---------EDIT-------
So.. found the issue.. never noticed a firewall flag at the network options of the container. What exactly differs using this option vs the firewall settings of the container? Using the host firewall settings? Which is a tad odd, as 80/443 is already allowed on proxmox's firewall.
-----------------------
So I have no issues git cloning (using SSH) the normal files, but it seems whenever it attempts to download the LFS files, I'm getting timeouts.
Seems I'm having issues cloning files in a container, from a container all on the same host. If I attempt to do this on my local windows machine, I have no issues. I'm running nginx reversed proxy in a container, which is working just fine. I'm able to access the site, and as I mentioned above I (and everyone else) can clone/pull without issues, same counts for the LFS files.
But for some reason, the container cannot access the (sub)domain by url, and I'm forced to git clone by using the forgejo container's ip address instead which works for the initialization of the git clone itself, but problems arise with LFS files.
Eg, so this works:
But this does not
I'm using
post-up iptables -t nat -A PREROUTING -d xxxx -p tcp --dport 80 -j DNAT --to-destination xxxx:80 ## Reversed Proxy
post-up iptables -t nat -A PREROUTING -d xxxx -p tcp --dport 443 -j DNAT --to-destination xxxx:443 ## Reversed Proxy
To forward all 80/443 to the reversed proxy container. I've disabled the cloudflare dns functions (only to forward the domain to my host ip) due to some issues with large files and ssh problems as I don't wish to use a tunnel.
As for the bridge, etc, I use:
auto vmbr0
iface vmbr0 inet static
address xxxx/26
gateway xxxx
bridge-ports enp35s0
bridge-stp off
bridge-fd 0
up sysctl -p
post-up echo 1 > /proc/sys/net/ipv4/conf/enp35s0/proxy_arp
post-up sysctl -w net.ipv4.ip_forward=1
hwaddress xxxx
auto vmbr1
iface vmbr1 inet static
address xxxx/24
bridge-ports none
bridge-stp off
bridge-fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s 'xxxx/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s 'xxxx/24' -o vmbr0 -j MASQUERADE
post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1
Containers are set to use vmbr1. So my question is. Why can't the container access the subdomain from within the container? Neither on 80 or 443. I've been stuck for hours. I assume this is some kind of reversed proxy thing? And how the port forwarding is set up? Really hoping for a fix!
Much appreciated it!
So.. found the issue.. never noticed a firewall flag at the network options of the container. What exactly differs using this option vs the firewall settings of the container? Using the host firewall settings? Which is a tad odd, as 80/443 is already allowed on proxmox's firewall.
-----------------------
So I have no issues git cloning (using SSH) the normal files, but it seems whenever it attempts to download the LFS files, I'm getting timeouts.
11:58:23.892095 trace git-lfs: tq: enqueue retry #1 after 0.25s for "7680e3bb3730a9491dd729fc13150cf8c8e4c245c8b574d04c211fecd2bdf8a4" (size: 6144): batch response: Post "[URL]https://subdomain/teamname/repo.git/info/lfs/objects/batch[/URL]": dial tcp containerip:443: i/o timeoutSeems I'm having issues cloning files in a container, from a container all on the same host. If I attempt to do this on my local windows machine, I have no issues. I'm running nginx reversed proxy in a container, which is working just fine. I'm able to access the site, and as I mentioned above I (and everyone else) can clone/pull without issues, same counts for the LFS files.
But for some reason, the container cannot access the (sub)domain by url, and I'm forced to git clone by using the forgejo container's ip address instead which works for the initialization of the git clone itself, but problems arise with LFS files.
Eg, so this works:
Code:
git clone ssh://git@containeripaddress:port/repo.git (but fails on downloading lfs files later on)But this does not
Code:
git clone ssh://git@subdomain:port/repo.git
git clone https://git.esforces.com/repo.gitI'm using
post-up iptables -t nat -A PREROUTING -d xxxx -p tcp --dport 80 -j DNAT --to-destination xxxx:80 ## Reversed Proxy
post-up iptables -t nat -A PREROUTING -d xxxx -p tcp --dport 443 -j DNAT --to-destination xxxx:443 ## Reversed Proxy
To forward all 80/443 to the reversed proxy container. I've disabled the cloudflare dns functions (only to forward the domain to my host ip) due to some issues with large files and ssh problems as I don't wish to use a tunnel.
As for the bridge, etc, I use:
auto vmbr0
iface vmbr0 inet static
address xxxx/26
gateway xxxx
bridge-ports enp35s0
bridge-stp off
bridge-fd 0
up sysctl -p
post-up echo 1 > /proc/sys/net/ipv4/conf/enp35s0/proxy_arp
post-up sysctl -w net.ipv4.ip_forward=1
hwaddress xxxx
auto vmbr1
iface vmbr1 inet static
address xxxx/24
bridge-ports none
bridge-stp off
bridge-fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s 'xxxx/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s 'xxxx/24' -o vmbr0 -j MASQUERADE
post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1
Containers are set to use vmbr1. So my question is. Why can't the container access the subdomain from within the container? Neither on 80 or 443. I've been stuck for hours. I assume this is some kind of reversed proxy thing? And how the port forwarding is set up? Really hoping for a fix!
Much appreciated it!
Last edited: