Question

the ssl connection could not be established

Posted May 8, 2021 68 views
Docker

Hi everyone,
I have a simple website by .net core and hosted in a Linux docker container.
I had an error “the SSL connection could not be established” when trying to upload files to Space.
I configured my localhost certificate to ngĩn but not work

Docker compose file:

version: '3.4'

services:
  nginx:
    image: nginx:alpine
    hostname: 'nginx'
    volumes:
      - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
      - ./nginx/proxy.conf:/etc/nginx/proxy.conf:ro
      - ./nginx/client.cert:/etc/ssl/certs/client.cert:ro
      - ./nginx/client.key:/etc/ssl/certs/client.key:ro
      - ./nginx/logs/:/var/log/nginx/
    ports:
      - 8080:8080
      - 443:443
    depends_on:
      - web
    restart: always

  web:
   image: ${DOCKER_REGISTRY-}web-client
   ports:
      - "5000"
   build:
     context: .
     dockerfile: src/web/Dockerfile

nginx config

user nginx;

worker_processes    auto;

events { worker_connections 1024; }

http {

    include             /etc/nginx/proxy.conf;
    include             /etc/nginx/mime.types;
    limit_req_zone      $binary_remote_addr zone=one:10m rate=5r/s;
    # server_tokens       off;
    sendfile            on;
    keepalive_timeout   29; # Adjust to the lowest possible value that makes sense for your use case.
    client_body_timeout 10; client_header_timeout 10; send_timeout 10;

    upstream web_clients {
        server          web:5000;
    }

    server {
        listen     *:8080 default_server;
        add_header Strict-Transport-Security max-age=15768000;
        return     301 https://$host$request_uri;
    }

    server {
        listen                      443 ssl;
        server_name                 $hostname;
        ssl_certificate             /etc/ssl/certs/client.cert;
        ssl_certificate_key         /etc/ssl/certs/client.key;
        ssl_protocols               TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers   on;
        ssl_ciphers                 "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
        ssl_ecdh_curve              secp384r1;
        ssl_session_cache           shared:SSL:10m;
        ssl_session_tickets         off;
        ssl_stapling                on; #ensure your cert is capable
        ssl_stapling_verify         on; #ensure your cert is capable

        add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" always;
        add_header X-Frame-Options DENY;
        add_header X-Content-Type-Options nosniff;
        add_header X-Frame-Options "SAMEORIGIN";

        location / {
            proxy_pass http://web_clients;
            limit_req  zone=one burst=10 nodelay;
        }
    }
}

My upload function

public static async Task UploadFile(IFormFile file)
        {
            string bucketName = "mybucket";
            string endpoingURL = "https://mybucket.sgp1.digitaloceanspaces.com/";
            IAmazonS3 s3Client;

            using (var newMemoryStream = new MemoryStream())
            {
                file.CopyTo(newMemoryStream);
                var s3ClientConfig = new AmazonS3Config
                {
                    ServiceURL = endpoingURL
                };
                s3Client = new AmazonS3Client(s3ClientConfig);
                try
                {
                    var fileTransferUtility = new TransferUtility(s3Client);
                    var fileTransferUtilityRequest = new TransferUtilityUploadRequest
                    {
                        BucketName = bucketName + @"/files",
                        InputStream = newMemoryStream,
                        StorageClass = S3StorageClass.StandardInfrequentAccess,
                        PartSize = 6291456, // 6 MB
                        Key = file.FileName,
                        CannedACL = S3CannedACL.PublicRead,
                    };
                    fileTransferUtility.Upload(fileTransferUtilityRequest);
                }
                catch (AmazonS3Exception e)
                {
                    Console.WriteLine("Error encountered ***. Message:'{0}' when writing an object", e.Message);
                }
                catch (Exception e)
                {
                    Console.WriteLine("Unknown encountered on server. Message:'{0}' when writing an object", e.Message);
                }
            }

        }

Any ideas are welcome, many thanks.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer

Hi there,

What I could suggest is to first make sure that port 443 is open via your firewall. Also you could test the connectivity to the specific bucket using telnet:

telnet mybucket.sgp1.digitaloceanspaces.com 443

If the port is open and the telnet command works fine, then you could try adding the Spaces CA certificate to your container so that it would trust the SSL certificate.

You can add the certificate to your Docker image by using the following in your Dockerfile:

ADD spaces.crt /usr/local/share/ca-certificates/spaces.crt
RUN update-ca-certificates

Let me know how it goes.
Regards,
Bobby