我正在尝试从 Docker 容器连接到在 Go 中创建的 HTTPS 会话,当我在本地运行它时它工作正常,但是一旦我尝试在容器中运行它,我就无法访问 URL。
func main() {
// I'm using Go-Chi V5
r := chi.NewRouter()
// TLS connection. Inspired from https://blog.cloudflare.com/exposing-go-on-the-internet
tlsConfig := &tls.Config{
PreferServerCipherSuites: true,
CurvePreferences: []tls.CurveID{
tls.CurveP256,
tls.X25519,
},
MinVersion: tls.VersionTLS12,
CipherSuites: []uint16{
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
},
}
srv := &http.Server{
Addr: "localhost:9090",
ReadTimeout: 5 * time.Second,
WriteTimeout: 20 * time.Second,
IdleTimeout: 200 * time.Second,
TLSConfig: tlsConfig,
Handler: r,
}
r.Get("/", func(w http.ResponseWriter, r *http.Request) {
w.Write([]byte("hello world"))
})
err := srv.ListenAndServeTLS("./.dev/localhost.crt", "./.dev/localhost.key")
if err != nil {
log.Fatalf("server failed to start: %v", err)
}
}
我的 Dockerfile:
FROM golang:1.17-buster AS build
WORKDIR /app
COPY go.mod .
COPY go.sum .
RUN go mod download
COPY ./.dev/localhost.key .
COPY ./.dev/localhost.crt .
COPY . .
RUN go build -o /dev-admin ./cmd/admin
##
## Deploy
##
FROM gcr.io/distroless/base-debian10
WORKDIR /
COPY --from=build /dev-admin /dev-admin
COPY --from=build ./app/localhost.key ./.dev/localhost.key
COPY --from=build ./app/localhost.crt ./.dev/localhost.crt
EXPOSE 9090
EXPOSE 443
ENTRYPOINT ["/dev-admin"]
$ 卷曲 https://localhost:9090
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:9090
当我尝试正常的 HTTP 版本时,容器工作正常,所以只有 HTTPS 被阻塞,我不知道它是什么。
慕的地10843
慕村9548890
相关分类