[SOLVED] DNS problems from docker container [IPv6]

Nextcloud version: 26.0.5 (nextcloud:stable docker image)
Operating system and version: Debian 21.1 (host machine)
Apache or nginx version: caddy reverse proxy (running on host machine)
PHP version: 8.2.10
Installed via docker-compose (see below).

The issue you are facing:

I’m getting a lot of what seem to be DNS related errors from my new docker nextcloud install, and parts of the application ( Security & setup warnings, App store) are not working properly.

I can access the nextcloud site, I have created an admin account and installed the recommended apps.

curl https://apps.nextcloud.com works on the host machine, the same command from within the nextcloud image returns the error:
curl: (6) Could not resolve host: apps.nextcloud.com

Docker compose file:

version: '2'
services:
  db:
    container_name: nextcloud_db
    image: mariadb:10.6
    restart: always
    command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
    volumes:
      - /srv/volumes/nextcloud/db:/var/lib/mysql
    environment:
        MYSQL_ROOT_PASSWORD: 
        MYSQL_DATABASE: nextcloud
        MYSQL_USER: nextcloud
        MYSQL_PASSWORD: 
    networks:
      - nextcloud

  app:
    container_name: nextcloud
    image: nextcloud:stable
    restart: always
    dns:
      - 1.1.1.1
    labels:
      caddy: nextcloud-dev.mywebsite.com
      caddy.reverse_proxy: "{{upstreams}}"
      caddy.header: /*
      caddy.header.Strict-Transport-Security: '"max-age=15552000;"'
      caddy.rewrite_0: /.well-known/carddav /remote.php/dav
      caddy.rewrite_1: /.well-known/caldav /remote.php/dav
    volumes:
      - /srv/volumes/nextcloud/app:/var/www/html
    environment:
      MYSQL_PASSWORD: 
      MYSQL_DATABASE: nextcloud
      MYSQL_USER: nextcloud
      MYSQL_HOST: db
      NEXTCLOUD_TRUSTED_DOMAINS: nextcloud-dev.mywebsite.com
    ports:
      - 127.0.0.1:8080:80
    links:
      - db
    networks:
      - nextcloud

volumes:
  db:
  nextcloud:

networks:
  nextcloud:

Caddyfile:

nextcloud-dev.mywebsite.com {
    rewrite /.well-known/carddav /remote.php/dav
    rewrite /.well-known/caldav /remote.php/dav
    
    reverse_proxy 127.0.0.1:8080
}

cat /etc/resolv.conf from the image:

nameserver 127.0.0.11
options ndots:0

Security & setup warning:

This server has no working internet connection: Multiple endpoints could not be reached. This means that some of the features like mounting external storage, notifications about updates or installation of third-party apps will not work. Accessing files remotely and sending of notification emails might not work, either. Establish a connection from this server to the internet to enjoy all features.

Is this the first time you’ve seen this error? Yes, but it happens every time on first install.

Steps to replicate it:

1. docker-compose up
2. Try to access apps
3. view logs

The output of your Nextcloud log in Admin > Logging:

[PHP] Error: dns_get_record(): A temporary server error occurred. at /var/www/html/lib/private/Http/Client/DnsPinMiddleware.php#58

GET /settings/ajax/checksetup
from 172.18.0.1 by admin at 2023-09-14T12:46:12+00:00
[appstoreFetcher] Warning: GuzzleHttp\Exception\RequestException: cURL error 49: Couldn't parse CURLOPT_RESOLVE entry 'apps.nextcloud.com:80:' (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://apps.nextcloud.com/api/v1/apps.json at <<closure>>

