I’m hitting a slightly weird (to me) issue where I’m trying to run a container with the Anchore image (which does vulnerability scanning). The container unfortunately ends up stopping shortly after launching because the process isn’t able to contact the site https://ancho.re to download the vulnerability configurations. I ran a bash shell in the container, and here is what I see when I run curl (trimmed for brevity):

container $ curl http://ancho.re
HTTP/1.1 301 Moved Permanently
...
Location: https://ancho.re
...
container $ curl https://ancho.re
curl: (35) TCP connection reset by peer

If I do the same two curl commands outside my container, the first is the same, and the second returns a valid response:

linux $ curl https://ancho.re
{
     "jse_shortmsg": ...
     ...
}

So my question is essentially why does the request work from the linux host but not from inside the container? I’ve tried bridge and host networking and it gives the same result. I’ve been working with the folks that run this site and they aren’t seeing my requests from inside the container reach them. It could be a proxy/firewall issue, but then why does it work outside the container? Can firewalls determine network traffic is coming from inside a container? What tools can I use to trace why this is happening? Any help would be appreciated. Thanks!