So, I have minikube 0.16.0 installed
Also istio 1.7.3
So I do envoy sidecars on each deployment I do, as per with command kubectl label namespace default istio-injection=enabled
Now, coming to the question, I'm not able to do any curl from inside any pod whatsoever, even from sleep-diag, I always get request timed out message, but it does work for non secure http
For example while installing jenkins, I try to curl against this url with no success:
bash-5.0# curl -v https://updates.jenkins.io/current/update-center.json
* Trying 92.242.132.16:443...
* TCP_NODELAY set
* connect to 92.242.132.16 port 443 failed: Operation timed out
* Failed to connect to updates.jenkins.io port 443: Operation timed out
* Closing connection 0
curl: (28) Failed to connect to updates.jenkins.io port 443: Operation timed out
But even if I try let's say:
bash-5.0# curl -v https://www.google.com
* Trying 92.242.132.16:443...
* TCP_NODELAY set
* connect to 92.242.132.16 port 443 failed: Operation timed out
* Failed to connect to www.google.com port 443: Operation timed out
* Closing connection 0
curl: (28) Failed to connect to www.google.com port 443: Operation timed out
While I'm able to outside of any pod in my local cluster, any ideas on this?
For example, tried installing jenkins like this, with helm:
helm install --set Master.ServiceType=ClusterIP jenkins/jenkins --generate-name
Obviously it will fail because I cannot access any https from my local cluster, even specifying NodePort I have the same issue:
helm install --set Master.ServiceType=NodePort jenkins/jenkins --generate-name
Any ideas?
Related
I start auditbeat
docker run --cap-add="AUDIT_CONTROL" --cap-add="AUDIT_READ" docker.elastic.co/beats/auditbeat:7.8.1 setup -E setup.kibana.host=localhost:5601 -E output.elasticsearch.hosts=["127.0.0.1:9300"]
but get error Exiting: couldn't connect to any of the configured Elasticsearch hosts. Errors: [error connecting to Elasticsearch at http://127.0.0.1:9300: Get http://127.0.0.1:9300: dial tcp 127.0.0.1:9300: connect: connection refused] I try user also localhost in output.elasticsearch.hosts. When I sent request by curl http://127.0.0.1:9200 I get successful response from elasticsearch.
Also. Elasticsearch is deployed as docker process.
You need to use the HTTP port 9200 (the same you curl with) not the TCP port 9300
-Eoutput.elasticsearch.hosts=["host.docker.internal:9200"]
^
|
change this
I am trying to install docker DTR using a command mentioned below but getting failed
Command:
docker run -it --rm docker/dtr install \
--ucp-node mbk-srv-389-ub \
--ucp-username admin \
--ucp-url https://172.16.217.1 \
--ucp-insecure-tls
But its giving error
ERROR:
FATA[0006] Failed to choose ucp node: The UCP node 'mbk-srv-389-ub' has port conflicts, please pick another node or choose a different port.
So i tried to add port 445 **--ucp-url https://172.16.217.1:445** as port 443 is also used by UCP but then it is showing another error.
ERROR:
FATA[0006] Failed to get new conv client: failed to create http client: Failed to get UCP CA: Get https://172.16.217.1:445/ca: dial tcp 172.16.217.1:445: connect: connection refused
INFO:
port 445 is open on the firewall.
no other service is running on port 445
DTR needs port 443 free, if 443 isn't free the install will fail.
Install UCP with --controller-port to any port other than 443 and then install DTR, it will work
I'm setting up my AWS EC2 instance. I wanted to let that instance access via https but I get a
This is what I tried
run docker pull abiosoft/caddy
Put Caddyfile in home folder
Run mkdir -p $HOME/caddycerts; chmod ugo+rwx $HOME/caddycerts;
Run docker run -d -e "CADDYPATH=/etc/caddycerts" -v $HOME/Caddyfile:/etc/Caddyfile -v $HOME/caddycerts:/etc/caddycerts -p 443:443 abiosoft/caddy
Run docker restart *dockerName*
My Caddyfile looks like this:
some-domain-name.com {
tls myemail
proxy / 172.17.0.1:9001 {
header_upstream Host {host}
header_upstream X-Real-IP {remote}
header_upstream X-Forwarded-Proto {scheme}
}
}
Error: curl: (7) Failed to connect to some-domain-name.com port 443: Connection refused
EC2 instance's security group has https enabled for port 443
when you use AWS make sure that the port you are using is allowed and you have the right to use it
AWS Security group and ACL doesn't give connection refused, they silently drops the packet. From the message connection refused it seems the service isn't running or server isn't listening on port 443.
