Curl errors out in the handshake phase

SoftInstigate / nginx-restheart

Example of NGINX as a SSL frontend for RESTHeart.

2 stars 1 forks source link

Curl errors out in the handshake phase #1

Open bberlo opened 2 years ago

bberlo commented 2 years ago

I have followed the README section (i.e. git clone repo -> docker-compose up -> curl --insecure https://localhost/ping) in order to set up the complete NGINX, RESTHeart and MongoDB stack. I can access the RESTHeart server via http://localhost:8080/ping in an unsecured way. However, as soon as I use curl --insecure https://localhost/ping, curl errors out both in Windows 10 Enterprise and a Ubuntu 20.04.2 LTS VM.

Windows 10 Enterprise

curl: (35) schannel: failed to receive handshake, SSL/TLS connection failed

Ubuntu 20.04.2 LTS VM

curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:443

Unfortunately, neither nginx or restheart recognize the https call (i.e. do not log an exception in both normal and debug logging mode). In case you know of a way to solve this problem, please attach a response to this issue report.

Regards, Bram

mkjsix commented 2 years ago

I have updated the docker-compose.yml file with an updated configuration. Could you please try again? Please issue a docker pull first. Now you can't access restheart via the 8080 port anymore, only 443 (https) via nginx.

bberlo commented 2 years ago

Thank you for the lightning fast response :) Unfortunately, the changes did not resolve the issue. The exact same errors pop up when using curl --insecure https://localhost/ping.

mkjsix commented 2 years ago

I cannot reproduce but I suspect it's due to the self-signed certificate being created with an obsolete cipher which is no more supported by your curl versions. I will try creating new certificates and see what happens.

mkjsix commented 2 years ago

I updated both key and certificate, please issue a "git pull" and tell me if it makes any difference.

bberlo commented 2 years ago

I finally got it to work by making the following changes to the docker-compose file that was present at the repo prior to your first commit since I posted this issue, in addition to incorporating the new key and certificate:

I connected restheart to mongodb via specifying the MONGO_URI under 'environment' under the restheart service, i.e.:

restheart:
image: softinstigate/restheart:6.0.3
container_name: restheart
environment:
  MONGO_URI: mongodb://restheart:R3ste4rt!@mongodb:27017
depends_on:
  - mongodb
networks:
  - backend
ports:
  - "8080:8080"

I changed $PWD, since it is translated to a . in windows (unfortunately docker-compose requires at least two symbols), by hardcoding the cloned repo location at my PC under the nginx service's volumes section.

To prevent this issue from re-appearing in the future, can you recommend a way in which I can create the key and certificate myself?