Hello,
after trying a lot of other solutions from forums but none worked.
I have an Ubuntu 22.04 Server hosted by Strato (in Germany). Strato’s support says the server is docker ready.
I installed docker and docker-compose. I want to run a Bitwarden instance (and later other docker containers). The containers cannot access to internet. If I call my server with the IP I cannot access. If I try to run a Bitwarden instance it says that the container cannot access to Bitwarden api. The server can access to internet, everything I need I downloaded from internet.
Here some information for testing:
I run a docker-compose on Port 80 (example from How To Install and Use Docker Compose on Ubuntu 20.04 | DigitalOcean with the other port):
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5803e533b643 nginx:alpine “/docker-entrypoint.…” 45 hours ago Up 2 hours 0.0.0.0:80->80/tcp, :::80->80/tcp demo_web_1
Firewall (ufw) might be no problem. It is disabled.
This is ‘docker network ls’:
NETWORK ID NAME DRIVER SCOPE
0ec827bd8297 bridge bridge local
f8529634c777 demo_default bridge local
a7b60aea488d host host local
89b719d7adf9 none null local
This is ‘docker inspect 5803e533b643’
[
{
“Id”: “5803e533b643b62381254a4f5a144ca050db0c11bcaf3a2b67b52987d638471b”,
“Created”: “2023-06-28T10:19:44.391383958Z”,
“Path”: “/docker-entrypoint.sh”,
“Args”: [
“nginx”,
“-g”,
“daemon off;”
],
“State”: {
“Status”: “running”,
“Running”: true,
“Paused”: false,
“Restarting”: false,
“OOMKilled”: false,
“Dead”: false,
“Pid”: 42608,
“ExitCode”: 0,
“Error”: “”,
“StartedAt”: “2023-06-30T05:15:57.082668685Z”,
“FinishedAt”: “2023-06-30T05:00:05.754800689Z”
},
“Image”: “sha256:4937520ae206c8969734d9a659fc1e6594d9b22b9340bf0796defbea0c92dd02”,
“ResolvConfPath”: “/var/lib/docker/containers/5803e533b643b62381254a4f5a144ca050db0c11bcaf3a2b67b52987d638471b/resolv.conf”,
“HostnamePath”: “/var/lib/docker/containers/5803e533b643b62381254a4f5a144ca050db0c11bcaf3a2b67b52987d638471b/hostname”,
“HostsPath”: “/var/lib/docker/containers/5803e533b643b62381254a4f5a144ca050db0c11bcaf3a2b67b52987d638471b/hosts”,
“LogPath”: “/var/lib/docker/containers/5803e533b643b62381254a4f5a144ca050db0c11bcaf3a2b67b52987d638471b/5803e533b643b62381254a4f5a144ca050db0c11bcaf3a2b67b52987d638471b-json.log”,
“Name”: “/demo_web_1”,
“RestartCount”: 0,
“Driver”: “overlay2”,
“Platform”: “linux”,
“MountLabel”: “”,
“ProcessLabel”: “”,
“AppArmorProfile”: “docker-default”,
“ExecIDs”: null,
“HostConfig”: {
“Binds”: [
“/var/www/demo/app:/usr/share/nginx/html:rw”
],
“ContainerIDFile”: “”,
“LogConfig”: {
“Type”: “json-file”,
“Config”: {}
},
“NetworkMode”: “demo_default”,
“PortBindings”: {
“80/tcp”: [
{
“HostIp”: “”,
“HostPort”: “80”
}
]
},
“RestartPolicy”: {
“Name”: “”,
“MaximumRetryCount”: 0
},
“AutoRemove”: false,
“VolumeDriver”: “”,
“VolumesFrom”: ,
“ConsoleSize”: [
0,
0
],
“CapAdd”: null,
“CapDrop”: null,
“CgroupnsMode”: “private”,
“Dns”: ,
“DnsOptions”: ,
“DnsSearch”: ,
“ExtraHosts”: null,
“GroupAdd”: null,
“IpcMode”: “private”,
“Cgroup”: “”,
“Links”: null,
“OomScoreAdj”: 0,
“PidMode”: “”,
“Privileged”: false,
“PublishAllPorts”: false,
“ReadonlyRootfs”: false,
“SecurityOpt”: null,
“UTSMode”: “”,
“UsernsMode”: “”,
“ShmSize”: 67108864,
“Runtime”: “runc”,
“Isolation”: “”,
“CpuShares”: 0,
“Memory”: 0,
“NanoCpus”: 0,
“CgroupParent”: “”,
“BlkioWeight”: 0,
