search

Yubico / yubihsm-connector

https://developers.yubico.com/yubihsm-connector/
Apache License 2.0
30 stars 13 forks source link

Docker container cannot connect to yubihsm connector running on host on Ubuntu 22.04.3 LTS #53

Open larryliuuu opened 5 months ago

larryliuuu commented 5 months ago
  1. Running yubihsm-connector on host: 
sudo yubihsm-connector -d --enable-host-header-allowlist  --host-header-allowlist localhost,localhost.,127.0.0.1,[::1]],host.docker.internal,host.docker.internal.,172.17.0.1,172.17.0.2,host.docker.internal:12345 -l localhost:12345

  1. Test on host shows success

    curl localhost:12345/connector/status

  2. Start Docker container

    docker pull ubuntu
docker run -it --add-host=host.docker.internal:host-gateway ubuntu bash

  3. [container] Install curl and check /etc/hosts in container to ensure that we can contact services running on the host

    apt-get update && apt-get install curl
cat /etc/hosts
172.17.0.1  host.docker.internal

  4. [container] Run a test (Tried with IP 172.17.0.1 as well)

    root@c29483c2f844:/# curl -i host.docker.internal:12345/connector/status
curl: (7) Failed to connect to host.docker.internal port 12345 after 0 ms: Connection refused

  5. Check docker container's host headers look ok by quitting yubihsm-connector on the host, starting an http listener on the host and running curl from container again.

    
GET / HTTP/1.1
Host: host.docker.internal:12345
User-Agent: curl/7.81.0
Accept: */*

HTTP/1.1 200 OK



Docker container can definitely contact the host, but it seems that the yubihsm-connector host header allowlist is not accepting `host.docker.internal` if the request comes from a container?