提问者:小点点

SSLEOF错误时使用Python请求会话


总结

我有一个烧瓶应用程序部署到库伯内特斯与python 2.7.12,烧瓶0.12.2和使用请求库。我得到一个SSLError,而使用请求. session发送一个POST请求在容器内。当使用请求会话连接到https网址,请求抛出一个SSLError

一些背景

  • 我没有添加任何证书
  • 当我在本地运行docker镜像时,该项目可以正常工作,但在部署到kubernetes后,从容器内部-post请求没有发送到url验证=false也不起作用

系统信息-我正在使用的:Python2.7.12,Flask==0.12.2,库伯内特斯,python-2.18.4

预期成果

发送POST请求后获取HTTP响应代码200

错误日志

r = adapter.send(request, **kwargs)
File "/usr/local/lib/python2.7/site-packages/requests/adapters.py", line 511, in send
raise SSLError(e, request=request)
SSLError: HTTPSConnectionPool(host='dev.domain.nl', port=443): Max retries exceeded with url: /ingestion?LrnDevEui=0059AC0000152A03&LrnFPort=1&LrnInfos=TWA_100006356.873.AS-1-135680630&AS_ID=testserver&Time=2018-06-22T11%3A41%3A08.163%2B02%3A00&Token=1765b08354dfdec (Caused by SSLError(SSLEOFError(8, u'EOF occurred in violation of protocol (_ssl.c:661)'),))

/usr/local/lib/python2.7/site-packages/urllib3/connectionpool.py:858:InsecureRequest estWarning:正在发出未经验证的HTTPS请求。强烈建议添加证书验证。请参阅:https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warningsInsecureRequest estWarning)

复制步骤

import requests
from flask import Flask, request, jsonify
from requests import Request, Session

sess = requests.Session()
adapter = requests.adapters.HTTPAdapter(max_retries = 200)
sess.mount('http://', adapter)
sess.mount('https://', adapter)
sess.cert ='/usr/local/lib/python2.7/site-packages/certifi/cacert.pem'


def test_post():
    url = 'https://dev.domain.nl/ingestion/?'
    header = {'Content-Type': 'application/json', 'Accept': 'application/json'}
    response = sess.post(url, headers= header, params= somepara, data= json.dumps(data),verify=True)
    print response.status_code
    return response.status_code

def main():
    threading.Timer(10.0, main).start()
    test_post()

if __name__ == '__main__':
    main()
    app.run(host="0.0.0.0", debug=True, port=5001, threaded=True)

Docker文件

FROM python:2.7-alpine
COPY ./web /web
WORKDIR /web
RUN pip install -r requirements.txt

ENV FLASK_APP app.py

EXPOSE 5001
EXPOSE 443

CMD ["python", "app.py"]

共1个答案

匿名用户

问题可能出在缺少CA证书的高山Docker映像中。在您的笔记本电脑上,代码的工作原理是使用本地工作站的CA证书。我认为在本地运行Docker映像也会失败——所以问题不是k8s。

尝试将以下行添加到Dockerfile:

RUN apk update && apk add ca-certificates && rm -rf /var/cache/apk/*

它将在容器内安装CA证书。