SSL_ERROR_SYSCALL 当连接到 Docker 容器中的 ASP.NET 6 个网络服务器时
SSL_ERROR_SYSCALL when connecting to ASP.NET 6 web server in Docker container
1。 Web 服务器代码
Test01.csproj:
<Project Sdk="Microsoft.NET.Sdk.Web">
<PropertyGroup>
<TargetFramework>net6.0</TargetFramework>
<Nullable>enable</Nullable>
<ImplicitUsings>enable</ImplicitUsings>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)' == 'Release'">
<PublishDir>../deploy/$(AssemblyName)</PublishDir>
<PublishReadyToRun>true</PublishReadyToRun>
<PublishSingleFile>true</PublishSingleFile>
<IncludeAllContentForSelfExtract>true</IncludeAllContentForSelfExtract>
<DebugType>None</DebugType>
</PropertyGroup>
<Target Name="CopyCustomContentOnPublish" AfterTargets="Publish" Condition="'$(Configuration)' == 'Release'">
<Copy SourceFiles="certificate.crt" DestinationFolder="../deploy/$(AssemblyName)" />
<Copy SourceFiles="private-key.pem" DestinationFolder="../deploy/$(AssemblyName)" />
</Target>
</Project>
Program.cs:
var builder = WebApplication.CreateBuilder(args);
var app = builder.Build();
app.MapGet("/", () => $"{Environment.MachineName} - {DateTime.Now}\n");
app.Run();
appsettings.json:
{
"Kestrel": {
"Endpoints": {
"Https": {
"Url": "https://localhost"
}
},
"Certificates": {
"Default": {
"Path": "certificate.crt",
"KeyPath": "private-key.pem"
}
}
}
}
这可以完美地编译和 运行s (Ubuntu 21.10):
$ dotnet build
$ sudo dotnet run --project Test01 --no-build
服务器工作:
$ curl -k "https://localhost"
server - 02/04/2022 15:08:50
需要-k,因为我使用的是自签名证书。
2。 .NET 部署
deploy.sh:
rm -r deploy/*
dotnet clean
dotnet publish --no-self-contained -r linux-x64 -c Release
这会将服务器部署到 deploy/Test01:
$ ls -al deploy/Test01
drwxrwxr-x 2 dev dev 4096 Feb 4 14:33 .
drwxrwxr-x 3 dev dev 4096 Feb 4 14:33 ..
-rwxr-xr-x 1 dev dev 150934 Feb 4 14:36 Test01
-rw-rw-r-- 1 dev dev 318 Feb 4 14:33 appsettings.json
-rw-rw-r-- 1 dev dev 2106 Feb 4 14:33 certificate.crt
-rw-rw-r-- 1 dev dev 3268 Feb 4 14:33 private-key.pem
服务器可以运行来自这个文件夹:
$ cd deploy/Test01
$ sudo ./Test01
$ curl -k "https://localhost"
server - 02/04/2022 15:17:15
3。 Docker 容器
Docker文件:
FROM mcr.microsoft.com/dotnet/aspnet
WORKDIR /opt/test01
COPY deploy/Test01 ./
ENTRYPOINT ["./Test01"]
正在创建图像:
$ docker build -t test01:1.0.0 .
$ docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
test01 1.0.0 962954c40135 42 minutes ago 208MB
mcr.microsoft.com/dotnet/aspnet latest 53451db35067 9 days ago 208MB
启动容器:
$ docker run -d -p 44302:443 --name test01 test01:1.0.0
$ docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
28f247a8a3d5 test01:1.0.0 "./Test01" 2 minutes ago Up 2 minutes 0.0.0.0:44302->443/tcp, :::44302->443/tcp test01
服务器的端口被重定向到主机:
$ docker port test01
443/tcp -> 0.0.0.0:44302
443/tcp -> :::44302
$ sudo ss -tlp | grep docker
LISTEN 0 4096 0.0.0.0:44302 0.0.0.0:* users:(("docker-proxy",pid=9054,fd=4))
LISTEN 0 4096 [::]:44302 [::]:* users:(("docker-proxy",pid=9059,fd=4))
4。问题
如果我尝试从主机访问服务器,我得到一个错误:
$ curl -k https://localhost:44302
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:44302
详细响应:
$ curl -k -v https://localhost:44302
* Trying 127.0.0.1:44302...
* Connected to localhost (127.0.0.1) port 44302 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:44302
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:44302
我做错了什么?预先感谢您的帮助!
问题是服务器正在侦听容器 (source) 内的 localhost。我不得不更改 appsettings.json 以使其在 0.0.0.0:
上收听
...
