I had installed docker-toolbox earlier, and have now installed docker for desktop with linux wsl2 containers enabled.
I'm trying to test my hello world lambda function with aws-sam-cli using the following command in my project root folder:
sam local start-api --debug
This gives me the following output in the console:
2021-07-19 16:00:39,772 | Telemetry endpoint configured to be https://aws-serverless-tools-telemetry.us-west-2.amazonaws.com/metrics
2021-07-19 16:00:39,774 | Using config file: samconfig.toml, config environment: default
2021-07-19 16:00:39,774 | Expand command line arguments to:
2021-07-19 16:00:39,774 | --template_file=F:\upwork\code\dynamodb-lambda-local\.aws-sam\build\template.yaml --host=127.0.0.1 --port=3000 --static_dir=public --layer_cache_basedir=C:\Users\Administrator\AppData\Roaming\AWS SAM\layers-pkg --container_host=localhost --container_host_interface=127.0.0.1
2021-07-19 16:00:40,191 | local start-api command is called
2021-07-19 16:00:40,199 | No Parameters detected in the template
2021-07-19 16:00:40,237 | 3 stacks found in the template
2021-07-19 16:00:40,237 | No Parameters detected in the template
2021-07-19 16:00:40,265 | 3 resources found in the stack
2021-07-19 16:00:40,266 | No Parameters detected in the template
2021-07-19 16:00:40,294 | Found Serverless function with name='HelloWorldFunction' and CodeUri='HelloWorldFunction'
2021-07-19 16:00:40,294 | --base-dir is not presented, adjusting uri HelloWorldFunction relative to F:\upwork\code\dynamodb-lambda-local\.aws-sam\build\template.yaml
2021-07-19 16:00:40,336 | Docker is not reachable
Traceback (most recent call last):
File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\urllib3\connectionpool.py", line 699, in urlopen
httplib_response = self._make_request(
File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\urllib3\connectionpool.py", line 382, in _make_request
self._validate_conn(conn)
File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\urllib3\connectionpool.py", line 1010, in _validate_conn
conn.connect()
File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\urllib3\connection.py", line 411, in connect
self.sock = ssl_wrap_socket(
File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\urllib3\util\ssl_.py", line 453, in ssl_wrap_socket
ssl_sock = _ssl_wrap_socket_impl(sock, context, tls_in_tls)
File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\urllib3\util\ssl_.py", line 495, in _ssl_wrap_socket_impl
return ssl_context.wrap_socket(sock)
File "ssl.py", line 500, in wrap_socket
File "ssl.py", line 1040, in _create
File "ssl.py", line 1309, in do_handshake
ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1125)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\requests\adapters.py", line 439, in send
resp = conn.urlopen(
File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\urllib3\connectionpool.py", line 755, in urlopen
retries = retries.increment(
File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\urllib3\util\retry.py", line 574, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='127.0.0.1', port=2375): Max retries exceeded with url: /v1.35/_ping (Caused by SSLError(SSLError(1, '[SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1125)')))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\samcli\local\docker\utils.py", line 89, in is_docker_reachable
docker_client.ping()
File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\docker\client.py", line 187, in ping
return self.api.ping(*args, **kwargs)
File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\docker\api\daemon.py", line 166, in ping
return self._result(self._get(self._url('/_ping'))) == 'OK'
File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\docker\utils\decorators.py", line 46, in inner
return f(self, *args, **kwargs)
File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\docker\api\client.py", line 230, in _get
return self.get(url, **self._set_request_timeout(kwargs))
File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\requests\sessions.py", line 555, in get
return self.request('GET', url, **kwargs)
File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\requests\sessions.py", line 542, in request
resp = self.send(prep, **send_kwargs)
File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\requests\sessions.py", line 655, in send
r = adapter.send(request, **kwargs)
File "C:\Program Files\Amazon\AWSSAMCLI\runtime\lib\site-packages\requests\adapters.py", line 514, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='127.0.0.1', port=2375): Max retries exceeded with url: /v1.35/_ping (Caused by SSLError(SSLError(1, '[SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1125)')))
Error: Running AWS SAM projects locally requires Docker. Have you got it installed and running?
I have already tried this, for accepting dual SSL behaviour at Client and Server.
https://docs.docker.com/engine/security/protect-access/#create-a-ca-server-and-client-keys-with-openssl
but got stuck here
docker --tlsverify --tlscacert=ca.pem --tlscert=server-cert.pem --tlskey=server-key.pem -H=0.0.0.0:2376 version
docker --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem -H=172.17.0.2/16:2376 version
Note: dockerd doesnt' works on windows. So I have replaced it with docker [flags value] version.
on Port 2376, For running this cmd
docker --tlsverify --tlscacert=ca.pem --tlscert=server-cert.pem --tlskey=server-key.pem -H=0.0.0.0:2376 version
I get following error
error during connect: Get "https://0.0.0.0:2376/v1.24/version": dial tcp 0.0.0.0:2376: connectex: No connection could be made because the target machine actively refused it.
Similarly on 2375:
http: server gave HTTP response to HTTPS client Client
on 5354:
wsarecv: An existing connection was forcibly closed by the remote host.
I am not able to figure out the root cause, why is this happening. Whether its due to Port Occupation, SSL error.
Here is what worked for me after spending 1 full day on this.
According to https://github.com/docker/for-win/issues/3546 the accepted solution there is to
I had the same issue. By some reason Windows reserves port 2375:
netsh interface ipv4 show excludedportrange protocol=tcp
If you see that one of port ranges include port 2375 then you have the same issue.
Disable Hyper-V and reboot:
dism.exe /Online /Disable-Feature:Microsoft-Hyper-V
Then reserve port 2375:
netsh int ipv4 add excludedportrange protocol=tcp startport=2375 numberofports=1
Enable Hyper-V and reboot again:
dism.exe /Online /Enable-Feature:Microsoft-Hyper-V /All
Now it should be fine.
Also see this thread where I found this solution.
Which got me thinking all this is because Docker itself blocks 2375 and again complains that it cannot reserve 2375. The Audacity.
So I did the following