Question

the ssl connection could not be established

Hi everyone, I have a simple website by .net core and hosted in a Linux docker container. I had an error “the SSL connection could not be established” when trying to upload files to Space. I configured my localhost certificate to ngĩn but not work

Docker compose file:

version: '3.4'

services:
  nginx:
    image: nginx:alpine
    hostname: 'nginx'
    volumes:
      - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
      - ./nginx/proxy.conf:/etc/nginx/proxy.conf:ro
      - ./nginx/client.cert:/etc/ssl/certs/client.cert:ro
      - ./nginx/client.key:/etc/ssl/certs/client.key:ro
      - ./nginx/logs/:/var/log/nginx/
    ports:
      - 8080:8080
      - 443:443
    depends_on:
      - web
    restart: always

  web:
   image: ${DOCKER_REGISTRY-}web-client
   ports:
      - "5000"
   build:
     context: .
     dockerfile: src/web/Dockerfile

nginx config

user nginx;

worker_processes    auto;

events { worker_connections 1024; }

http {

    include             /etc/nginx/proxy.conf;
    include             /etc/nginx/mime.types;
    limit_req_zone      $binary_remote_addr zone=one:10m rate=5r/s;
    # server_tokens       off;
    sendfile            on;
    keepalive_timeout   29; # Adjust to the lowest possible value that makes sense for your use case.
    client_body_timeout 10; client_header_timeout 10; send_timeout 10;

    upstream web_clients {
        server          web:5000;
    }

    server {
        listen     *:8080 default_server;
        add_header Strict-Transport-Security max-age=15768000;
        return     301 https://$host$request_uri;
    }

    server {
        listen                      443 ssl;
        server_name                 $hostname;
        ssl_certificate             /etc/ssl/certs/client.cert;
        ssl_certificate_key         /etc/ssl/certs/client.key;
        ssl_protocols               TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers   on;
        ssl_ciphers                 "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
        ssl_ecdh_curve              secp384r1;
        ssl_session_cache           shared:SSL:10m;
        ssl_session_tickets         off;
        ssl_stapling                on; #ensure your cert is capable
        ssl_stapling_verify         on; #ensure your cert is capable

        add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" always;
        add_header X-Frame-Options DENY;
        add_header X-Content-Type-Options nosniff;
        add_header X-Frame-Options "SAMEORIGIN";

        location / {
            proxy_pass http://web_clients;
            limit_req  zone=one burst=10 nodelay;
        }
    }
}

My upload function

public static async Task UploadFile(IFormFile file)
        {
            string bucketName = "mybucket";
            string endpoingURL = "https://mybucket.sgp1.digitaloceanspaces.com/";
            IAmazonS3 s3Client;

            using (var newMemoryStream = new MemoryStream())
            {
                file.CopyTo(newMemoryStream);
                var s3ClientConfig = new AmazonS3Config
                {
                    ServiceURL = endpoingURL
                };
                s3Client = new AmazonS3Client(s3ClientConfig);
                try
                {
                    var fileTransferUtility = new TransferUtility(s3Client);
                    var fileTransferUtilityRequest = new TransferUtilityUploadRequest
                    {
                        BucketName = bucketName + @"/files",
                        InputStream = newMemoryStream,
                        StorageClass = S3StorageClass.StandardInfrequentAccess,
                        PartSize = 6291456, // 6 MB
                        Key = file.FileName,
                        CannedACL = S3CannedACL.PublicRead,
                    };
                    fileTransferUtility.Upload(fileTransferUtilityRequest);
                }
                catch (AmazonS3Exception e)
                {
                    Console.WriteLine("Error encountered ***. Message:'{0}' when writing an object", e.Message);
                }
                catch (Exception e)
                {
                    Console.WriteLine("Unknown encountered on server. Message:'{0}' when writing an object", e.Message);
                }
            }

        }

Any ideas are welcome, many thanks.


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Hi there,

What I could suggest is to first make sure that port 443 is open via your firewall. Also you could test the connectivity to the specific bucket using telnet:

telnet mybucket.sgp1.digitaloceanspaces.com 443

If the port is open and the telnet command works fine, then you could try adding the Spaces CA certificate to your container so that it would trust the SSL certificate.

You can add the certificate to your Docker image by using the following in your Dockerfile:

ADD spaces.crt /usr/local/share/ca-certificates/spaces.crt
RUN update-ca-certificates

Let me know how it goes. Regards, Bobby