在Docker上向Apple APNScurlHTTP2请求失败，但在Mac OSX上运行

我正在通过新的HTTP2服务器testingApple推送通知。为此我build立了CURL的HTTP2支持，并链接到PHP。

我通常的开发环境是PHP的Docker容器。在容器上，我可以对任何服务器执行简单的Curl HTTP2请求，但是如果我调用Apple APNS服务器，则会调用HTTP1.1。奇怪的。正如你从Docker的Curl的日志中看到的那样，http2调用被“翻译”为HTTP / 1.1，从而在苹果方面失败了。

相同版本的Curl也适用于我的本地机器（Mac OSX Sierra）。

就好像Docker上的Culr不能与Apple的APNS服务器交谈HTTP2，但是可以与其他服务器交互（参见nghttp2.org的例子）。实际上在山峰上可以看到

* ALPN, offering h2 * ALPN, offering http/1.1

而这些线路从Docker调用中丢失。我应该在Docker上暴露一些更多的端口，还是我缺less一些configuration？

这是塞拉利昂：

 (master) ~/web/sites/laravel_test/laradock$ curl -V curl 7.57.0 (x86_64-apple-darwin16.7.0) libcurl/7.57.0 OpenSSL/1.0.2n zlib/1.2.8 nghttp2/1.28.0 Release-Date: 2017-11-29 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp Features: AsynchDNS IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy (master) ~/web/sites/laravel_test/laradock$ curl -d '{"aps":{"alert":"hi","sound":"default"}}' --cert /Users/walter/web/sites/laravel_test/project/tn_signal_backoffice/resources/certificates/pushcert.pem -H "apns-topic: it.xxx.xxx" --http2 -v https://api.development.push.apple.com/3/device/a8a......989 * Trying 17.188.166.27... * TCP_NODELAY set * Connected to api.development.push.apple.com (17.188.166.27) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: /usr/local/etc/openssl/cert.pem CApath: /usr/local/etc/openssl/certs * TLSv1.2 (OUT), TLS header, Certificate Status (22): * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Request CERT (13): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Certificate (11): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS handshake, CERT verify (15): * TLSv1.2 (OUT), TLS change cipher, Client hello (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS change cipher, Client hello (1): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * ALPN, server accepted to use h2 * Server certificate: * subject: CN=api.development.push.apple.com; OU=management:idms.group.533599; O=Apple Inc.; ST=California; C=US * start date: Jul 25 19:35:19 2017 GMT * expire date: Aug 24 19:35:19 2019 GMT * subjectAltName: host "api.development.push.apple.com" matched cert's "api.development.push.apple.com" * issuer: CN=Apple IST CA 2 - G1; OU=Certification Authority; O=Apple Inc.; C=US * SSL certificate verify ok. * Using HTTP2, server supports multi-use * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * Using Stream ID: 1 (easy handle 0x7f9e6d807800) > POST /3/device/a8ae5.........2989 HTTP/2 > Host: api.development.push.apple.com > User-Agent: curl/7.57.0 > Accept: */* > apns-topic: it.iakta.tn.signal.Signal > Content-Length: 40 > Content-Type: application/x-www-form-urlencoded > * Connection state changed (MAX_CONCURRENT_STREAMS updated)! * We are completely uploaded and fine < HTTP/2 200 < apns-id: 595BFAD3-78AA-1ECF-1114-E54073952B3A < * Connection #0 to host api.development.push.apple.com left intact

Docker（ Version 17.09.1-ce-mac42 (21090) ）也是如此

 root@c8543e10e31d:/var/www/tn_signal_backoffice/public# curl -V curl 7.57.0 (x86_64-pc-linux-gnu) libcurl/7.57.0 OpenSSL/1.0.1t zlib/1.2.8 nghttp2/1.28.0 Release-Date: 2017-11-29 Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp Features: AsynchDNS IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy root@c8543e10e31d:/var/www/tn_signal_backoffice/public# curl -d '{"aps":{"alert":"hi","sound":"default"}}' --cert /var/www/tn_signal_backoffice/resources/certificates/pushcert.pem -H "apns-topic: it.xxx.xxx" --http2 -v https://api.development.push.apple.com/3/device/a8ae5c......ea532989 --output - * Trying 17.188.166.27... * TCP_NODELAY set * Connected to api.development.push.apple.com (17.188.166.27) port 443 (#0) * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: none * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Request CERT (13): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Certificate (11): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS handshake, CERT verify (15): * TLSv1.2 (OUT), TLS change cipher, Client hello (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS change cipher, Client hello (1): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * Server certificate: * subject: CN=api.development.push.apple.com; OU=management:idms.group.533599; O=Apple Inc.; ST=California; C=US * start date: Jul 25 19:35:19 2017 GMT * expire date: Aug 24 19:35:19 2019 GMT * subjectAltName: host "api.development.push.apple.com" matched cert's "api.development.push.apple.com" * issuer: CN=Apple IST CA 2 - G1; OU=Certification Authority; O=Apple Inc.; C=US * SSL certificate verify ok. > POST /3/device/a8ae5c.....aaea532989 HTTP/1.1 > Host: api.development.push.apple.com > User-Agent: curl/7.57.0 > Accept: */* > apns-topic: it.iakta.tn.signal.Signal > Content-Length: 40 > Content-Type: application/x-www-form-urlencoded > * upload completely sent off: 40 out of 40 bytes * Connection #0 to host api.development.push.apple.com left intact root@c8543e10e31d:/var/www/tn_signal_backoffice/public# curl --http2 -I nghttp2.org HTTP/1.1 101 Switching Protocols Connection: Upgrade Upgrade: h2c HTTP/2 200 date: Fri, 15 Dec 2017 08:50:07 GMT content-type: text/html last-modified: Sat, 25 Nov 2017 14:02:51 GMT etag: "5a19780b-19e1" accept-ranges: bytes content-length: 6625 x-backend-header-rtt: 0.001119 server: nghttpx via: 2 nghttpx x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff