Not able to do openssl or curl from the docker container

vmanthena · February 10, 2022, 10:19am

Hi, I am running into an strange issue, we are building an custom application docker image by bundling the pre configured rasa container. One of our use case is to call the custom action server and based on the documentation we have configured our custom action end point (https) and provided CAfile path, when we run the action we get the below error.

Traceback (most recent call last):
  File "/opt/venv/lib/python3.8/site-packages/aiohttp/connector.py", line 969, in _wrap_create_connection
    return await self._loop.create_connection(*args, **kwargs)  # type: ignore  # noqa
  File "uvloop/loop.pyx", line 2019, in create_connection
  File "uvloop/loop.pyx", line 2014, in uvloop.loop.Loop.create_connection
  File "uvloop/sslproto.pyx", line 515, in uvloop.loop.SSLProtocol._on_handshake_complete
  File "uvloop/sslproto.pyx", line 497, in uvloop.loop.SSLProtocol._do_handshake
  File "/usr/lib/python3.8/ssl.py", line 944, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:1131)

Just to isolate the issue, what i am trying to do is to try the openssl or curl from the container to the server and it fails with same SSLV3 exception. But if i remove the rasa image and try it from container, i am able to do openssl or curl to server. Really clueless on whats happening and why this behavior when we bundle rasa image.

My Docker File

FROM rasa/rasa:latest
USER root
COPY . /app
WORKDIR /app
ENTRYPOINT ["rasa"]
CMD ["run","--enable-api","--port","8443"]

Can you please help, we are blocked for a while now.

nik202 · February 10, 2022, 6:32pm

@vmanthena share docker ps and all the Dockerfile and docker-compose file.

vmanthena · February 10, 2022, 8:12pm

We dont have any docker-compose, we just have the docker file and i am running the docker build and docker run commands.I have already shared the dockerfile above.

vmanthena · February 11, 2022, 7:10am

@nik202 CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES af597a17033a cairasa2 “rasa run --enable-a…” 15 seconds ago Up 14 seconds 5005/tcp, 0.0.0.0:8443->8443/tcp strange_borg

nik202 · February 11, 2022, 1:47pm

@vmanthena how are you training the model and you are not using actions server right?

vmanthena · February 12, 2022, 9:21am

@nik202 I missed the training model step. Yes, we are not using action server, we want to use our own custom server for fulfillment and we are not able to invoke the custom action server endpoint.

nik202 · February 12, 2022, 12:57pm

@vmanthena please update the new file with training step and try?

vmanthena · February 16, 2022, 5:54am

I got it resolved. The issue was the HTTP external end point communicates only on TLS1.0 & TLS1.1 and the openssl which comes with RASA is “1.1.1f” version which does not allow TLS1.0 & TLS1.1.

I have upgraded the openssl version to “1.1.1m” and it works.

nik202 · February 16, 2022, 12:41pm

@vmanthena great, please close this thread a solution for others, and good luck!

Topic		Replies	Views
RASA deployment with Kubernets Rasa Open Source	1	446	November 17, 2020
When i run my code using "rasa shell" my code works fine even custom action also works....but as i run docker-compose up my custom action not working showing this error Rasa Open Source testing	20	2751	April 21, 2022
Invoking Custom Action Server running on Https Rasa Open Source	3	665	February 9, 2023
Building a custom Action Server Image [Deprecated] Rasa X Community Edition	9	1279	January 24, 2021
Docker: Couldn't connect to the action server but it is running Rasa Open Source	1	999	November 26, 2021

Not able to do openssl or curl from the docker container

Related topics