"Url": "https://0.0.0.0"
...
1。 Web 服务器代码
Test01.csproj:
<Project Sdk="Microsoft.NET.Sdk.Web">
<PropertyGroup>
<TargetFramework>net6.0</TargetFramework>
<Nullable>enable</Nullable>
<ImplicitUsings>enable</ImplicitUsings>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)' == 'Release'">
<PublishDir>../deploy/$(AssemblyName)</PublishDir>
<PublishReadyToRun>true</PublishReadyToRun>
<PublishSingleFile>true</PublishSingleFile>
<IncludeAllContentForSelfExtract>true</IncludeAllContentForSelfExtract>
<DebugType>None</DebugType>
</PropertyGroup>
<Target Name="CopyCustomContentOnPublish" AfterTargets="Publish" Condition="'$(Configuration)' == 'Release'">
<Copy SourceFiles="certificate.crt" DestinationFolder="../deploy/$(AssemblyName)" />
<Copy SourceFiles="private-key.pem" DestinationFolder="../deploy/$(AssemblyName)" />
</Target>
</Project>
Program.cs:
var builder = WebApplication.CreateBuilder(args);
var app = builder.Build();
app.MapGet("/", () => $"{Environment.MachineName} - {DateTime.Now}\n");
app.Run();
appsettings.json:
{
"Kestrel": {
"Endpoints": {
"Https": {
"Url": "https://localhost"
}
},
"Certificates": {
"Default": {
"Path": "certificate.crt",
"KeyPath": "private-key.pem"
}
}
}
}
这可以完美地编译和 运行s (Ubuntu 21.10):
$ dotnet build
$ sudo dotnet run --project Test01 --no-build
服务器工作:
$ curl -k "https://localhost"
server - 02/04/2022 15:08:50
需要-k,因为我使用的是自签名证书。
2。 .NET 部署
deploy.sh:
rm -r deploy/*
dotnet clean
dotnet publish --no-self-contained -r linux-x64 -c Release
这会将服务器部署到 deploy/Test01:
$ ls -al deploy/Test01
drwxrwxr-x 2 dev dev 4096 Feb 4 14:33 .
drwxrwxr-x 3 dev dev 4096 Feb 4 14:33 ..
-rwxr-xr-x 1 dev dev 150934 Feb 4 14:36 Test01
-rw-rw-r-- 1 dev dev 318 Feb 4 14:33 appsettings.json
-rw-rw-r-- 1 dev dev 2106 Feb 4 14:33 certificate.crt
-rw-rw-r-- 1 dev dev 3268 Feb 4 14:33 private-key.pem
服务器可以运行来自这个文件夹:
$ cd deploy/Test01
$ sudo ./Test01
$ curl -k "https://localhost"
server - 02/04/2022 15:17:15
3。 Docker 容器
Docker文件:
FROM mcr.microsoft.com/dotnet/aspnet
WORKDIR /opt/test01
COPY deploy/Test01 ./
ENTRYPOINT ["./Test01"]
正在创建图像:
$ docker build -t test01:1.0.0 .
$ docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
test01 1.0.0 962954c40135 42 minutes ago 208MB
mcr.microsoft.com/dotnet/aspnet latest 53451db35067 9 days ago 208MB
启动容器:
$ docker run -d -p 44302:443 --name test01 test01:1.0.0
$ docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
28f247a8a3d5 test01:1.0.0 "./Test01" 2 minutes ago Up 2 minutes 0.0.0.0:44302->443/tcp, :::44302->443/tcp test01
服务器的端口被重定向到主机:
$ docker port test01
443/tcp -> 0.0.0.0:44302
443/tcp -> :::44302
$ sudo ss -tlp | grep docker
LISTEN 0 4096 0.0.0.0:44302 0.0.0.0:* users:(("docker-proxy",pid=9054,fd=4))
LISTEN 0 4096 [::]:44302 [::]:* users:(("docker-proxy",pid=9059,fd=4))
4。问题
如果我尝试从主机访问服务器,我得到一个错误:
$ curl -k https://localhost:44302
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:44302
详细响应:
$ curl -k -v https://localhost:44302
* Trying 127.0.0.1:44302...
* Connected to localhost (127.0.0.1) port 44302 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:44302
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:44302
我做错了什么?预先感谢您的帮助!
问题是服务器正在侦听容器 (source) 内的 localhost。我不得不更改 appsettings.json 以使其在 0.0.0.0:
...
"Url": "https://0.0.0.0"
...