Can't connect to foodsoft - SSL error with docker image

Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
jin
Reply | Threaded
Open this post in threaded view
|

Can't connect to foodsoft - SSL error with docker image

jin
Hi,

I've been trying to run foodsoft in production either with docker and docker-compose, going through all the issues until I obtain up and running containers, but I've not been able to connect to the app. I will open a different topic for docker-compose, here is for basic docker procedure :

 Due to a Ruby issue with foodcoops/foodsoft:latest, I tried v4.6.0 wich runs smoothly
`/nonexistent` is not a directory.
Bundler will use `/tmp/bundler/home/unknown' as your home directory temporarily.
=> Booting Thin
=> Rails 4.2.10 application starting in production on http://0.0.0.0:3000
=> Run `rails server -h` for more startup options
=> Ctrl-C to shutdown server
Loading app configuration from config/app_config.yml
>> Thin web server (v1.5.1 codename Straight Razor)
>> Maximum connections set to 1024
>> Listening on 0.0.0.0:3000, CTRL+C to stop
docker container ls -a 
CONTAINER ID        IMAGE                      COMMAND                  CREATED             STATUS              PORTS                     NAMES
86ffa6ee79a8        foodcoops/foodsoft:4.6.0   "./docker-entrypoint…"   25 minutes ago      Up 25 minutes       0.0.0.0:32776->3000/tcp   foodsoft_web
c7df8d0db12e        mysql:5.5                  "docker-entrypoint.s…"   About an hour ago   Up About an hour    3306/tcp                  mysql
a89ca7e475d2        redis:3.2-alpine           "docker-entrypoint.s…"   13 hours ago        Up 13 hours         6379/tcp                  foodcoopsnet_redis_1

I then populated the database succesfully following https://github.com/foodcoops/foodsoft/blob/master/doc/SETUP_PRODUCTION.md

When I try to connect to the container with curl it looks ok,
curl -I 0.0.0.0:32776
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
Location: https://0.0.0.0:32776/
Content-Length: 0
Connection: keep-alive
Server: thin 1.5.1 codename Straight Razor

but using the browser, I have this error : SSL_ERROR_RX_RECORD_TOO_LONG, and
!! Invalid request
 appearing in the terminal below the running container's information.
I used "RAILS_FORCE_SSL=false" option when running it.


jin
Reply | Threaded
Open this post in threaded view
|

Re: Can't connect to foodsoft - SSL error with docker image

jin
Ok, here is what I did to be able to access the app :

1.watching a kitten video, as stated in foodsoft wiki https://stackoverflow.com/questions/30532471/firefox-redirects-to-https/34033592#34033592

2. Delete firefox Sites Preferences https://stackoverflow.com/questions/30532471/firefox-redirects-to-https/34033592#34033592

This way I can access the app without ssl. I guess one should create another vhost rule for foodsoft container's port, using a let'sencrypt certificate. I tried without success.
Reply | Threaded
Open this post in threaded view
|

Re: Can't connect to foodsoft - SSL error with docker image

Julius
In reply to this post by jin
Hey jin,

Others are more experienced than me, but let me try to help. I do not know how to exactly reproduce your setup, so I decided to follow the official docker-compose production setup from scratch. I had some issues with the upstream instructions, so I had to add some workarounds. You can find the exact steps I did in the modified README.md here: [1]. I followed the instruction of the sections "settings" and "initial database setup" only.

After the final command there (docker-compose restart) I am able to connect to https://localhost/ . I have to accept the self-signed certificate, of course.

If I change my setup then I can also reproduce the the error you were seeing (SSL_ERROR_RX_RECORD_TOO_LONG). By default, the ports 80 and 443 in the official docker-compose production setup are sent to the haproxy container. See here [2]. Instead, I can directly send my request to the foodsoft container by pointing my browser to its IP and using port 3000. In my case that was http://172.23.0.11:3000/ . I queried the IP using a docker command [3]. When pointing my browser directly to rails, the SSL error showed up.

These are the insights I wanted to share with you. I hope it helps. I can not find the docker-compose thread you have announced to start. If you are still motivated to give it another try then let me know if my modified setup solved any issues for you. In that case we should contribute fixes.

Best,
Julius



[1] https://github.com/JuliusR/foodcoops.net/tree/fix/simple-initial-setup

[2] https://github.com/foodcoops/foodcoops.net/blob/f5a3cbc716b07b32945635b7b8cbf5d69e45dfc6/docker-compose.yml#L65

[3] docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $(docker-compose ps -q foodsoft)
jin
Reply | Threaded
Open this post in threaded view
|

Re: Can't connect to foodsoft - SSL error with docker image

jin
Hi Julius !

Thank you very much for this reply containing very useful informations !

Julius wrote
I can not find the docker-compose thread you have announced to start. If you are still motivated to give it another try then let me know if my modified setup solved any issues for you. In that case we should contribute fixes.
Indeed, I did not start it yet due to my attempts to solve vanilla docker issues (worker is up but still no email). Thanks to your help I am confident I will succeed using compose too. The point is I cannot reach http://localhost:3000, even with the container's ID. I'll explain it completely in the other topic as soon as possible (I already have an apache webserver using ports 80 and 443 on my server...)

I'll try the direct link to the container's ip and tell you if it solves the SSL error. I may have already tried it without succes.
jin
Reply | Threaded
Open this post in threaded view
|

Re: Can't connect to foodsoft - SSL error with docker image

jin
I did the test with the container's IP.

The command I use to get a containe's IP looks slightly different than yours but seems to output the same result :

docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' 20329a19b212
172.17.0.3

My web browser can't access it directly, so I tried with curl

curl -I 172.17.0.3:3000
HTTP/1.1 302 Moved Temporarily
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Location: http://172.17.0.3:3000/GASET
Content-Type: text/html; charset=utf-8
Cache-Control: no-cache
Set-Cookie: _foodsoft_session=UjVVQWpDNUI4M3VQalhDd1hBNEp5OFJMVTBVaVpya20vanJodk14VHMxVWZRUTdwUG1uaHJEb3pqZ0RybDdPVDl1bklrNGdrbFlMR3dRSVp6UUZVd0VzTEJ2bktKQzd2Y3FhZHNHbWZPSFE9LS1xeTZuK0NyRXU4OXVsUVJyRmpCaGxRPT0%3D--d5c26fbc5045ac63c2534e78d48dfc4fd58ecec6; path=/; HttpOnly
X-Request-Id: 0cf7f29f-ee2b-4d71-8eee-12cd9ebe8e8e
X-Runtime: 0.006233
Connection: close
Server: thin 1.5.1 codename Straight Razor

http looks good, but here is the result for https :

curl -I https://172.17.0.3:3000
curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol