always got connection reset

mendhak / docker-http-https-echo

Docker image that echoes request data as JSON; listens on HTTP/S, useful for debugging.

https://code.mendhak.com/docker-http-https-echo/

MIT License

621 stars 136 forks source link

always got connection reset #62

Closed LeiYangGH closed 4 weeks ago

LeiYangGH commented 7 months ago

i ran the docker using readme commands, but when curl anything using local or external ip i always got 'connection reset'. if not run then it is connection refused, which means the docker is sort of 'working'.

LeiYangGH commented 7 months ago

update: following readme use docker mendhak/http-https-echo:31 is ok. but following https://code.mendhak.com/docker-http-https-echo, the untagged version is always not responding.

mendhak commented 7 months ago

Hey it seems to be working for me, both tagged and untagged. Both 31 and latest are the same as well, so there shouldn't be any difference. You can see the digests here match up: https://hub.docker.com/r/mendhak/http-https-echo/tags

How are you running the curl commands?

I did in one terminal:

docker run -p 8080:8080 -p 8443:8443 --rm -t mendhak/http-https-echo

Then in another:

curl localhost:8080
curl -k https://localhost:8443
curl -k -X PUT -H "Arbitrary:Header" -d aaa=bbb https://localhost:8443/hello-world

All of these gave me responses.

You could also try an nc to see if the port is reachable?

nc -v -w5 -z localhost 8080
nc -v -w5 -z localhost 8443

LeiYangGH commented 7 months ago

thanks for your quick reply!

[root@iZwz9ira2qc9d5fee9fzx4Z ~]# docker run --name echo -p 8888:8080 -p 8443:8443 --rm -t mendhak/http-https-echo

(the terminal now waits).

then i open another terminal tab, and


[root@iZwz9ira2qc9d5fee9fzx4Z ~]# nc -v -w5 -z localhost 8888
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 127.0.0.1:8888.
Ncat: 0 bytes sent, 0 bytes received in 0.01 seconds.
[root@iZwz9ira2qc9d5fee9fzx4Z ~]# curl localhost:8888
curl: (56) Recv failure: Connection reset by peer
[root@iZwz9ira2qc9d5fee9fzx4Z ~]#

mendhak commented 7 months ago

Hmm, all good here. I tried your commands exactly.

Could it be something specific to the machine you're running this on? Or something specific to docker's firewall rules?

Use nc to listen on a port:

nc -kl 8888

Then in another terminal try to connect to it

nc -v -w5 -z localhost 8888
curl localhost:8888

The curl above will hang, but you will see some output like this in the first listening tab:

GET / HTTP/1.1
Host: localhost:8888
User-Agent: curl/7.81.0
Accept: */*

If it still doesn't work with nc, there's something firewall related maybe, I'm not very good with knowing how to troubleshoot that but at least it's a direction.

If nc does work, then it might be docker specific but I'm not sure what.

You could also try -p "0.0.0.0:8888:8080" in the docker run command, where you put 0.0.0.0 in front of the port number.

LeiYangGH commented 7 months ago

i think not. as said above, using mendhak/http-https-echo:31, i can immediately curl from both local and remote. i have tried two machines.

LeiYangGH commented 7 months ago

here's docker imges:

mendhak/http-https-echo                             31                  be50bc6e9a73        7 weeks ago         125MB
mendhak/http-https-echo                             latest              b9945ea69b49        3 years ago         123MB

mendhak commented 7 months ago

Oh that :latest tag looks very old! It should match the :31 tag. Can you delete and repull the latest one?

Here's what it looks like for me

mendhak/http-https-echo                                        31                  be50bc6e9a73   7 weeks ago     125MB
mendhak/http-https-echo                                        latest              be50bc6e9a73   7 weeks ago     125MB

LeiYangGH commented 7 months ago

[root@iZwz9ira2qc9d5fee9fzx4Z ~]# cat /etc/docker/daemon.json
{
  "registry-mirrors": [
    "https://pee6w651.mirror.aliyuncs.com",
    "http://hub-mirror.c.163.com",
    "https://registry.docker-cn.com"
  ],
"insecure-registries":["172.17.0.1:5000","172.18.163.71:5000"]
}

is it possible in my registry latest version is not same as official registry? in my region i don't have network to access official docker registry.

mendhak commented 7 months ago

Oh I didn't know about regional restrictions to Docker registry. Yes it's possible that the registries you're pointing at have an older :latest tag that haven't been updated.

I don't know if it helps but I also publish to the Github registry?

https://github.com/mendhak/docker-http-https-echo/pkgs/container/http-https-echo

That allows

docker pull ghcr.io/mendhak/http-https-echo:latest

docker pull ghcr.io/mendhak/http-https-echo:31

LeiYangGH commented 7 months ago

the same. we are still using some special techniques to access github. i think the root cause has found. as a walkaround, can you update your official website version to the tagged one? it's just a suggestion, and i'm happy with your great work now, thank you very much!