[SOLVED] SSL_ERROR_SYSCALL when connecting to ASP.NET 6 web server in Docker container

Issue

1. Web Server Code

Test01.csproj:

<Project Sdk="Microsoft.NET.Sdk.Web">

  <PropertyGroup>
    <TargetFramework>net6.0</TargetFramework>
    <Nullable>enable</Nullable>
    <ImplicitUsings>enable</ImplicitUsings>
  </PropertyGroup>

  <PropertyGroup Condition="'$(Configuration)' == 'Release'">
    <PublishDir>../deploy/$(AssemblyName)</PublishDir>
    <PublishReadyToRun>true</PublishReadyToRun>
    <PublishSingleFile>true</PublishSingleFile>
    <IncludeAllContentForSelfExtract>true</IncludeAllContentForSelfExtract>
    <DebugType>None</DebugType>
  </PropertyGroup>

  <Target Name="CopyCustomContentOnPublish" AfterTargets="Publish" Condition="'$(Configuration)' == 'Release'">
    <Copy SourceFiles="certificate.crt" DestinationFolder="../deploy/$(AssemblyName)" />
    <Copy SourceFiles="private-key.pem" DestinationFolder="../deploy/$(AssemblyName)" />
  </Target>

</Project>

Program.cs:

var builder = WebApplication.CreateBuilder(args);
var app = builder.Build();
app.MapGet("/", () => $"{Environment.MachineName} - {DateTime.Now}\n");
app.Run();

appsettings.json:

{
  "Kestrel": {
    "Endpoints": {
      "Https": {
        "Url": "https://localhost"
      }
    },
    "Certificates": {
      "Default": {
        "Path": "certificate.crt",
        "KeyPath": "private-key.pem"
      }
    }
  }
}

This compiles and runs flawlessly (Ubuntu 21.10):

$ dotnet build
$ sudo dotnet run --project Test01 --no-build

The server works:

$ curl -k "https://localhost"
server - 02/04/2022 15:08:50

The -k is needed because I use a self-signed certificate.

2. .NET Deployment

deploy.sh:

rm -r deploy/*
dotnet clean
dotnet publish --no-self-contained -r linux-x64 -c Release

This deploys the server into deploy/Test01:

$ ls -al deploy/Test01
drwxrwxr-x 2 dev dev   4096 Feb  4 14:33 .
drwxrwxr-x 3 dev dev   4096 Feb  4 14:33 ..
-rwxr-xr-x 1 dev dev 150934 Feb  4 14:36 Test01
-rw-rw-r-- 1 dev dev    318 Feb  4 14:33 appsettings.json
-rw-rw-r-- 1 dev dev   2106 Feb  4 14:33 certificate.crt
-rw-rw-r-- 1 dev dev   3268 Feb  4 14:33 private-key.pem

The server can be run from this folder:

$ cd deploy/Test01
$ sudo ./Test01
$ curl -k "https://localhost"
server - 02/04/2022 15:17:15

3. Docker Container

Dockerfile:

FROM mcr.microsoft.com/dotnet/aspnet
WORKDIR /opt/test01
COPY deploy/Test01 ./
ENTRYPOINT ["./Test01"]

Creating the image:

$ docker build -t test01:1.0.0 .
$ docker image ls
REPOSITORY                        TAG       IMAGE ID       CREATED          SIZE
test01                            1.0.0     962954c40135   42 minutes ago   208MB
mcr.microsoft.com/dotnet/aspnet   latest    53451db35067   9 days ago       208MB

Starting the container:

$ docker run -d -p 44302:443 --name test01 test01:1.0.0
$ docker container ls
CONTAINER ID   IMAGE          COMMAND      CREATED          STATUS          PORTS                                       NAMES
28f247a8a3d5   test01:1.0.0   "./Test01"   2 minutes ago    Up 2 minutes    0.0.0.0:44302->443/tcp, :::44302->443/tcp   test01

The server’s port is redirected to the host:

$ docker port test01
443/tcp -> 0.0.0.0:44302
443/tcp -> :::44302
$ sudo ss -tlp | grep docker
LISTEN 0      4096         0.0.0.0:44302       0.0.0.0:*    users:(("docker-proxy",pid=9054,fd=4))   
LISTEN 0      4096            [::]:44302          [::]:*    users:(("docker-proxy",pid=9059,fd=4))

4. The Problem

If I try to access the server from the host, I get an error:

$ curl -k https://localhost:44302
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:44302

The verbose response:

$ curl -k -v https://localhost:44302
*   Trying 127.0.0.1:44302...
* Connected to localhost (127.0.0.1) port 44302 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:44302 
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:44302

What am I doing wrong? Thank you for your help in advance!

Solution

The problem was that the server was listening on localhost inside the container (source). I had to change appsettings.json to make it listen on 0.0.0.0:

...
        "Url": "https://0.0.0.0"
...

Answered By – kol

Answer Checked By – Gilberto Lyons (BugsFixing Admin)

Leave a Reply

Your email address will not be published. Required fields are marked *