Issue with libcurl in php:8.3-apache-bookworm causing connection errors

[jvancoillie]

Description:

When using the php:8.3-apache-bookworm Docker image behind a corporate proxy, I encountered an issue with curl during composer install. The error indicates a problem with the connection, and it didn't occur when using the php:8.2-apache-bookworm image. The error appears to be related to libcurl in the new PHP 8.3 image.

Here is the error log:

Failed to download symfony/var-dumper from dist: curl error 2 while downloading https://api.github.com/repos/symfony/var-dumper/zipball/ee14c8254a480913268b1e3b1cba8045ed122694: [CONN-1-0] send: no filter connected Now trying to download from source
Syncing symfony/http-kernel (v6.4.12) into cache Failed to download symfony/serializer from dist: curl error 2 while downloading https://codeload.github.com/symfony/serializer/legacy.zip/10ae9c1b90f4809ccb7277cc8fe8d80b3af4412c: [CONN-9-0] send: no filter connected Now trying to download from source

Steps to reproduce the issue:

1. Use the php:8.3-apache-bookworm image behind a corporate proxy.
2. Run composer install with any project that requires dependencies from GitHub.

Expected behavior:

The dependencies should be downloaded without connection issues, as they were with ~php:8.2-apache-bookworm~ php:8.2-apache-bullseye.

Additional information:

• PHP version: 8.3.12 (cli)
• Curl version: 7.88.1-10+deb12u7
• Proxy environment: Corporate proxy (configured with http_proxy and https_proxy environment variables)
• This issue does not occur with the php:8.2-apache-bookworm image, suggesting it may be related to the upgrade to PHP 8.3 and/or the version of libcurl.

Please advise if any additional information is required to assist in debugging this issue.

[LaurentGoderre]

What happens if you pull down the latest php:8.2-apache-bookworm?

[jvancoillie]

I apologize for the error in my initial request. I mentioned that the expected behavior was based on php:8.2-apache-bookworm, while it was actually php:8.2-apache-bullseye.

Summary of tests:

• With 8.2-apache-bookworm, the problem persists:

  curl version: 7.88.1-10+deb12u7
  PHP: 8.2.24

  Error:

  curl error 2 while downloading ... [CONN-1-0] send: no filter connected

• With 8.2-apache-bullseye, no issues were encountered:

  curl version: 7.74.0-1.3+deb11u13
  PHP: 8.2.24

• With 8.3-apache-bullseye, no issues either:

  curl version: 7.74.0-1.3+deb11u11
  PHP: 8.3.18

It seems the issue is specific to the bookworm distribution and the version of libcurl (7.88.1-10+deb12u7). The same problem does not arise on bullseye with an earlier version of curl (7.74.0).

[LaurentGoderre]

Ive read that some version of cUrl have issues with multiplexing with http2 so you try setting the http version to 1.1 using CURLOPT_HTTP_VERSION = CURL_HTTP_VERSION_1_1 or something similar

https://www.php.net/manual/en/curl.constants.php#constant.curlopt-http-version

[jvancoillie]

Thanks for the suggestion. Unfortunately, this forces me to add a specific configuration for using Composer to work around the libcurl issue. It's quite problematic in my workflow. So I think I'll stick with Bullseye for now. I would have liked to benefit from Bookworm, but it seems I have no choice but to wait for a patch for libcurl. 😕

[yosifkit]

🤔 If bullseye works and bookworm doesn't that seems like it could possibly be libseccomp (https://github.com/docker-library/official-images/issues/16829). You could try running the bookworm container with --security-opt seccomp=unconfined to verify whether or not it is the cause.

[jvancoillie]

Hi @yosifkit,

I tested with the --security-opt seccomp=unconfined option as suggested, but the error persists. Here’s the command I used:

docker run --rm -it \
  --security-opt seccomp=unconfined \
  -w /app \
  php:8.3-apache-bookworm \
  bash -c "apt-get update && apt-get install -y git unzip && curl -sS https://getcomposer.org/installer | php && php composer.phar create-project symfony/skeleton my_project"

Unfortunately, I’m still seeing the same error:

Failed to download psr/container from dist: curl error 2 while downloading https://api.github.com/repos/php-fig/container/zipball/c71ecc56dfe541dbd90c5360474fbc405f8d5963: [CONN-1-0] send: no filter connected

It seems that disabling seccomp didn’t solve the issue. Any additional insights would be appreciated!

Thanks!

[tianon]

Searching for related issues led me to https://github.com/rust-lang/cargo/issues/12202 and https://github.com/rust-lang/cargo/pull/12234, which are interesting (same symptoms, traced back to libcurl + proxy).

So, it might be worth filing an issue in Debian to see if the version of libcurl in Bookworm could be updated to backport https://github.com/curl/curl/commit/821f6e2a89de8aec1c7da3c0f381b92b2b801efc (as a bugfix), but I would not suggest holding your breath. :see_no_evil:

The "simpler" answer is probably to see if there's some ~easy way to disable multiplexing in composer's use of curl. :thinking:

[tianon]

I'm also going to close this as it isn't strictly an issue with the php image we maintain, and isn't something we'd update the image to fix -- feel free to continue discussing your attempts at workarounds here, however. :+1: