I am new to Google compute engine VM with docker, having a problem connecting some domains from inside containers. But able to connect those domains from the GCP CE VM instance. Any idea about this? also, can you let me know where I can find those HTTP_PROXY / HTTPS_PROXY IP / host addresses in Google compute engine VM? thx!
I have tried the same docker setup in my local system (WSL) and it's working correctly.
Please see the below images:
In GCE VM (The dockerd host system), there is no issue:
unify@unify-dev-environment:~/projects$ curl -I https://google.com
HTTP/2 301
location: https://www.google.com/
content-type: text/html; charset=UTF-8
content-security-policy-report-only: object-src 'none';base-uri 'self';script-src 'nonce-q7i12PJVgSJCv3xI9f03-g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
date: Thu, 13 Apr 2023 14:29:03 GMT
expires: Sat, 13 May 2023 14:29:03 GMT
cache-control: public, max-age=2592000
server: gws
content-length: 220
x-xss-protection: 0
x-frame-options: SAMEORIGIN
unify@unify-dev-environment:~/projects$ curl -I https://getcomposer.org
HTTP/2 200
server: nginx
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
date: Thu, 13 Apr 2023 14:29:13 GMT
strict-transport-security: max-age=31104000
But In the docker container, we can connect to https://google.com but not the https://getcomposer.org
unify@4ee46c2dc75d:/var/www$ curl -I https://google.com
HTTP/2 301
location: https://www.google.com/
content-type: text/html; charset=UTF-8
content-security-policy-report-only: object-src 'none';base-uri 'self';script-src 'nonce-6drQIj5wPyqYh0Va-OCyXA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
date: Thu, 13 Apr 2023 14:28:35 GMT
expires: Sat, 13 May 2023 14:28:35 GMT
cache-control: public, max-age=2592000
server: gws
content-length: 220
x-xss-protection: 0
x-frame-options: SAMEORIGIN
unify@4ee46c2dc75d:/var/www$ curl -I https://getcomposer.org
curl: (35) Unknown SSL protocol error in connection to getcomposer.org:443
unify@4ee46c2dc75d:/var/www$
Note: 0-65*** ports are open for the GCE VM
Container Dockerfile
FROM php:5.6-apache
# Arguments defined in docker-compose.yml
ARG user
ARG uid
# Php/apache configs
COPY ./php56/apache2/sites-available/* /etc/apache2/sites-available/
COPY ./php56/php/conf.d/* /usr/local/etc/php/conf.d/
RUN apt-get update && \
apt-get install -y \
nano git zip libmcrypt-dev zlib1g-dev libicu-dev g++
# Clear cache
RUN apt-get clean && rm -rf /var/lib/apt/lists/*
RUN docker-php-ext-install mbstring mcrypt intl pdo_mysql mysql mysqli
RUN docker-php-ext-configure intl
# Get latest Composer
COPY --from=composer:latest /usr/bin/composer /usr/bin/composer
# Create system user to run Composer and Artisan Commands
RUN useradd -G www-data,root -u $uid -d /home/$user $user
RUN mkdir -p /home/$user/.composer && \
chown -R $user:$user /home/$user
RUN a2enmod rewrite
RUN service apache2 restart
# Set working directory
WORKDIR /var/www
USER $user
Using the container I am trying to run a simple php application. I have found a docker documents regarding Configure Docker to use a proxy server but I am not sure if GCE VM uses any proxy server.
Upon checking the error message unknown ssl protocol error in connection this one indicates that there is an issue with the ssl/tls connection between your Docker Container and remote server.
Possible causes of this concern is an outdated openSSL, an outdated version of OpenSSL may not be supported by the ssl/tls used by the remote server. We can isolate this concern by trying to connect to the remote server outside the docker container that is having an issue.
Another suggestion is to create another image in another docker container. Regarding GCE VM proxy server. There is no pre-configure HTTPS proxy by default. However you can install https proxy in your GCE VM using Squid or Nginx.
Once you install a proxy server, you can set up your GCE VM to use the proxy server by setting appropriate environment variables such as HTTP_PROXY and HTTPS_PROXY. Please be reminded that if you are using Google Cloud Load Balancer, you can configure https proxy through cloud load balancer ssl proxy feature. This can provide https load balancing for your application without requiring you to configure https proxy on your GCE VM.