Unable to clone/download GIT LFS files within a container using subdomain from another container.

Skyrider

Active Member
May 11, 2020
55
1
28
38
---------EDIT-------

So.. found the issue.. never noticed a firewall flag at the network options of the container. What exactly differs using this option vs the firewall settings of the container? Using the host firewall settings? Which is a tad odd, as 80/443 is already allowed on proxmox's firewall.


-----------------------

So I have no issues git cloning (using SSH) the normal files, but it seems whenever it attempts to download the LFS files, I'm getting timeouts.

11:58:23.892095 trace git-lfs: tq: enqueue retry #1 after 0.25s for "7680e3bb3730a9491dd729fc13150cf8c8e4c245c8b574d04c211fecd2bdf8a4" (size: 6144): batch response: Post "[URL]https://subdomain/teamname/repo.git/info/lfs/objects/batch[/URL]": dial tcp containerip:443: i/o timeout

Seems I'm having issues cloning files in a container, from a container all on the same host. If I attempt to do this on my local windows machine, I have no issues. I'm running nginx reversed proxy in a container, which is working just fine. I'm able to access the site, and as I mentioned above I (and everyone else) can clone/pull without issues, same counts for the LFS files.

But for some reason, the container cannot access the (sub)domain by url, and I'm forced to git clone by using the forgejo container's ip address instead which works for the initialization of the git clone itself, but problems arise with LFS files.

Eg, so this works:

Code:
git clone ssh://git@containeripaddress:port/repo.git (but fails on downloading lfs files later on)

But this does not

Code:
git clone ssh://git@subdomain:port/repo.git
git clone https://git.esforces.com/repo.git

I'm using

post-up iptables -t nat -A PREROUTING -d xxxx -p tcp --dport 80 -j DNAT --to-destination xxxx:80 ## Reversed Proxy
post-up iptables -t nat -A PREROUTING -d xxxx -p tcp --dport 443 -j DNAT --to-destination xxxx:443 ## Reversed Proxy

To forward all 80/443 to the reversed proxy container. I've disabled the cloudflare dns functions (only to forward the domain to my host ip) due to some issues with large files and ssh problems as I don't wish to use a tunnel.

As for the bridge, etc, I use:


auto vmbr0
iface vmbr0 inet static
address xxxx/26
gateway xxxx
bridge-ports enp35s0
bridge-stp off
bridge-fd 0
up sysctl -p
post-up echo 1 > /proc/sys/net/ipv4/conf/enp35s0/proxy_arp
post-up sysctl -w net.ipv4.ip_forward=1
hwaddress xxxx
auto vmbr1
iface vmbr1 inet static
address xxxx/24
bridge-ports none
bridge-stp off
bridge-fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s 'xxxx/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s 'xxxx/24' -o vmbr0 -j MASQUERADE
post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1

Containers are set to use vmbr1. So my question is. Why can't the container access the subdomain from within the container? Neither on 80 or 443. I've been stuck for hours. I assume this is some kind of reversed proxy thing? And how the port forwarding is set up? Really hoping for a fix!

Much appreciated it!
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!