so, everything works fine in my local machine docker, but when it comes to AWS EC2 docker, this problem happens. I can't connect to my backend server while I still can curl to my backend from the frontend container.
I've seen many people saying that this is about ipv6 issue, so I disabled it through sysctl configuration, and you can also see this from the image. I've also checked my custom docker-bridge network inspect written "EnableIPv6": false, and this was automatically made by docker-compose, so I didn't touch anything.
Can anybody please help me
Related
I run my application that grabs data from an external API in a Docker container (alpine). I use Docker Desktop 4.1.1 on macOS Monterey 12.5.
Every now and then my app needs to refresh its auth token. Everything works well.
But sometimes I get timeouts on request to refresh the token (lets say it's auth.example.com).
I think auth.example.com might be rate limiting those calls but:
It works no problem when I request same thing from my host (outside Docker) at the same time when it timing out in a container
After I restart Docker it works right away from inside a container
Issue disappears after some (random?) time. Sometimes it's 30 minutes, sometimes it's hours
I tested it from different containers made from different, clean (Debian, alpine, Ubuntu) images - calls to auth.example.com are timing out from all of them
I tried telneting telnet auth.example.com 443 and it timeouts inside Docker and works well from my host
At the same time telnet google.com 443 works well from inside my containers
I tried running hundreds of those requests from my host in a loop to see if it gets blocked but it doesn't (and my app inside a container requests that only once an hour maybe)
Seems like Docker is adding something in the request that allows auth.example.com to filter those requests maybe?
But I tried sending requests from inside my container and from my host to RequestBin and all headers look the same.
I tried using mitmproxy and Proxyman to watch the requests but auth.example.com uses SSL pinning and I was not able to configure it properly.
I don't know how to debug that further. Any ideas?
(I am using Spotify's API, with Spotipy library, and calls that time out are made to accounts.spotify.com).
ok that sounds weird I know. however, my Raspberry Pi server was connected to Tailscale and I was able to do everything, however I installed and removed Pi hole and when i removed something called "iproute2" I lost connection to tailscale. however I still can access stuff such as portainer and any docker app through Cloudflare. now is there anyway to access my ssh again? is there any docker app that allows me send commands or so? all I need is either to send "sudo ngrok tcp 22" or "tailscale up",, thanks
I've been facing this issue since I installed Bitdefender a few weeks ago. I have their VPN running, and docker is able to communicate docker hub with the VPN turned off or with split tunneling. However, I am having problems with logging into GitHub and other accounts that need web logins with OAuth in the docker containers and on WSL2. Some accounts allow for device login, so I am able to use those by pasting in a code. I was unable to make any connections from the WSL2 or containers to the internet at all until I changed the /etc/resolveh.conf to nameserver to 8.8.8.8, but that is reset every time the wsl2 or containers restart, and the problem persists even with the VPN turned off. After trying a lot of things with the container settings keychains, etc, I able was to have it log in to GitHub with the browser window popping up, after setting up ssh and gh in the terminal, but that doesn't happen with some of the other accounts. The browser doesn't even open to authenticate, or it opens the browser and I authenticate, but vscode doesn't respond when the browser redirects after logging in. It also displays an error "Writing login information to the keychain failed with error 'Not enough memory resources are available to process this command." I cleared out the %temp$ folder as someone suggested, but that didn't seem to help anything. Shouldn't be any problems with memory. I'm not keen on running long strings of commands into my terminal where I don't know what they are doing. I was also hesitant to fiddle around with registry entries as someone posted somewhere. Any help with this would be greatly appreciated. Do I need to open some other ports for the container? Some of the networking stuff with Docker and WSL2 is a bit beyond me. I think Bitdefender might have changed some security policies or something.IDK.
I am running the ONgDB container as per their Docker run command.
I have tested this locally on my laptop and it worked before, I was able to navigate to the graph browser and log in.
Now I am running this Graph in a server.
I did port forwarding to my laptop successfully, and am able to see ONgDB Browser in my laptop. However I am unable to log in, I get the error:
ServiceUnavailable: WebSocket connection failure. Due to security constraints in your web browser, the reason for the failure is not available to this Neo4j Driver. Please use your browsers development console to determine the root cause of the failure. Common reasons inc...
I found Neo4J article on how to resolve it.
I entered the ONgDB container filesystem and opened the .conf file, but there was no line to uncomment.
I tried to add the suggested line dbms.connector.bolt.address=0.0.0.0:7687 but it does not work as well.
How can I enable ONgDB Docker container for remote access?
I figured out the problem, in Neo4J/ONgDB browser, it fills the database host with localhost by default.
You just have to fill it in with the server's IP there and it works.
Also, you can connect using a desktop Neo4J/ONgDB browser to a remote graph, its just like a database (RDBMS) where you can connect to it from a client running locally.
I'm running traefik as a reverse proxy on my unraid (6.6.6)
Apps like, sonarr/radarr, nzbget, organizr, all work fine. But that's mostly due to the fact that these are super easy to set up. You only need 4 traefik specific labels and that's it.
traefik.enable=true
traefik.backend=radarr
traefik.frontend.rule=PathPrefix: /radarr
traefik.port=7878
traefik.frontend.auth.basic.users=username:password
So far so good, everything is using ssl and working great.
But as soon as I have to configure some extra stuff for the containers to work behind a reverse proxy I get lost. I've read dozens of guides regarding nextcloud, but I can't get it to work.
Currently I'm using the linuxserver/nextcloud docker and from my internal network it's working great. I got everything set up, added users and smb shares and everybody can connect fine. But I can't get it to work behind traefik using a subdirectory. It's probably just some traefik labels I need to add to the nextcloud container, but I'm simply too much of a newb to know which ones I need.
My first issue was that nextcloud forces https, which traefik doesn't like unless you configure some stuff. So for now I'm just using the traefik.frontend.auth.forward.tls.insecureSkipVerify=true label to work around this. I know it's potentially a security issue, but if I'm not mistaken it only opens up the possibility of a man in the middle attack. Which shouldn't be too much of an issue since both traefik and nextcloud are running on the same machine (and besides everything else is going over http).
So now that I got that working I get a Error 500 message when I try to open mydomain.tld/nextcloud.
The traefik log says "Error calling . Cause: Get : unsupported protocol scheme \"\""
I tried adding some labels I found in a guide (https://www.smarthomebeginner.com/traefik-reverse-proxy-tutorial-for-docker/#NextCloud_Your_Own_Cloud_Storage)
"traefik.frontend.headers.SSLRedirect=true"
"traefik.frontend.headers.STSSeconds=315360000"
"traefik.frontend.headers.browserXSSFilter=true"
"traefik.frontend.headers.contentTypeNosniff=true"
"traefik.frontend.headers.forceSTSHeader=true"
"traefik.frontend.headers.SSLHost=mydomain.tld"
"traefik.frontend.headers.STSPreload=true"
"traefik.frontend.headers.frameDeny=true"
I just thought I'd try it, maybe I get lucky.
Sadly I didn't. Still Error 500.
In your traefik logs enable using:
loglevel = "DEBUG"
More info here:https://docs.traefik.io/configuration/logs/
After doing this I realized that my docker label was not correctly applying the InsecureSkipVerify = true line in my config. The error I was able to see in the logs was:
500 Internal Server Error' caused by: x509: cannot validate certificate for 172.17.0.x because it doesn't contain any IP SANs"
To work around this I had to add InsecureSkipVerify = true directly to the traefik.toml file for this to work correctly.