9

I've got a flask application with SSL authorization. Here is my run.py:

#!flask/bin/python
from app import app
import ssl
ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
ctx.load_cert_chain('sertnew/se-emulator.crt', 'sertnew/se-emulator.key')
app.run(debug=True, host='127.0.0.1', port=5000, ssl_context=ctx)

On my machine, I run it simply with python run.py Then I open https://localhost:5000 in chrome and it works (there is a message of non-secure connection, but it's ok for me)

Now I'm trying to make it work in Docker container. I've got a Dockerfile like this:

FROM python:3.5-slim
RUN apt-get update && apt-get install -y python3-pip
COPY . /storage-emulator
WORKDIR /storage-emulator
RUN pip3 install -r requirements.txt
EXPOSE 5000
ENTRYPOINT ["python"]
CMD ["run.py"]

and try to run it in different ways. I can see "Running on https://127.0.0.1:5000/ (Press CTRL+C to quit)" message, but can't open the page in the browser. What am I doing wrong?

Julia Aleksandrova
  • 105
  • 1
  • 6
  • Can you expand a bit more on "Can't open the page in the browser"? What's the error that the browser shows? – shad0w_wa1k3r Feb 13 '18 at 11:51
  • What is the command you use to run the docker images? – Chamath Feb 13 '18 at 11:51
  • I run it with docker run -itp 5000:5000 my_app – Julia Aleksandrova Feb 13 '18 at 11:56
  • In browser I see This site can’t be reached `localhost unexpectedly closed the connection. ERR_CONNECTION_CLOSED` – Julia Aleksandrova Feb 13 '18 at 11:57
  • I also have a python script posting data, it uses SSL as well and it works fine when I run the application without docker. With docker I get error `requests.exceptions.SSLError: HTTPSConnectionPool(host='localhost', port=5000): Max retries exceeded with url: /post_data (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:748)'),))` – Julia Aleksandrova Feb 13 '18 at 11:59

1 Answers1

5

This is a rather easy fix, you have to change this line:

app.run(debug=True, host='127.0.0.1', port=5000, ssl_context=ctx)

to 

app.run(debug=True, host='0.0.0.0', port=5000, ssl_context=ctx)

You have to think from the containers' perspective: The container has its own "localhost", which is different from the localhost of the host machine, all of that means that flask has never received the request.

Therefore you can simply bind to all IPs within the container, which is done by binding to "0.0.0.0".

isset
  • 2,093
  • 1
  • 13
  • 14
  • 1
    Almost right. I changed: `app.run(debug=True, host='0.0.0.0', port=443, ssl_context=ctx)` port needs to be 443 (I don't remember why) . Exposed 443 port in Dockerfile and run it with ` docker run -itp 10443:443 my_app` and it works – Julia Aleksandrova Feb 13 '18 at 13:31
  • 1
    @JuliaAlexandrova That's likely because the *browser* expects SSL connections over the standard port, which is 443. – shad0w_wa1k3r Feb 13 '18 at 13:45