search

Shopify / toxiproxy

:alarm_clock: :fire: A TCP proxy to simulate network and system conditions for chaos and resiliency testing
https://github.com/shopify/toxiproxy
MIT License
10.82k stars 449 forks source link

Unable to use Toxi proxy from host when it is running in a container #267

Open ahmedtalhakhan opened 4 years ago

ahmedtalhakhan commented 4 years ago

I am trying to do a simple setup of using toxiproxy for 3rd party service APIs but running into an issue that I cant seem to resolve. I am running toxiproxy inside a container on my local machine and then trying to access the upstream service from the host. Here are the simple configurations

Run toxiproxy

docker run --expose 26379 --dns=8.8.8.8 -p 8474:8474 -p 26379:26379 -it shopify/toxiproxy

Create a simple proxy 

toxiproxy-cli create test-proxy -l 127.0.0.1:26379 -u api.box.com:443

Make sure proxy is created

toxiproxy-cli list
Name            Listen      Upstream        Enabled     Toxics
======================================================================================
test-proxy  127.0.0.1:26379 api.box.com:443     enabled     None

The /etc/hosts file on the host machine contains the following entry. 

127.0.0.1 api.box.com

Now when I try to access the upstream service from the host, the request fails with some SSL initiation error

curl -s -v -w 'Total: %{time_total}s\n' --header 'Host: api.box.com' https://api.box.com:26379/2.0/folders/0

*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to api.box.com (127.0.0.1) port 26379 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to api.box.com:26379 
* Closing connection 0
Total: 0.014964s

I have already looked at the issue https://github.com/Shopify/toxiproxy/issues/175#issuecomment-301464691 but it seems that those steps are not valid if toxiproxy is running inside a container.

The issue does not go away even If I take the approach of using a different hostname for the call by doing the following:

Use test1.box.com as the hostname of the upstream service and put it in /etc/hosts of the host machine as

127.0.0.1 test1.box.com

And then doing a request from the host machine

curl -s -v -w 'Total: %{time_total}s\n' https://test1.box.com:26379/2.0/folders/0
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to tt.box.com (127.0.0.1) port 26379 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to tt.box.com:26379 
* Closing connection 0
Total: 0.009243s
colinmollenhour commented 1 year ago

When creating a proxy when toxiproxy is running inside a docker container you should use 0.0.0.0 as the listen address IP because listening on the localhost inside the container will not expose the proxy's port outside of the container.

toxiproxy-cli create test-proxy -l 0.0.0.0:26379 -u api.box.com:443