"Git Clone" Works from Host, but not Docker Container

redapplesonlytoo · February 8, 2022, 3:41pm

Hi everyone,

I have a weird problem: I have a Ubuntu host machine running Docker and docker-compose. On the host, I’ve spun up one Ubuntu docker container. Here’s the weirdness: From the host, I can do a “git clone” to pull down a code project. From the container, I issue the same “git clone” command; nothing happens. Could this be a host networking thing?

Details: My host machine is a Ubuntu 16.04 machine, with Docker and docker-compose installed:

root@myHost:~#
root@myHost:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 16.04.7 LTS
Release:        16.04
Codename:       xenial
root@myHost:~#
root@myHost:~# docker --version
Docker version 20.10.7, build 20.10.7-0ubuntu1~18.04.1
root@myHost:~# docker-compose --version
docker-compose version 1.17.1, build unknown
root@myHost:~#

The container is the current “latest” image of Ubuntu:

root@host1:~$
root@host1:~$ sudo docker ps
CONTAINER ID   IMAGE          COMMAND   CREATED        STATUS        PORTS     NAMES
f7586f98afcf   54c9d81cbb44   "bash"    22 hours ago   Up 22 hours             myContainer
root@host1:~$
root@host1:~$ sudo docker image ls
REPOSITORY   TAG       IMAGE ID       CREATED        SIZE
ubuntu       latest    54c9d81cbb44   6 days ago     72.8MB
root@host1:~$

Here’s the docker-compose.yml file that creates the container; note that I’m using “host” networking:

version: "3.0"
services:
   autotest_svr:
      container_name: myContainer
      hostname: myCntr
      image: 54c9d81cbb44
      stdin_open: true
      tty: true
      network_mode: "host"

Okay, now to the problem:

On the host, I can run a “git clone” command to pull a project off my company’s internal github repo, no problem:

me@host1:~/myCode$ sudo git clone https://companyrepo.company.com/project01/projectCode git --branch 1234
Cloning into 'git'...
Username for 'https://companyrepo.company.com': me
Password for 'https://me@companyrepo.company.com': ********
remote: Counting objects: 623, done.
remote: Compressing objects: 100% (401/401), done.
remote: Total 623 (delta 271), reused 212 (delta 123)
Receiving objects: 100% (623/623), 6.96 MiB | 2.54 MiB/s, done.
Resolving deltas: 100% (271/271), done.
Checking connectivity... done.
me@host1:~/myCode$
me@host1:~/myCode$
me@host1:~/myCode$ ls -l
total 4
drwxr-xr-x 4 root root 4096 Feb  8 15:21 git
me@host1:~/myCode$

But in the container, its a different story. I can ping the company’s git repo, but when I issue the exact same “git clone” command, this happens:

me@myCntr:~/myCode$ sudo git clone https://companyrepo.company.com/project01/projectCode/ git --branch 1234
Cloning into 'git'...
    ...pause...
fatal: unable to access 'https://companyrepo.company.com/project01/projectCode/': Received HTTP code 503 from proxy after CONNECT
me@myCntr:~/myCode$

That pause is a few minutes long. The HTTP error code 503 (“Service Unavailable”) is clearly not the case: I know the Git Repo is available. Instead, it seems that when my container sends the “git clone” request, it never gets a response.

So: I can ping the repo, but can’t pull code. I’m not sure what to make of this. Could this be a “host” networking issue? I thought that when you set “host” networking, you’re essentially allowing the container to NAT behind the host’s IP address. So from the Git Repo’s perspective, there should be no (networking) difference between the host and container. What might be the issue here? Any suggestions, advice, or criticism is welcome. Thank you!

matthiasradde · February 8, 2022, 6:47pm

Good evening @redapplesonlytoo
it might be that you are using a proxy-server for connecting to the internet. But for internal ressources you do not need to use it - in fact using the proxy-server for accessing internal ressources is not working as the proxy-server only has access to the Internet-DNS or accessing internal ressources from the proxy-server is prohibitet by firewall-rules.
Please check which version is working for you:

Configure some proxy-exception within your ~/.docker/config.json as seen here:

{
...
        "proxies": {
                "default": {
                        "httpProxy": "http://***:***@********.local:8081",
                        "httpsProxy": "http://***:***@********.local:8081",
                        "noProxy": "*.********.local,localhost,172.17.0.1"
                }
        }
}

or within your container unset the proxy-variables (http_proxy, https_proxy and ftp_proxy) so that git doesn’t know how to connect to a proxy-server and therefore connect directly to the company-internal git-repository.

Hope this helps?

redapplesonlytoo · February 8, 2022, 8:48pm

@matthiasradde Wow, thanks. My company does have an Internet proxy, and I’m not sure if that would impact communications between my Docker container and our internal Git Repo. But I can’t prove that my container’s lack of proxy settings aren’t helping, either.

So I’ll look into configuring the proxy, as you describe. My first challenge is that I don’t seem to have a ~/.docker/config.json file for some reason. That might be a subsequent forum post… Thank you!