SSL_ERROR_SYCALL error for all curl requests to https addresses

[nplowman]

---

BUG REPORT INFORMATION

Use the commands below to provide key information from your environment: You do NOT have to include this information if this is a FEATURE REQUEST

Description

All requests to https addresses are resulting in errors like this: curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to www.google.com:443

I first noticed this failing on a request made in the PHP application code using Guzzle, but during debugging found that it also happens when making a simple cURL request inside of the CLI container.

Steps to reproduce the issue:

1. Run fin bash to enter the CLI container.
2. Run a simple cURL request against any https address. e.g. curl https://www.google.com

I imagine this is not a globally reproducible scenario, and may be due to peculiarities on my machine. I have tried testing this with 3-4 different versions of the CLI container, so does not seem to be unique to a particular image version. I've also tried testing this on a few different projects and found the same issue with each.

Describe the results you received: The command returns the following error: OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to www.google.com:443

Describe the results you expected: I expected to receive a standard success output from the cURL command.

Output of fin config:

fin config output

``` --------------------- COMPOSE_PROJECT_NAME_SAFE: ffw-doc-generator COMPOSE_FILE: /Users/nathanplowman/.docksal/stacks/volumes-nfs.yml /Users/nathanplowman/.docksal/stacks/stack-default.yml /Users/nathanplowman/projects/ffw-doc-generator/.docksal/docksal.yml ENV_FILE: /Users/nathanplowman/projects/ffw-doc-generator/.docksal/docksal.env PROJECT_ROOT: /Users/nathanplowman/projects/ffw-doc-generator DOCROOT: public VIRTUAL_HOST: ffw-doc-generator.docksal.com VIRTUAL_HOST_ALIASES: *.ffw-doc-generator.docksal.com IP: 192.168.64.100 MySQL endpoint: 192.168.64.100:49769 Public URL: Docker Compose configuration --------------------- services: cli: dns: - 192.168.64.100 - 8.8.8.8 environment: BLACKFIRE_CLIENT_ID: null BLACKFIRE_CLIENT_TOKEN: null COMPOSER_ALLOW_XDEBUG: "1" COMPOSER_DEFAULT_VERSION: null COMPOSER_DISABLE_XDEBUG_WARN: "1" DOCROOT: public DRUSH_ALLOW_XDEBUG: "1" DRUSH_OPTIONS_URI: ffw-doc-generator.docksal.com GIT_USER_EMAIL: nathan.plowman@ffwagency.com GIT_USER_NAME: Nathan Plowman HOST_GID: "20" HOST_UID: "501" MYSQL_DATABASE: default MYSQL_HOST: db MYSQL_PASSWORD: user MYSQL_ROOT_PASSWORD: root MYSQL_USER: user PHP_IDE_CONFIG: null SECRET_ACQUIA_CLI_KEY: null SECRET_ACQUIA_CLI_SECRET: null SECRET_PLATFORMSH_CLI_TOKEN: null SECRET_SSH_PRIVATE_KEY: null SECRET_TERMINUS_TOKEN: null SSH_AUTH_SOCK: /.ssh-agent/proxy-socket VIRTUAL_HOST: ffw-doc-generator.docksal.com XDEBUG_CONFIG: client_host=192.168.64.1 remote_host=192.168.64.1 XDEBUG_ENABLED: "1" extends: file: /Users/nathanplowman/.docksal/stacks/services.yml service: cli hostname: cli healthcheck: interval: 10s image: docksal/cli:php8.1-3.2 labels: io.docksal.shell: bash io.docksal.user: docker logging: options: max-file: "10" max-size: 1m networks: default: null volumes: - type: volume source: docksal_ssh_agent target: /.ssh-agent read_only: true volume: {} - type: volume source: cli_home target: /home/docker volume: {} - type: bind source: /tmp/.docksal/ffw-doc-generator target: /tmp/.docksal/ffw-doc-generator read_only: true bind: create_host_path: true - type: volume source: project_root target: /var/www volume: nocopy: true db: dns: - 192.168.64.100 - 8.8.8.8 environment: MYSQL_ALLOW_EMPTY_PASSWORD: null MYSQL_DATABASE: default MYSQL_INITDB_SKIP_TZINFO: null MYSQL_ONETIME_PASSWORD: null MYSQL_PASSWORD: user MYSQL_RANDOM_ROOT_PASSWORD: null MYSQL_ROOT_PASSWORD: root MYSQL_USER: user extends: file: /Users/nathanplowman/.docksal/stacks/services.yml service: mariadb hostname: db healthcheck: interval: 10s image: docksal/db:1.1-mysql-5.7 logging: options: max-file: "10" max-size: 1m networks: default: null ports: - mode: ingress target: 3306 protocol: tcp volumes: - type: volume source: db_data target: /var/lib/mysql volume: {} - type: volume source: project_root target: /var/www read_only: true volume: nocopy: true web: depends_on: cli: condition: service_started dns: - 192.168.64.100 - 8.8.8.8 environment: APACHE_BASIC_AUTH_PASS: null APACHE_BASIC_AUTH_USER: null APACHE_DOCUMENTROOT: /var/www/public APACHE_FCGI_HOST_PORT: cli:9000 extends: file: /Users/nathanplowman/.docksal/stacks/services.yml service: apache hostname: web healthcheck: interval: 10s image: docksal/apache:2.4-2.5 labels: io.docksal.cert-name: none io.docksal.permanent: "false" io.docksal.project-root: /Users/nathanplowman/projects/ffw-doc-generator io.docksal.virtual-host: ffw-doc-generator.docksal.com,*.ffw-doc-generator.docksal.com,ffw-doc-generator.docksal.com.* logging: options: max-file: "10" max-size: 1m networks: default: null volumes: - type: volume source: project_root target: /var/www read_only: true volume: nocopy: true networks: default: name: ffw-doc-generator_default volumes: cli_home: name: ffw-doc-generator_cli_home db_data: name: ffw-doc-generator_db_data docksal_ssh_agent: name: docksal_ssh_agent external: true project_root: name: ffw-doc-generator_project_root driver: local driver_opts: device: :/Users/nathanplowman/projects/ffw-doc-generator o: addr=192.168.64.1,vers=3,nolock,noacl,nocto,noatime,nodiratime,actimeo=1 type: nfs --------------------- ```

Output of fin sysinfo:

fin sysinfo output