 0. /var/www/html/3rdparty/guzzlehttp/guzzle/src/Handler/CurlFactory.php line 158
    GuzzleHttp\Handler\CurlFactory::createRejection("*** sensitive parameters replaced ***")
 1. /var/www/html/3rdparty/guzzlehttp/guzzle/src/Handler/CurlFactory.php line 110
    GuzzleHttp\Handler\CurlFactory::finishError(["GuzzleHttp\\Handler\\CurlHandler"], "*** sensitive parameters replaced ***", ["GuzzleHttp\\Handler\\CurlFactory"])
 2. /var/www/html/3rdparty/guzzlehttp/guzzle/src/Handler/CurlHandler.php line 47
    GuzzleHttp\Handler\CurlFactory::finish(["GuzzleHttp\\Handler\\CurlHandler"], "*** sensitive parameters replaced ***", ["GuzzleHttp\\Handler\\CurlFactory"])
 3. /var/www/html/lib/private/Http/Client/DnsPinMiddleware.php line 150
    GuzzleHttp\Handler\CurlHandler->__invoke("*** sensitive parameters replaced ***", "*** sensitive parameters replaced ***")
 4. /var/www/html/3rdparty/guzzlehttp/guzzle/src/PrepareBodyMiddleware.php line 35
    OC\Http\Client\DnsPinMiddleware->OC\Http\Client\{closure}("*** sensitive parameters replaced ***")
 5. /var/www/html/3rdparty/guzzlehttp/guzzle/src/Middleware.php line 31
    GuzzleHttp\PrepareBodyMiddleware->__invoke("*** sensitive parameters replaced ***", "*** sensitive parameters replaced ***")
 6. /var/www/html/3rdparty/guzzlehttp/guzzle/src/RedirectMiddleware.php line 71
    GuzzleHttp\Middleware::GuzzleHttp\{closure}("*** sensitive parameters replaced ***")
 7. /var/www/html/3rdparty/guzzlehttp/guzzle/src/Middleware.php line 63
    GuzzleHttp\RedirectMiddleware->__invoke("*** sensitive parameters replaced ***", "*** sensitive parameters replaced ***")
 8. /var/www/html/3rdparty/guzzlehttp/guzzle/src/HandlerStack.php line 75
    GuzzleHttp\Middleware::GuzzleHttp\{closure}("*** sensitive parameters replaced ***")
 9. /var/www/html/3rdparty/guzzlehttp/guzzle/src/Client.php line 331
    GuzzleHttp\HandlerStack->__invoke("*** sensitive parameters replaced ***", "*** sensitive parameters replaced ***")
10. /var/www/html/3rdparty/guzzlehttp/guzzle/src/Client.php line 168
    GuzzleHttp\Client->transfer("*** sensitive parameters replaced ***", "*** sensitive parameters replaced ***")
11. /var/www/html/3rdparty/guzzlehttp/guzzle/src/Client.php line 187
    GuzzleHttp\Client->requestAsync("*** sensitive parameters replaced ***")
12. /var/www/html/lib/private/Http/Client/Client.php line 226
    GuzzleHttp\Client->request("*** sensitive parameters replaced ***", "https://apps.ne ... n", ["/var/www/html/ ... "])
13. /var/www/html/lib/private/App/AppStore/Fetcher/Fetcher.php line 120
    OC\Http\Client\Client->get("https://apps.ne ... n", [60])
14. /var/www/html/lib/private/App/AppStore/Fetcher/AppFetcher.php line 86
    OC\App\AppStore\Fetcher\Fetcher->fetch("", "")
15. /var/www/html/lib/private/App/AppStore/Fetcher/Fetcher.php line 190
    OC\App\AppStore\Fetcher\AppFetcher->fetch("", "", false)
16. /var/www/html/lib/private/App/AppStore/Fetcher/AppFetcher.php line 187
    OC\App\AppStore\Fetcher\Fetcher->get(false)
17. /var/www/html/lib/private/Installer.php line 421
    OC\App\AppStore\Fetcher\AppFetcher->get(false)
18. /var/www/html/apps/settings/lib/Controller/AppSettingsController.php line 264
    OC\Installer->isUpdateAvailable("systemtags")
19. <<closure>>
    OCA\Settings\Controller\AppSettingsController->OCA\Settings\Controller\{closure}("*** sensitive parameters replaced ***")
20. /var/www/html/apps/settings/lib/Controller/AppSettingsController.php line 256
    array_map(["Closure"], ["*** sensitive  ... "])
21. /var/www/html/lib/private/AppFramework/Http/Dispatcher.php line 230
    OCA\Settings\Controller\AppSettingsController->listApps()
22. /var/www/html/lib/private/AppFramework/Http/Dispatcher.php line 137
    OC\AppFramework\Http\Dispatcher->executeController(["OCA\\Settings\ ... "], "listApps")
23. /var/www/html/lib/private/AppFramework/App.php line 183
    OC\AppFramework\Http\Dispatcher->dispatch(["OCA\\Settings\ ... "], "listApps")
24. /var/www/html/lib/private/Route/Router.php line 315
    OC\AppFramework\App::main("OCA\\Settings\\ ... r", "listApps", ["OC\\AppFramewo ... "], ["settings.AppSettings.listApps"])
25. /var/www/html/lib/base.php line 1065
    OC\Route\Router->match("/settings/apps/list")
26. /var/www/html/index.php line 36
    OC::handleRequest()

