I’m unable to generate conjur token which is used by the application(BotApp - demo app) to fetch the secret from conjur using the command " curl -d “” -k https://proxy/authn/myConjurAccount/host%2FBotApp%2FmyDemoApp/authenticate > /tmp/conjur_token "then getting this error curl (7) : Failed to connect to proxy port 443: Connection refused.
All the containers (nginx, conjur client and server, postgre, alpine-bash-curl-jq) except openssl are up and running fine. Followed this guide till now(https://www.conjur.org/)
When trying to execute the command docker-compose up openssl then i get this error - Openssl exited with code 1. Please can anyone help me solving this issue
Hi Vulli,
the openssl container is just needed for the keypair generation. Once that is done it’s not needed anymore. Maybe the output of the httpd logs will give some more information :
$ docker logs nginx_proxy
… or , to start simple, does ‘proxy’ resolve to the IP address of your nginx_proxy container ?
$ docker inspect nginx_proxy | jq '.[].NetworkSettings.Networks[].IPAddress'
Are you running the curl command inside the BotApp Docker container? This could be the problem
Yes Jake but even if I use the curl command outside the botapp container I am getting the same error
Hi Pieter,
Thanks for the reply and also I replaced the proxy with the IP address of nginx_proxy and still getting the same error
can you ping the address of the proxy ? Or connect using ssl :
$ ssh -p 443 -v <PROXY_IPADDRESS>
executed the above command
ssh : connect to host IPAddress port 443 : Connection Timed Out
Can there be a firewall involved ? Try shutting down your firewall for a while :
# systemctl stop firewalld # or
# systemctl stop iptables # or
# service iptables stop
I get that error when I’m outside the containers but not inside. I’m trying to replicate it. What OS are you on?
I am working on Windows 7 VM. Is this a problem with the botapp container ?
OK, forget about my reply here… Docker requires some iptables NATting, which it lacks once you shut down iptables. Docker will set up iptables, inclusing the prerouting for the containers… Try restarting docker so it will re-setup iptables, and then restart conjur_server ( since the container leaves the server pidfile linger around. Just restarting the container will fail starting the conjur server ) :
# systemctl restart docker
# docker exec -ti conjur_server rm /opt/conjur-server/tmp/pids/server.pid
# docker stop conjur_server
# docker start conjur_server
-edit- wait… Windows 7 host ? sorry, I’m out… But maybe restarting Docker will also touch any Windows firewalling stuff )
Reading another post on this forum, I found :
So on linux in order for the DAP container to run, as a prerequisite you have to have firewalld running. (yes makes sense as we forwarding ports but that can be handled by docker itself, so not that clear, have asked for online docs to be updated).
so… your issue is probably caused by missing port forwarding, which in turn is caused by the fact that Windows might not be a supported host OS ( yet ? )
Thanks Pieter, will check that and come back to you
I’m getting the same error on the same step in an Ubuntu VM. I’m going to keep working on this to try to figure out what’s going on
Edit:
Still working on this, but did find the common connection that we both did similar things to fix our problems with the NGINX container(Trouble with Quick Start Guide on Ubuntu), I wonder if this is related.
Hi @vullipriyanka, I was getting the 443 error, because of a problem with the certs not getting copied right. I go into more detail in my last post on how we fixed this. Can you check if the guide I just posted solves your error too? Conjur Quick Start - Ubuntu Workaround
Thank you jake for the information provided. Will try to work on this today
Hmmm it might just be that you’re using the Windows VM then. I would switch OS’s if that’s possible