``` ███ DOCKSAL Docksal version: v1.17.0 fin version: 1.110.1 ███ OS Darwin macOS 12.0.1 Darwin US-nathanplowmanffwcom-MacBook-Pro.local 21.1.0 Darwin Kernel Version 21.1.0: Wed Oct 13 17:33:23 PDT 2021; root:xnu-8019.41.5~1/RELEASE_X86_64 x86_64 ███ ENVIRONMENT MODE : Docker Desktop DOCKER_HOST : ███ NFS DOCKSAL_NFS_PATH : /Users nfsd service is enabled nfsd is running (pid 302, 8 threads) NFS EXPORTS ---------- #/Users -alldirs -mapall=501:20 localhost # ---------- Exports list on localhost: /Users 127.0.0.1 192.168.64.1 ███ DOCKER Expected client version: 20.10.12 Expected server version: 20.10.12 Installed versions: Client: Version: 20.10.12 API version: 1.41 Go version: go1.16.12 Git commit: e91ed57 Built: Mon Dec 13 11:46:56 2021 OS/Arch: darwin/amd64 Context: default Experimental: true Server: Docker Desktop 4.15.0 (93002) Engine: Version: 20.10.21 API version: 1.41 (minimum version 1.12) Go version: go1.18.7 Git commit: 3056208 Built: Tue Oct 25 18:00:19 2022 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.6.10 GitCommit: 770bd0108c32f3fb5c73ae1264f7e503fe7b2661 runc: Version: 1.1.4 GitCommit: v1.1.4-0-g5fd4c4d docker-init: Version: 0.19.0 GitCommit: de40ad0 ███ DOCKER COMPOSE Expected version: 2.1.0 Installed version: v2.1.0 ███ DOCKSAL: PROJECTS project STATUS virtual host project root ffw-doc-generator Up 8 minutes (healthy) ffw-doc-generator.docksal.com,*.ffw-doc-generator.docksal.com,ffw-doc-generator.docksal.com.* /Users/nathanplowman/projects/ffw-doc-generator cfsbrands-webapp Exited (0) About an hour ago cfsbrands.docksal.site,*.cfsbrands.docksal.site,cfsbrands.docksal.site.* /Users/nathanplowman/next-projects/cfsbrands-webapp sitebuilding_demo Exited (255) 4 days ago sitebuilding-demo.docksal,*.sitebuilding-demo.docksal,sitebuilding-demo.docksal.* /Users/nathanplowman/projects/sitebuilding_demo huitcloud Exited (255) 4 days ago huitcloud.docksal,*.huitcloud.docksal,huitcloud.docksal.* /Users/nathanplowman/projects/huitcloud princeton_custom_db Exited (255) 7 weeks ago princeton-custom-db.docksal,*.princeton-custom-db.docksal,princeton-custom-db.docksal.* /Users/nathanplowman/projects/princeton_custom_db princetonos Exited (0) 6 weeks ago princetonos.docksal,*.princetonos.docksal,princetonos.docksal.* /Users/nathanplowman/projects/princetonos acquia_circlecisandbox Exited (255) 2 months ago acquia-circlecisandbox.docksal,*.acquia-circlecisandbox.docksal,acquia-circlecisandbox.docksal.* /Users/nathanplowman/projects/acquia_circlecisandbox stanford_profile_eval Exited (255) 2 months ago stanford-profile-eval.docksal,*.stanford-profile-eval.docksal,stanford-profile-eval.docksal.* /Users/nathanplowman/projects/stanford_profile_eval drupal_blt Exited (255) 2 months ago drupal-blt.docksal,*.drupal-blt.docksal,drupal-blt.docksal.* /Users/nathanplowman/projects/drupal_blt scholar_audit Exited (255) 3 weeks ago scholar-audit.docksal,*.scholar-audit.docksal,scholar-audit.docksal.* /Users/nathanplowman/projects/scholar_audit ███ DOCKSAL: VIRTUAL HOSTS *.ffw-doc-generator.docksal.com ffw-doc-generator.docksal.com.