search

henrywhitaker3 / Speedtest-Tracker

Continuously track your internet speed
GNU General Public License v3.0
1.52k stars 121 forks source link

[BUG] SSL Connect Error #583

Closed TRingo1 closed 3 years ago

TRingo1 commented 3 years ago

I have manuall update geoip2city db, i have also verified the speedtest is causing this error. where should i look to troubleshoot?

Here are the logs from when i click the manual test which failed test

[2021-04-25 15:00:03.414] [error] Configuration - SSL connect error (UnknownException)

[2021-04-25 15:00:03.414] [error] Configuration - Cannot retrieve configuration document (0)

[2021-04-25 15:00:03.415] [error] ConfigurationError - Could not retrieve or read configuration (Configuration)

[2021-04-25 15:00:03.415] [error] ConfigurationError - Could not retrieve or read configuration (Configuration)

{"type":"log","timestamp":"2021-04-25T15:00:03Z","message":"Configuration - Could not retrieve or read configuration (ConfigurationError)","level":"error"}

[2021-04-25 15:20:33.122] [error] Configuration - SSL connect error (UnknownException)

[2021-04-25 15:20:33.123] [error] Configuration - Cannot retrieve configuration document (0)

[2021-04-25 15:20:33.123] [error] ConfigurationError - Could not retrieve or read configuration (Configuration)

[2021-04-25 15:20:33.123] [error] ConfigurationError - Could not retrieve or read configuration (Configuration)

{"type":"log","timestamp":"2021-04-25T15:20:33Z","message":"Configuration - Could not retrieve or read configuration (ConfigurationError)","level":"error"}

henrywhitaker3 commented 3 years ago

You can leave the geoip stuff, doesn't get used and everything will still work without it.

Re the error, will look into it

TRingo1 commented 3 years ago

Henry, thanks, just to note when i manually run speedtest from the container console, I get the same error listed above.

You can leave the geoip stuff, doesn't get used and everything will still work without it.

Re the error, will look into it

TRingo1 commented 3 years ago

I am currently running Docker desktop 3.3.1 on my macbook pro BigSur 11.2.3. did some basic troubleshooting, and i am NOT able to ping from the container any external ip network. I also built the container manually and same results.

henrywhitaker3 commented 3 years ago

If you can't ping anything, looks like a networking issue rather than one with the container. How are you running it?

TRingo1 commented 3 years ago

If you can't ping anything, looks like a networking issue rather than one with the container. How are you running it?

Hey, i built the container with the compose yaml configs, i have build the latest image, and the dev image from your repository. it does seem like a networking problem, and maybe specific to MacOS and Docker Desktop and networking, ill continue to troubleshoot and update my findings here. i also have other containers which i can ping the internet, and also resolves dns correctly.

suth commented 3 years ago

Running into the same error as well, unfortunately not very experienced with Docker so haven't made much progress troubleshooting. For a minute I was also having trouble pinging anything from inside the container, but for some reason I can now, yet manually running the speedtest yields the error.

Edit: Below is the output of speedtest -v, if I use curl to access the mentioned URL it works fine.

[2021-04-28 12:19:13.602] [warning] Failure during HTTP request (effective url: https://cli.speedtest.net/api/cli/config?deviceId=redacted)
[2021-04-28 12:19:13.602] [warning] UnknownException
[2021-04-28 12:19:13.602] [warning] SSL connect error
[2021-04-28 12:19:13.602] [error] Configuration - SSL connect error (UnknownException)
[2021-04-28 12:19:13.605] [error] Configuration - Cannot retrieve configuration document (0)
[2021-04-28 12:19:13.606] [error] ConfigurationError - Could not retrieve or read configuration (Configuration)
[2021-04-28 12:19:13.609] [error] ConfigurationError - Could not retrieve or read configuration (Configuration)
[error] Configuration - Could not retrieve or read configuration (ConfigurationError)
sOblivionsCall commented 3 years ago

If you can't ping anything, looks like a networking issue rather than one with the container. How are you running it?

Hey, i built the container with the compose yaml configs, i have build the latest image, and the dev image from your repository. it does seem like a networking problem, and maybe specific to MacOS and Docker Desktop and networking, ill continue to troubleshoot and update my findings here. i also have other containers which i can ping the internet, and also resolves dns correctly.

Lets start with the basics here:

Please provide the output from these commands.

sOblivionsCall commented 3 years ago

Running into the same error as well, unfortunately not very experienced with Docker so haven't made much progress troubleshooting. For a minute I was also having trouble pinging anything from inside the container, but for some reason I can now, yet manually running the speedtest yields the error.

