My containers cannot access certain urls

I’m having the same problem with all my containers. There are some urls that I can’t connect. However, on the host I can. For example:

root@56c4bb38894b:/usr/src/app# curl -vvv https://hnrss.org/newest
*   Trying 159.89.243.242:443...
* Connected to hnrss.org (159.89.243.242) port 443 (#0)
* ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs

If I try to do the same on the host it works without problems.

Some additional information:

  • I have detected it in several urls such as: https://get.jenkins.io/ or https://hnrss.org/newest
  • I use Debian testing.
  • Resolves domains well.
  • No firewall issues.
  • In all cases that have failed, it does not pass the TLS handshake.
  • The same thing happens with a clean image with nothing installed.

I insist that it only happens with very specific domains.

Any idea where I can look? Thanks in advance.

It would be probably better to share an error then a working connection.

The output I share is from a URL that does not end

I guessed it would time out after a while, but you can try to use the nicolaka/netshoot image and use “traceroute” or “tracepath” to see how far the connection goes and use tcpdump or tshark to monitor the network. Examples on GitHub

1 Like

I was able to find the solution from an answer in the following GitHub issue Container has no internet access.
The problem was in the configuration of my Wireguard client on my host. I had to modify from 0.0.0.0/0 as an allowed IP to 0.0.0.0/1