Score:0

docker can't access internet from within LXC Container

fr flag

I have launched a Ubuntu 20.04 LXC container on RedHat 8.6 using the following command

lxc launch ubuntu:20.04 --storage default -c security.privileged=true -c boot.autostart=true --network lxdbr0

I installed docker in the container and configured my network proxy settings in /etc/systemd/system/docker.service.d/http-proxy.conf and then restarted the docker service.


[Service]
Environment="HTTP_PROXY=<proxy address redacted>"
Environment="HTTPS_PROXY=<proxy address redacted>"

I get a TLS handshake timeout error when I try to pull an image

root@still-katydid:~# docker pull nginx
Using default tag: latest
Error response from daemon: Get "https://registry-1.docker.io/v2/": net/http: TLS handshake timeout

Looking at /var/log/syslog I can see some errors

Dec  8 11:57:36 still-katydid dockerd[9606]: time="2022-12-08T11:57:36.486272382Z" level=warning msg="Your kernel does not support cgroup blkio weight"
Dec  8 11:57:36 still-katydid dockerd[9606]: time="2022-12-08T11:57:36.486290117Z" level=warning msg="Your kernel does not support cgroup blkio weight_device"
Dec  8 11:57:36 still-katydid dockerd[9606]: time="2022-12-08T11:57:36.487001498Z" level=info msg="Loading containers: start."
Dec  8 11:57:36 still-katydid dockerd[9606]: time="2022-12-08T11:57:36.489111401Z" level=warning msg="Running modprobe bridge br_netfilter failed with message: modprobe: WARNING: Module bridge not found in directory /lib/modules/4.18.0-372.9.1.el8.x86_64\nmodprobe: WARNING: Module br_netfilter not found in directory /lib/modules/4.18.0-372.9.1.el8.x86_64\n, error: exit status 1"
Dec  8 11:57:36 still-katydid dockerd[9606]: time="2022-12-08T11:57:36.591405424Z" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address"

I know the proxy address settings are correct, as I also have them configured in my .bashrc file and I can curl addresses such https://www.bbc.co.uk successfully.

The firewall is disabled on both the host and in the container.

I have rebooted the container and the host multiple times.

Score:0
fr flag

I solved my issue. I had a special character ! in my password. I had already escaped it with %21 but it turns out that docker requires a double %%.

So for docker proxy passwords a ! character needs to be escaped with %%21

There is more info available here https://docs.docker.com/config/daemon/systemd/

I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.