Edit: Below is the output of speedtest -v, if I use curl to access the mentioned URL it works fine.

[2021-04-28 12:19:13.602] [warning] Failure during HTTP request (effective url: https://cli.speedtest.net/api/cli/config?deviceId=redacted)
[2021-04-28 12:19:13.602] [warning] UnknownException
[2021-04-28 12:19:13.602] [warning] SSL connect error
[2021-04-28 12:19:13.602] [error] Configuration - SSL connect error (UnknownException)
[2021-04-28 12:19:13.605] [error] Configuration - Cannot retrieve configuration document (0)
[2021-04-28 12:19:13.606] [error] ConfigurationError - Could not retrieve or read configuration (Configuration)
[2021-04-28 12:19:13.609] [error] ConfigurationError - Could not retrieve or read configuration (Configuration)
[error] Configuration - Could not retrieve or read configuration (ConfigurationError)

Can you confirm and provide the output that you can curl that url from inside the container? The obvious thing is this looks like an SSL issue but we may have to dig to figure out exactly what is going on.

suth commented 3 years ago

Yeah, I'll include the verbose output from curl from inside the container. Out of curiosity I just tried tried out brennentsmith/internet-speed-logger only to have the same problem running the speedtest command despite curl seeming to work, so it seems highly likely it's specific to MacOS and Docker Desktop as @TRingo1 suggests.

* Connected to cli.speedtest.net (151.101.2.219) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-CHACHA20-POLY1305
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=US; ST=Washington; L=Seattle; O=Ookla LLC; CN=www.speedtest.net
*  start date: Apr 16 13:56:57 2021 GMT
*  expire date: Apr 17 13:56:57 2022 GMT
*  subjectAltName: host "cli.speedtest.net" matched cert's "*.speedtest.net"
*  issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign CloudSSL CA - SHA256 - G3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7f5683ccc1b0)
> GET /api/cli/config?deviceId=... HTTP/2
> Host: cli.speedtest.net
> user-agent: curl/7.74.0
> accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
< HTTP/2 200
< content-type: application/json; charset=UTF-8
< x-envoy-upstream-service-time: 1
< date: Wed, 28 Apr 2021 17:18:29 GMT
< accept-ranges: bytes
< vary: Accept-Encoding
< content-length: 2604
<
{"suite":{"global":{"engine": ...
sOblivionsCall commented 3 years ago

@suth how bad is it for me to say that you should delete MacOS off that machine and install Linux :rofl: .

Ok joke aside, i do not see any exceptions at all in that output which is directly in line with what you have said. Is there a chance you can create a linux vm, install the cli, the execute the command? This will either rule out MacOS or confirm it as they will both use the same networking stack. My hunch is the issue is somewhere in the Docker Overlay Network running specifically on the MacOS Networking stack.

suth commented 3 years ago

@sOblivionsCall ha, it may get a Linux install someday but for now I have a few things stopping that from happening.

I have an Ubuntu vm in virtualbox that I was able to run the speedtest cli on with no problems. I just tried an ubuntu container and after installing curl and the cli I get the same result where curl is fine but the cli gives an SSL connect error. Thanks for your help, this has been an interesting way to dive into Docker.

sOblivionsCall commented 3 years ago

@sOblivionsCall ha, it may get a Linux install someday but for now I have a few things stopping that from happening.

I have an Ubuntu vm in virtualbox that I was able to run the speedtest cli on with no problems. I just tried an ubuntu container and after installing curl and the cli I get the same result where curl is fine but the cli gives an SSL connect error. Thanks for your help, this has been an interesting way to dive into Docker.

So at this point all i can say is you are seeing something weird in the MacOS/Docker networking stack and officially out of my area of knowledge :(

henrywhitaker3 commented 3 years ago

Might be an SSL dependency missing on your Mac? Don't have one to test this though

suth commented 3 years ago

Yeah, I've had to give up on this for now... tried running on an old linux device only to find it didn't have gigabit ethernet... 🤦‍♂️ It's hard to debug without the Speedtest CLI being open source.

All this has given me an idea about how #590 could be implemented. It'd be nice if there was an API endpoint in the Laravel app that results could be reported to. In my case I could run the CLI in the host machine, but it would also make the dashboard provider agnostic. Would also be a step towards being able to monitor remote networks as well in a single dashboard. If I can find the time I may take a swing at adding an endpoint.

suth commented 3 years ago

A recent update to Docker Desktop Desktop for Mac seems to have fixed the SSL issue.

henrywhitaker3 commented 3 years ago

Sound, will close this then