GET /settings/apps/list
from 172.18.0.1 by admin at 2023-09-14T12:44:51+00:00
[PHP] Error: dns_get_record(): A temporary server error occurred. at /var/www/html/lib/private/Http/Client/DnsPinMiddleware.php#84

GET /settings/apps/list
from 172.18.0.1 by admin at 2023-09-14T12:44:51+00:00

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'htaccess.RewriteBase' => '/',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'apps_paths' => 
  array (
    0 => 
    array (
      'path' => '/var/www/html/apps',
      'url' => '/apps',
      'writable' => false,
    ),
    1 => 
    array (
      'path' => '/var/www/html/custom_apps',
      'url' => '/custom_apps',
      'writable' => true,
    ),
  ),
  'instanceid' => '',
  'passwordsalt' => '',
  'secret' => '',
  'trusted_domains' => 
  array (
    0 => 'nextcloud-dev.mywebsite.com',
  ),
  'datadirectory' => '/var/www/html/data',
  'dbtype' => 'mysql',
  'version' => '26.0.5.1',
  'overwrite.cli.url' => 'http://nextcloud-dev.mywebsite.com',
  'dbname' => 'nextcloud',
  'dbhost' => 'db',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'nextcloud',
  'dbpassword' => ,
  'installed' => true,
);

I’ve searched the forum but couldn’t find a conclusive answer. Any ideas would be gratefully accepted.

hi @matte welcome to the forum

is OK I have same settings in my working installation.

shortly somebody reported there was an issue with firewall - please double check.

My server is still on Debian 11 so I can’t tell right settings for sure…

your back from the future ?

I don’t believe the dns directive in your docker compose can work if you’re not bridging your network_mode. You also shouldn’t need to specify it as long as DNS is functional on your host. The Docker Engine will take care of providing DNS. So… remove that entry from your compose then stop and restart everything.

Whoops, yes that should of course be 12.1

All outbound traffic is allowed on the hosting provider (Hetzner).
ufw status:

To                         Action      From
--                         ------      ----
22/tcp                     LIMIT       Anywhere                  
80/tcp                     ALLOW       Anywhere                  
443/tcp                    ALLOW       Anywhere                  
22/tcp (v6)                LIMIT       Anywhere (v6)             
80/tcp (v6)                ALLOW       Anywhere (v6)             
443/tcp (v6)               ALLOW       Anywhere (v6)

I’ve removed the DNS entry, unfortunately it hasn’t made any difference. (I only added after seeing it may have been a solution for others!)

Let’s check the basics of your Docker environment. This will tell you whether to focus on adjusting your NC stack’s compose file or your Docker Engine config and host firewall config.

Try this to start up a simple container to test connectivity from:

docker run -it --rm busybox

Example:

xxx@xxx:~$ docker run -it --rm busybox
Unable to find image 'busybox:latest' locally
latest: Pulling from library/busybox
3f4d90098f5b: Pull complete 
Digest: sha256:3fbc632167424a6d997e74f52b878d7cc478225cffac6bc977eedfe51c7f4e79
Status: Downloaded newer image for busybox:latest
/ # ping google.com
PING google.com (142.251.163.138): 56 data bytes
64 bytes from 142.251.163.138: seq=0 ttl=104 time=9.137 ms
64 bytes from 142.251.163.138: seq=1 ttl=104 time=9.465 ms
^C
--- google.com ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 9.137/9.301/9.465 ms
/ # 

Thanks for your continued support jtr and wwe, I think your questions have got me to the answer.

I tried docker run -it --rm busybox, pinging google didn’t work. For completeness I also tried it on a band new machine, I only configured the users & installed docker etc. Still didn’t work.

Because this is a dev machine (and I’m cheap) I had only assigned an ipv6 external address to the server (prod will have ipv4 and ipv6). On a whim I tried assigning an ipv4 address and bingo! Everything seems to be working.