I have a server on which I want to deploy a container that needs access to the internet, but right now this only works for some urls and not for others.
In a container (behaviour is the same for all tested images but I am using docker run -it jonabelle/docker-network-tools
) I am able to curl
https://google.com
and https://youtube.com
while I’m getting timeouts for https://gitlab.com
, https://wikipedia.com
, and https://github.com
.
From the host I am able to curl
all the urls successfully, it’s just in the containers that I get timeouts.
In the container:
nslookup
works for the urls that are getting timeouts, so it’s not a DNS issue.traceroute -I github.com
also eventually arives at the ip that I got withhost github.com
.telnet github.com 443
andtelnet github.com 80
connect successfully.- but still
curl https://github.com
hangs indefinitely
The output of curl -v https://github.com
hangs during TLS:
* Host github.com:443 was resolved.
* IPv6: (none)
* IPv4: 140.82.121.3
* Trying 140.82.121.3:443...
* Connected to github.com (140.82.121.3) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
I have replicated the same steps on my laptop, where it works, and compared the networking config with docker inspect $CONTAINER
and docker inspect bridge
(which is the network both containers are in) where, except for the network and container ids, everything it the same.
I am at my wits end here, connecting to github works on the server and in a container with the same network configuration on my laptop, but when running a container on the server, TLS times out.
What I find especially weird, is that some urls work perfectly fine.
How do I go about troubleshooting this?
For completion sake here is the network config on the server(except for the IDs they are the same on my laptop)
docker network inspect bridge
:
[
{
"Name": "bridge",
"Id": "420676ee8b7fcf5ea96a269cc32af5716ffeaefebbf158a549a8a2ce9dda9696",
"Created": "2024-04-16T17:38:54.080001438+02:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]
and docker inspect <container-name>
...
"NetworkSettings": {
"Bridge": "",
"SandboxID": "659eaf6d3fee5727df05046e656bfc2e871a1e66d55f7af6dd800565f0fe5bd8",
"SandboxKey": "/var/run/docker/netns/659eaf6d3fee",
"Ports": {},
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "",
"Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"MacAddress": "",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"MacAddress": "",
"NetworkID": "420676ee8b7fcf5ea96a269cc32af5716ffeaefebbf158a549a8a2ce9dda9696",
"EndpointID": "",
"Gateway": "",
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"DriverOpts": null,
"DNSNames": null
}
}
}