“BlkioWeightDevice”: null,
“BlkioDeviceReadBps”: null,
“BlkioDeviceWriteBps”: null,
“BlkioDeviceReadIOps”: null,
“BlkioDeviceWriteIOps”: null,
“CpuPeriod”: 0,
“CpuQuota”: 0,
“CpuRealtimePeriod”: 0,
“CpuRealtimeRuntime”: 0,
“CpusetCpus”: “”,
“CpusetMems”: “”,
“Devices”: null,
“DeviceCgroupRules”: null,
“DeviceRequests”: null,
“MemoryReservation”: 0,
“MemorySwap”: 0,
“MemorySwappiness”: null,
“OomKillDisable”: null,
“PidsLimit”: null,
“Ulimits”: null,
“CpuCount”: 0,
“CpuPercent”: 0,
“IOMaximumIOps”: 0,
“IOMaximumBandwidth”: 0,
“MaskedPaths”: [
“/proc/asound”,
“/proc/acpi”,
“/proc/kcore”,
“/proc/keys”,
“/proc/latency_stats”,
“/proc/timer_list”,
“/proc/timer_stats”,
“/proc/sched_debug”,
“/proc/scsi”,
“/sys/firmware”
],
“ReadonlyPaths”: [
“/proc/bus”,
“/proc/fs”,
“/proc/irq”,
“/proc/sys”,
“/proc/sysrq-trigger”
]
},
“GraphDriver”: {
“Data”: {
“LowerDir”: “/var/lib/docker/overlay2/0b9cd5b28bbb9b4a0cf67df37a4b5c5063c6c603dc9d860f811cbeced8eeeabc-init/diff:/var/lib/docker/overlay2/481f6c4982abb2a22d0d845ab2414b3878536388c6dac4ce813e62f76c49c288/diff:/var/lib/docker/overlay2/695370deffd2789484aeb6ac08aa0a24c2fde405bfad5e62010555895443ff34/diff:/var/lib/docker/overlay2/5358983bc9d969e6cca1671bc7b93b70919bb59116d3b295c5bce534e534084d/diff:/var/lib/docker/overlay2/50318b72f2a159b78063a815bf06e5ac544bf6b3ede8bbee4448fc5cf070f8ef/diff:/var/lib/docker/overlay2/d9d5d1617203baf2ea0aa14315005b33da30b5cd4af9867e194a019a677164b3/diff:/var/lib/docker/overlay2/0b47d7d564a8335048c22c5aa7e7ccd49329b20a5336e51baa5992ca7d7ef994/diff:/var/lib/docker/overlay2/d44122e341f13d301e4b5934829fae3192d3f96699f6e42dbc0980eb58eb07ec/diff:/var/lib/docker/overlay2/c1ec93bceb3eecda159f4fe0440073160707c07169b0493aeb41ae6061149cf2/diff”,
“MergedDir”: “/var/lib/docker/overlay2/0b9cd5b28bbb9b4a0cf67df37a4b5c5063c6c603dc9d860f811cbeced8eeeabc/merged”,
“UpperDir”: “/var/lib/docker/overlay2/0b9cd5b28bbb9b4a0cf67df37a4b5c5063c6c603dc9d860f811cbeced8eeeabc/diff”,
“WorkDir”: “/var/lib/docker/overlay2/0b9cd5b28bbb9b4a0cf67df37a4b5c5063c6c603dc9d860f811cbeced8eeeabc/work”
},
“Name”: “overlay2”
},
“Mounts”: [
{
“Type”: “bind”,
“Source”: “/var/www/demo/app”,
“Destination”: “/usr/share/nginx/html”,
“Mode”: “rw”,
“RW”: true,
“Propagation”: “rprivate”
}
],
“Config”: {
“Hostname”: “5803e533b643”,
“Domainname”: “”,
“User”: “”,
“AttachStdin”: false,
“AttachStdout”: false,
“AttachStderr”: false,
“ExposedPorts”: {
“80/tcp”: {}
},
“Tty”: false,
“OpenStdin”: false,
“StdinOnce”: false,
“Env”: [
“PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin”,
“NGINX_VERSION=1.25.1”,
“PKG_RELEASE=1”,
“NJS_VERSION=0.7.12”
],
“Cmd”: [
“nginx”,
“-g”,
“daemon off;”
],
“Image”: “nginx:alpine”,
“Volumes”: {
“/usr/share/nginx/html”: {}
},
“WorkingDir”: “”,
“Entrypoint”: [
“/docker-entrypoint.sh”
],
“OnBuild”: null,
“Labels”: {
“com.docker.compose.config-hash”: “20ecd8681c8e7596911621c5ad4566e2274ad9a25d587c2c362f40e6ef30eeb4”,
“com.docker.compose.container-number”: “1”,
“com.docker.compose.oneoff”: “False”,
“com.docker.compose.project”: “demo”,
“com.docker.compose.project.config_files”: “docker-compose.yml”,
“com.docker.compose.project.working_dir”: “/var/www/demo”,
“com.docker.compose.service”: “web”,
“com.docker.compose.version”: “1.29.2”,
“maintainer”: “NGINX Docker Maintainers docker-maint@nginx.com”
},
“StopSignal”: “SIGQUIT”
},
“NetworkSettings”: {
