curl to host inside docker container not working #133
Description
Hello,
I run a root server with an official IPv4 address and Ubuntu 24.04 in a data center. This IPv4 address is listed in a DNS server with an A record (mydomain.de) and has several subdomains (x.mydomain.de, y.mydomain.de, z.mydomain.de). These subdomains also point to this host via CNAME. UFW (Uncomplicated Firewall) and ufw-docker are installed on the host. There are several Docker Compose setups for Cloud services, web servers etc. running on this host. The web services are distributed by an Nginx Proxy Manager Docker container based on the subdomains (x, y, z) without any problems. An incoming connection via https:// is immediately changed to https:// and the communication between the reverse proxy and the respective Docker containers runs in separate Docker networks via http://.
However, I have noticed that within each container, when I use the command docker exec -it ... sh -c “curl -I https://x.mydomain.de” no curl connection to this subdomain of the own host can be established. The DNS resolution to the official IPv4 address works, but a curl command results in a timeout. I noticed this when I wanted to monitor a custom URL (https://x.mydomain.de) with a Kuma Status Docker container. This Docker container is also unable to establish a https://-Verbindung connection to its own host.
None of the Docker containers used can use Curl to establish an HTTP/HTTPS connection to the official IP of their own host and thus to the Nginx Proxy Manager Docker container.
A dmesg shows that UFW blocks the connection to its own official IP, but not why [UFW BLOCK].
The strange thing is that a subdomain (a.mydomain.de) is entered in the DNS that does not point to the above-mentioned host, but deliberately to a completely different one. The affected service is located on a different host.
Again, the DNS resolution in the Docker containers works as expected, but a curl command does not work here either, even though the service itself is running on a different host. The Nginx Proxy Server Docker container does not recognize this subdomain either. As a cross-check for the test, I tried Curl on Google - it works!
Summarized: A curl connection with a host of your own subdomain does not work from a Docker container!
And now the curious thing:
A Raspberry Pi, which is operated on a Fritzbox as a router with port forwarding for port 80/443, works with the same configuration without any problems. The only difference is that the Raspberry Pi does not have an official IP and can only be reached via a router, while the host with an official IP described at the beginning does not work. Dynamic DNS is used with the Raspberry Pi and the DNS entries at the host are changed dynamically accordingly.
I think that UFW Docker needs to be adapted so that incoming and outgoing connections to your own domain name also work. I don't understand where this different behavior comes from.
Maybe someone has an idea.
Thanks
Thorsten