toxiproxy icon indicating copy to clipboard operation
toxiproxy copied to clipboard

Published 20 hours ago verified publisher icon Shopify

Unable to use Toxi proxy from host when it is running in a container

Open ahmedtalhakhan opened this issue 5 years ago • 1 comments

I am trying to do a simple setup of using toxiproxy for 3rd party service APIs but running into an issue that I cant seem to resolve. I am running toxiproxy inside a container on my local machine and then trying to access the upstream service from the host. Here are the simple configurations

Run toxiproxy

docker run --expose 26379 --dns=8.8.8.8 -p 8474:8474 -p 26379:26379 -it shopify/toxiproxy

Create a simple proxy

toxiproxy-cli create test-proxy -l 127.0.0.1:26379 -u api.box.com:443

Make sure proxy is created

toxiproxy-cli list
Name			Listen		Upstream		Enabled		Toxics
======================================================================================
test-proxy	127.0.0.1:26379	api.box.com:443		enabled		None

The /etc/hosts file on the host machine contains the following entry.

127.0.0.1 api.box.com

Now when I try to access the upstream service from the host, the request fails with some SSL initiation error

curl -s -v -w 'Total: %{time_total}s\n' --header 'Host: api.box.com' https://api.box.com:26379/2.0/folders/0

*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to api.box.com (127.0.0.1) port 26379 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to api.box.com:26379 
* Closing connection 0
Total: 0.014964s

I have already looked at the issue https://github.com/Shopify/toxiproxy/issues/175#issuecomment-301464691 but it seems that those steps are not valid if toxiproxy is running inside a container.

The issue does not go away even If I take the approach of using a different hostname for the call by doing the following:

Use test1.box.com as the hostname of the upstream service and put it in /etc/hosts of the host machine as

127.0.0.1 test1.box.com

And then doing a request from the host machine

curl -s -v -w 'Total: %{time_total}s\n' https://test1.box.com:26379/2.0/folders/0
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to tt.box.com (127.0.0.1) port 26379 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to tt.box.com:26379 
* Closing connection 0
Total: 0.009243s

ahmedtalhakhan avatar Dec 04 '19 23:12 ahmedtalhakhan

When creating a proxy when toxiproxy is running inside a docker container you should use 0.0.0.0 as the listen address IP because listening on the localhost inside the container will not expose the proxy's port outside of the container.

toxiproxy-cli create test-proxy -l 0.0.0.0:26379 -u api.box.com:443

colinmollenhour avatar May 22 '23 21:05 colinmollenhour