“Bridge”: “”,
“SandboxID”: “cb4e9050770971bd689d4a2b4397fdf63283491640f1555bd13d1293fb3e4be2”,
“HairpinMode”: false,
“LinkLocalIPv6Address”: “”,
“LinkLocalIPv6PrefixLen”: 0,
“Ports”: {
“80/tcp”: [
{
“HostIp”: “0.0.0.0”,
“HostPort”: “80”
},
{
“HostIp”: “::”,
“HostPort”: “80”
}
]
},
“SandboxKey”: “/var/run/docker/netns/cb4e90507709”,
“SecondaryIPAddresses”: null,
“SecondaryIPv6Addresses”: null,
“EndpointID”: “”,
“Gateway”: “”,
“GlobalIPv6Address”: “”,
“GlobalIPv6PrefixLen”: 0,
“IPAddress”: “”,
“IPPrefixLen”: 0,
“IPv6Gateway”: “”,
“MacAddress”: “”,
“Networks”: {
“demo_default”: {
“IPAMConfig”: null,
“Links”: null,
“Aliases”: [
“web”,
“5803e533b643”
],
“NetworkID”: “f8529634c777be7c325717aadaf6ce3ffd6b0478702488a4a317f250a90ce7f8”,
“EndpointID”: “bca837e82e6f9ecd123fcebe2adbf69ad499a8790e7d043f8281d851ac0ded13”,
“Gateway”: “172.18.0.1”,
“IPAddress”: “172.18.0.2”,
“IPPrefixLen”: 16,
“IPv6Gateway”: “”,
“GlobalIPv6Address”: “”,
“GlobalIPv6PrefixLen”: 0,
“MacAddress”: “02:42:ac:12:00:02”,
“DriverOpts”: null
}
}
}
}
]
This is ‘iptables -t nat -L -n’
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DOCKER all – 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCALChain INPUT (policy ACCEPT)
target prot opt source destinationChain OUTPUT (policy ACCEPT)
target prot opt source destination
DOCKER all – 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCALChain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all – 172.17.0.0/16 0.0.0.0/0
MASQUERADE all – 172.18.0.0/16 0.0.0.0/0
MASQUERADE tcp – 172.18.0.2 172.18.0.2 tcp dpt:80Chain DOCKER (2 references)
target prot opt source destination
RETURN all – 0.0.0.0/0 0.0.0.0/0
RETURN all – 0.0.0.0/0 0.0.0.0/0
DNAT tcp – 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:172.18.0.2:80
This is ‘ip a’
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 02:01:5f:74:39:0a brd ff:ff:ff:ff:ff:ff
altname enp0s6
inet 82.XXX.XXX.XXX/32 metric 100 scope global dynamic ens6
valid_lft 430sec preferred_lft 430sec
inet6 fe80::1:5fff:fe74:390a/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:74:5f:b4:75 brd ff:ff:ff:ff:ff:ff
inet6 fe80::42:74ff:fe5f:b475/64 scope link
valid_lft forever preferred_lft forever
4: br-f8529634c777: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:99:45:18:c1 brd ff:ff:ff:ff:ff:ff
inet6 fe80::42:99ff:fe45:18c1/64 scope link
valid_lft forever preferred_lft forever
12: vethab2095d@if11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 62:21:1d:b7:e6:e4 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::2020:ceff:fe30:28ea/64 scope link
valid_lft forever preferred_lft forever
This is ‘resolvectl status’
Global
Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stubLink 2 (ens6)
Current Scopes: DNS
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 212.227.123.16
DNS Servers: 212.227.123.16 212.227.123.17Link 3 (docker0)
Current Scopes: none
Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupportedLink 4 (br-f8529634c777)
Current Scopes: none
Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupportedLink 12 (vethab2095d)
Current Scopes: none
Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
One thing is also special. It might be no DNS problem:
Thanks for help. If you need further information I will share it. Sorry for lot of Blockquote. I only can insert one picture.