SSL Issue - Unable to connect to multiple containers using docker-compose
Question
I am starting on Docker-Compose using .Net core and have hit an issue with SSL handshake while communicating between the containers.
Stack .Net Core 2.2, Docker CE for Windows (Linux Containers) 2.0.0.3, Docker Compose 3.4, VS2019 Update 2, Windows 10, Chrome Version 74.0.3729.131 (Official Build) (64-bit)
I have an API being called by another api using HttpClient. I have added them in one docker-compose project and they are referenced using the service names:
version: '3.4'
services:
caller.api:
environment:
- ASPNETCORE_ENVIRONMENT=Development
- ASPNETCORE_URLS=https://+:80
- ASPNETCORE_HTTPS_PORT=44391
- FirstServiceUrl=https://callee.api
depends_on:
- callee.api
ports:
- "44391:80"
volumes:
- ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:ro
- ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:ro
callee.api:
environment:
- ASPNETCORE_ENVIRONMENT=Development
- ASPNETCORE_URLS=https://+:80
- ASPNETCORE_HTTPS_PORT=44392
ports:
- "44392:80"
volumes:
- ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:ro
- ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:ro
However, these caller fails to call the callee and I get different kind of errors based on the below cases.
I've tried a number of things :
dotnet dev-certs https This obviously allows the api's running outside docker-compose to run on SSL and dont have any issues in communication
Generate and Use self signed certs I used the information here and created the certificates.
They're added to the Trusted root. I can see them in Cert Manager.
Added the following code in the API Main:
var builder = WebHost.CreateDefaultBuilder(args);
builder.ConfigureAppConfiguration((ctx, cfg) => cfg.AddEnvironmentVariables());
builder.UseKestrel(options =>
{
options.AddServerHeader = false;
options.ListenAnyIP(80, o =>
{
o.UseHttps( new X509Certificate2( "callee.api.pfx", "password"));
});
})
.UseStartup<Startup>();
But when I launch Chrome(to test using swagger), the browser shows
I get this exception:
Failed to authenticate HTTPS connection.
System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Interop+OpenSsl+SslException: SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL. ---> Interop+Crypto+OpenSslCryptographicException: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown
--- End of inner exception stack trace ---
at Interop.OpenSsl.DoSslHandshake(SafeSslHandle context, Byte[] recvBuf, Int32 recvOffset, Int32 recvCount, Byte[]& sendBuf, Int32& sendCount)
at System.Net.Security.SslStreamPal.HandshakeInternal(SafeFreeCredentials credential, SafeDeleteContext& context, SecurityBuffer inputBuffer, SecurityBuffer outputBuffer, SslAuthenticationOptions sslAuthenticationOptions)
--- End of inner exception stack trace ---
I tried first with creating certificate as localhost.pfx which didnt work. I also tried with certificate callee.pfx but without any success.
- Several different approaches similar to (2) above but no joy.
I am able to get to the individual API's in the browser and can manually run them fine.
When I disable SSL, they are able to interact without any issues.
I've spent couple of days trying to get this to work. Would really appreciate any help or pointers.
1 answers
solution1
0 2020-04-02 16:29:23
I actually running into the same issue and it looks like caller container doesn't trust certificate of the called container. Have you tried running the following on the caller container?:
dotnet dev-certs https
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.