* ffw-doc-generator.docksal.com ███ DOCKSAL: NETWORKING DOCKSAL_IP: 192.168.64.100 DOCKSAL_HOST_IP: 192.168.64.1 DOCKSAL_VHOST_PROXY_IP: 0.0.0.0 DOCKSAL_DNS_IP: 0.0.0.0 DOCKSAL_DNS_DISABLED: 0 DOCKSAL_NO_DNS_RESOLVER: 0 DOCKSAL_DNS_UPSTREAM: DOCKSAL_DNS_DOMAIN: docksal ███ DOCKSAL: CONNECTIVITY Host to 192.168.64.100: PASS Container to 192.168.64.100: PASS Container to 192.168.64.1: PASS Checking connectivity to http://dns-test.docksal... Host: FAIL Debug info: ---------- + cat /etc/resolv.conf + grep 192.168.64.100 + ping -c 1 -W 1 dns-test.docksal PING dns-test.docksal (198.18.2.5): 56 data bytes --- dns-test.docksal ping statistics --- 1 packets transmitted, 0 packets received, 100.0% packet loss + nslookup -timeout=1 dns-test.docksal 192.168.64.100 Server: 192.168.64.100 Address: 192.168.64.100#53 Non-authoritative answer: Name: dns-test.docksal Address: 198.18.2.5 + set +x ---------- Containers: FAIL ███ DOCKER: RUNNING CONTAINERS CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f277c4b71518 docksal/apache:2.4-2.5 "httpd-foreground" 8 minutes ago Up 8 minutes (healthy) 80/tcp, 443/tcp ffw-doc-generator_web_1 190d4c843cb6 docksal/cli:php8.1-3.2 "/opt/startup.sh sup…" 8 minutes ago Up 8 minutes (healthy) 22/tcp, 3000/tcp, 9000/tcp ffw-doc-generator_cli_1 acc990fe8e54 docksal/vhost-proxy:1.8 "docker-entrypoint.s…" 17 minutes ago Up 17 minutes (healthy) 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp docksal-vhost-proxy 40c86ced17ad docksal/ssh-agent:1.4 "docker-entrypoint.s…" 42 minutes ago Up 42 minutes (healthy) docksal-ssh-agent a20fbd58ae1f docksal/dns:1.2 "docker-entrypoint.s…" 42 minutes ago Up 42 minutes (healthy) 0.0.0.0:53->53/udp docksal-dns 7d82c382b714 docksal/db:1.1-mysql-5.7 "/entrypoint.sh mysq…" 4 days ago Up 42 minutes 0.0.0.0:49769->3306/tcp ffw-doc-generator_db_1 ███ DOCKER: NETWORKS NETWORK ID NAME DRIVER SCOPE 9c71ed28b76c _default bridge local 7dfd60659f89 acquia_circlecisandbox_default bridge local 07ae14b2ef35 bridge bridge local 840dc1ff57f3 dev-portal_default bridge local f0320283d401 drupal_blt_default bridge local 48c0d991f764 ffw-doc-generator_default bridge local 8f4ee676f897 ffw-doc-generator_sail bridge local 24b435e561ee host host local 6ee9eda4668d huitcloud_default bridge local 0eaf2ac8af9c none null local 8cf628370247 princeton_custom_db_default bridge local bf761120e962 princetonos_connector bridge local 29e9d6b3dbd4 scholar_audit_default bridge local 3e53c728b0e0 sitebuilding_demo_default bridge local 64558e671eda stanford_profile_eval_default bridge local ███ DOCKER DESKTOP EXPECTED VERSION: 4.4.2 DETECTED VERSION: 4.15.0 ███ HDD Usage Filesystem Size Used Avail Capacity iused ifree %iused Mounted on /dev/disk1s1s1 466Gi 24Gi 191Gi 12% 575614 2000047800 0% / devfs 190Ki 190Ki 0Bi 100% 659 0 100% /dev /dev/disk1s5 466Gi 1.0Gi 191Gi 1% 1 2000047800 0% /System/Volumes/VM /dev/disk1s3 466Gi 544Mi 191Gi 1% 1024 2000047800 0% /System/Volumes/Preboot /dev/disk1s6 466Gi 103Mi 191Gi 1% 457 2000047800 0% /System/Volumes/Update /dev/disk1s2 466Gi 248Gi 191Gi 57% 6696402 2000047800 0% /System/Volumes/Data map auto_home 0Bi 0Bi 0Bi 100% 0 0 100% /System/Volumes/Data/home /dev/disk1s1 466Gi 24Gi 191Gi 12% 502130 2000047800 0% /System/Volumes/Update/mnt1 ```

[nplowman]

In case this helps anyone else, this resolved my issue: https://docs.docksal.io/core/system-dns/

fin config set --global DOCKSAL_DNS_DISABLED=1
fin system reset