0

I am running a docker:20.10.7-dind container.

Into this one I am running a multi containers app.

One container is a back container. Another one is a keycloak container.

I connect on the back container and have :

back$ cat /etc/resolv.conf
nameserver 127.0.0.11
options ndots:0

back$ cat /etc/nsswitch.conf
hosts: files dns

back$ nslookup keycloak.localhost
Server:     127.0.0.11
Address:    127.0.0.11#53

Non-authoritative answer:
Name:   keycloak.localhost
Address: 172.20.0.10

back$ host keycloak.localhost
keycloak.localhost has address 172.20.0.10

back$ nc keycloak.localhost 443 -vvv
keycloak.localhost (172.20.0.10:443) open

However, when it comes to curl :

back$ curl https://keycloak.localhost -v
*   Trying 127.0.0.1:443...
* connect to 127.0.0.1 port 443 failed: Connection refused
*   Trying [::1]:443...
* Immediate connect fail for ::1: Address not available
* Failed to connect to keycloak.localhost port 443 after 0 ms: Couldn't connect to server
* Closing connection 0
curl: (7) Failed to connect to keycloak.localhost port 443 after 0 ms: Couldn't connect to server

I notice that curl badly resolve the keycloak.localhost but I cannot figure out why ?

Note that if I help curl to resolve, it works like a charm :

back$ curl https://keycloak.localhost -v --resolve keycloak.localhost:443:172.20.0.10
* Added keycloak.localhost:443:172.20.0.10 to DNS cache
* Hostname keycloak.localhost was found in DNS cache
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 172.20.0.10:443...
* Connected to keycloak.localhost (172.20.0.10) port 443 (#0)
> GET / HTTP/2
> Host: keycloak.localhost
> user-agent: curl/8.0.1
> accept: */*
> 
< HTTP/2 200 
...

I would appreciate any clue to help me understand this.

Cheers

ERO
  • 1
  • 1
  • What do you have in `/etc/hosts`? `nslookup` (but you should use `dig` instead) is a pure DNS client so it doesn't care about `/etc/hosts` and just ask some nameserver. On the contrary, `curl` asks the OS to do the name resolution by default, and in turn the OS can take various sources to resolve name. `files` is first in `/etc/resolv.conf` so the content of `/etc/hosts` will have priority over DNS queries for a given name. – Patrick Mevzek Apr 19 '23 at 01:04
  • @PatrickMevzek ``` back$ cat /etc/hosts 127.0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters 172.18.0.1 keycloak.localhost 192.168.48.8 90c46daa0d2b ``` I have an explicit resolution in `/etc/hosts` because I have an extra host in my docker config `keycloak.localhost:host-gateway` – ERO Apr 19 '23 at 15:32

1 Answers1

0

Ok I finally figured it out.

It is due to the curl/libcurl version.

Since v7.85, curl is always resolving localhost to 127.0.0.1.

See :

https://curl.se/changes.html#7_85_0

https://github.com/curl/curl/issues/9192

I downgraded curl and my stuff is working fine now.

ERO
  • 1
  • 1