Have you tried to telnet it locally ? Does it work ?
telnet localhost 443
Error: curl: (7) Failed to connect to some-domain-name.com port 443: Connection refused
The above error message means that your web server is not running on the specified port of 443. You can simply validate via a telnet (which I see in James's answer above).
From your caddyfile it points to port 9001. The first line of the Caddyfile is always the address of the site to serve.
Without seeing the dockerfile it's hard to pinpoint, but I'd say there's nothing configured to run on 443 in your application
I know this error has been posted before on StackOverflow and many solutions/answers are available too. But, I've already gone through all those answers and couldn't find any viable solution for me.
I'm running a Hyperledger Fabric network with single peer and orderer. Their Docker containers have exposed the following ports. 7051:7051 & 7053:7053 on peer, 7050:7050 on orderer. I'm trying to configure Prometheus to analyse the metrics by following the official documentation .
As mentioned in the documentation, I'm exposing my local machine's 9443 port to port 9443 of peer docker container by mapping it as 9443:9443 in ports section of docker-compose.yaml. When I run curl 0.0.0.0:9443, I get curl: (56) Recv failure: Connection reset by peer error.
However, when I run the command curl 0.0.0.0:9443/logspec in my peer container I get the desired result which is {"spec":"info"}. The two commands mentioned above are different but I've also tried running the command curl 0.0.0.0:9443/logspec in my local machine to which I got the same error response.
Running the command curl -v 0.0.0.0:9443 results in following response.
* About to connect() to 0.0.0.0 port 9443 (#0)
* Trying 0.0.0.0...
* Connected to 0.0.0.0 (0.0.0.0) port 9443 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 0.0.0.0:9443
> Accept: */*
>
* Recv failure: Connection reset by peer
* Closing connection 0
curl: (56) Recv failure: Connection reset by peer
I read in many of the answers that I might be a firewall issue. But even after disabling my firewall using the command systemctl disable firewalld, it's not working.
cat etc/os-release response
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"
curl --version response
curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.34 zlib/1.2.7 libidn/1.28 libssh2/1.4.3
I request you not to mark this question as duplicate as I've already gone through all the possible scenarios mentioned here.
First of all please check if there is firewall. Disable it.
Then remove the IP address provided in core.yaml file in operations tab. So that line will look like a below:
operations:
# host and port for the operations server
listenAddress: :9443
This change worked for me.
I installed docker on a new dedicated server (on a generic ubuntu 14.0 - linux kernel 3.13.0-71).
I installed an ubuntu docker image to test the environment. ( docker run -it ubuntu bash ) and I installed curl with openssl support.
When I try to get the content of an HTTP page, I have no problem. When I try to load an HTTPS page, my connection is refused:
root#835f01fef568:/# curl https://www.google.com
curl: (7) Failed to connect to www.google.com port 443: Connection refused
in verbose mode I have:
root#835f01fef568:/# curl -V https://www.google.com
curl 7.35.0 (x86_64-pc-linux-gnu) libcurl/7.35.0 OpenSSL/1.0.1f zlib/1.2.8 libidn/1.28 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP
and if I try to log the trace in a file, I have:
== Info: Rebuilt URL to: https://www.google.com/
== Info: Hostname was NOT found in DNS cache
== Info: Trying 173.194.123.81...
== Info: connect to 173.194.123.81 port 443 failed: Connection refused
== Info: Trying 173.194.123.84...
== Info: connect to 173.194.123.84 port 443 failed: Connection refused
== Info: Trying 173.194.123.80...
== Info: connect to 173.194.123.80 port 443 failed: Connection refused
== Info: Trying 173.194.123.82...
== Info: connect to 173.194.123.82 port 443 failed: Connection refused
== Info: Trying 173.194.123.83...
== Info: connect to 173.194.123.83 port 443 failed: Connection refused
== Info: Trying 2607:f8b0:4006:80c::1013...
== Info: Immediate connect fail for 2607:f8b0:4006:80c::1013: Network is unreachable
== Info: Failed to connect to www.google.com port 443: Connection refused
== Info: Closing connection 0
I am a bit lost on what I can do :(
It is not a DNS problem since I can ping server or CURL http content on port 80. It only related to SSL connections.
Is there someone here with any idea about this issue?
Thanks
I found the source of the problem. Here it was related to an iptables issue of the main host
with the command iptables -L -t nat I discovered that there was a pre-routing activated on all https traffic redirected to the port 9092, used by another service.
I had the same problem. I found that setting the interface of the iptables rule to ‘eth0’ instead of ‘any’ solved the problem.
Here is an example that worked on the host for me:
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 443 -j DNAT --to-destination 172.17.0.3:8443
Once the interface change to ‘eth0’ wget https://... worked again from within docker.
Hope this helps.
echo ipv4 >> ~/.curlrc
run this command on terminal. its working for me