Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Curl errors out in the handshake phase #1

Open
bberlo opened this issue Oct 19, 2021 · 5 comments
Open

Curl errors out in the handshake phase #1

bberlo opened this issue Oct 19, 2021 · 5 comments
Assignees
@mkjsix

Comments

@bberlo
Copy link

bberlo commented Oct 19, 2021

I have followed the README section (i.e. git clone repo -> docker-compose up -> curl --insecure https://localhost/ping) in order to set up the complete NGINX, RESTHeart and MongoDB stack.
I can access the RESTHeart server via http://localhost:8080/ping in an unsecured way.
However, as soon as I use curl --insecure https://localhost/ping, curl errors out both in Windows 10 Enterprise and a Ubuntu 20.04.2 LTS VM.

Windows 10 Enterprise

curl: (35) schannel: failed to receive handshake, SSL/TLS connection failed

Ubuntu 20.04.2 LTS VM

curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:443

Unfortunately, neither nginx or restheart recognize the https call (i.e. do not log an exception in both normal and debug logging mode).
In case you know of a way to solve this problem, please attach a response to this issue report.

Regards,
Bram
@mkjsix mkjsix self-assigned this Oct 20, 2021
@mkjsix
Copy link
Member

mkjsix commented Oct 20, 2021

I have updated the docker-compose.yml file with an updated configuration. Could you please try again? Please issue a docker pull first.
Now you can't access restheart via the 8080 port anymore, only 443 (https) via nginx.

@bberlo
Copy link
Author

bberlo commented Oct 20, 2021

Thank you for the lightning fast response :)
Unfortunately, the changes did not resolve the issue.
The exact same errors pop up when using curl --insecure https://localhost/ping.

@mkjsix
Copy link
Member

mkjsix commented Oct 21, 2021
edited
Loading

I cannot reproduce but I suspect it's due to the self-signed certificate being created with an obsolete cipher which is no more supported by your curl versions. I will try creating new certificates and see what happens.

@mkjsix
Copy link
Member

mkjsix commented Oct 21, 2021
edited
Loading

I updated both key and certificate, please issue a "git pull" and tell me if it makes any difference.

@bberlo
Copy link
Author

bberlo commented Oct 21, 2021

I finally got it to work by making the following changes to the docker-compose file that was present at the repo prior to your first commit since I posted this issue, in addition to incorporating the new key and certificate:

  • I connected restheart to mongodb via specifying the MONGO_URI under 'environment' under the restheart service, i.e.:
  restheart:
    image: softinstigate/restheart:6.0.3
    container_name: restheart
    environment:
      MONGO_URI: mongodb://restheart:R3ste4rt!@mongodb:27017
    depends_on:
      - mongodb
    networks:
      - backend
    ports:
      - "8080:8080"
  • I changed $PWD, since it is translated to a . in windows (unfortunately docker-compose requires at least two symbols), by hardcoding the cloned repo location at my PC under the nginx service's volumes section.

To prevent this issue from re-appearing in the future, can you recommend a way in which I can create the key and certificate myself?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mkjsix mkjsix

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mkjsix @bberlo