0 ms for 6 (transfer 0xf09880)
* Expire in 1 ms for 1 (transfer 0xf09880)
* Expire in 0 ms for 1 (transfer 0xf09880)
* Expire in 1 ms for 1 (transfer 0xf09880)
* Expire in 0 ms for 1 (transfer 0xf09880)
* Expire in 0 ms for 1 (transfer 0xf09880)
* Expire in 1 ms for 1 (transfer 0xf09880)
* Expire in 0 ms for 1 (transfer 0xf09880)
* Expire in 0 ms for 1 (transfer 0xf09880)
* Expire in 1 ms for 1 (transfer 0xf09880)
* Expire in 0 ms for 1 (transfer 0xf09880)
* Expire in 0 ms for 1 (transfer 0xf09880)
* Expire in 1 ms for 1 (transfer 0xf09880)
* Expire in 0 ms for 1 (transfer 0xf09880)
* Expire in 0 ms for 1 (transfer 0xf09880)
* Expire in 2 ms for 1 (transfer 0xf09880)
* Expire in 0 ms for 1 (transfer 0xf09880)
* Expire in 0 ms for 1 (transfer 0xf09880)
* Expire in 2 ms for 1 (transfer 0xf09880)
* Expire in 0 ms for 1 (transfer 0xf09880)
* Expire in 0 ms for 1 (transfer 0xf09880)
* Expire in 2 ms for 1 (transfer 0xf09880)
* Expire in 0 ms for 1 (transfer 0xf09880)
* Expire in 0 ms for 1 (transfer 0xf09880)
* Expire in 2 ms for 1 (transfer 0xf09880)
* Expire in 0 ms for 1 (transfer 0xf09880)
* Expire in 0 ms for 1 (transfer 0xf09880)
* Expire in 2 ms for 1 (transfer 0xf09880)
* Expire in 0 ms for 1 (transfer 0xf09880)
* Expire in 0 ms for 1 (transfer 0xf09880)
* Expire in 2 ms for 1 (transfer 0xf09880)
* Expire in 0 ms for 1 (transfer 0xf09880)
* Expire in 0 ms for 1 (transfer 0xf09880)
* Expire in 2 ms for 1 (transfer 0xf09880)
* Expire in 0 ms for 1 (transfer 0xf09880)
* Expire in 0 ms for 1 (transfer 0xf09880)
* Expire in 2 ms for 1 (transfer 0xf09880)
* Expire in 0 ms for 1 (transfer 0xf09880)
* Expire in 0 ms for 1 (transfer 0xf09880)
* Expire in 2 ms for 1 (transfer 0xf09880)
* Expire in 0 ms for 1 (transfer 0xf09880)
* Expire in 0 ms for 1 (transfer 0xf09880)
* Expire in 2 ms for 1 (transfer 0xf09880)
* Expire in 0 ms for 1 (transfer 0xf09880)
* Expire in 0 ms for 1 (transfer 0xf09880)
* Expire in 0 ms for 1 (transfer 0xf09880)
* Trying ::1...
* TCP_NODELAY set
* Expire in 149999 ms for 3 (transfer 0xf09880)
* Expire in 200 ms for 4 (transfer 0xf09880)
* Connected to localhost (::1) port 4443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:4443
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:4443