2

I am running Jenkins as Docker image (https://hub.docker.com/_/jenkins) From within, I run a node-12 docker image as build container.

I am running a script to publish the new version to our local app store, which runs on the same VServer.

So now the phenomenon I have, is that I can't curl to the servers own URL. The bash script works flawlessly outside from my local machine, VServers shell and also from within other containers shell.

And now comes the most bizarre fact: I always get timeouts!

It is not "could not resolve" or similar.

Note: ips and domains are replaced with and ips with Curl commands

/ $ curl https://<my-domain> 
curl: (7) Failed to connect to <my-domain> port 443: Operation timed out 
/ $ curl https://example.domain
curl: (6) Could not resolve host: example.domain
/ $ curl -IL https://google.de 
HTTP/2 301

NodeJS Client Error

(node:90) UnhandledPromiseRejectionWarning: Error: connect ETIMEDOUT <my-ip>:443

    at Object._errnoException (util.js:992:11)
    at _exceptionWithHostPort (util.js:1014:20)
    at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1186:14)

Where as google or other websites are not a problem. It is only the own hosts URL.

I found that when running from the jenkins shell already, (docker exec -it jenkins bash) I am also not able to ping/curl/whatever

Thank you for any suggestions to fix this.

// edit

This is the docker-compose configuration. I am using traefik as reverse proxy.

  jenkins:
    image: jenkinsci/blueocean
    container_name: jenkins
    restart: always
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - jenkins_data:/var/jenkins_home
    labels:
      - "traefik.port=8080"
      - "traefik.frontend.rule=Host:ci.domain.example"
      - "traefik.frontend.passHostHeader=true"

jenkins is initialized using tini (https://github.com/krallin/tini)

            "Entrypoint": [
                "/sbin/tini",
                "--",
                "/usr/local/bin/jenkins.sh"
            ],

I'll check if tini is serving as firewall to this process.

If I docker exec into the container with root, I can even ping the IP, but still can't curl.

bash-4.4# ping <my-domain>
PING <my-domain> (<my-ip>): 56 data bytes 
64 bytes from <my-ip>: seq=0 ttl=64 time=0.085 ms

// edit 2

I believe the problem already starts with maven, the image jenkins is based on:

https://github.com/jenkinsci/jenkins/blob/master/Dockerfile

When I create a new docker container using maven, I get the exact same behavior as described above.

// edit 3

I get the same behavior in container maven and one level deeper in openjdk.. docker run -it openjdk:8-jdk with curl to own hostname results in same behavior.

Again: I don't get this in any other of my containers that run on debian/ubuntu.

// edit 4

Cannot reproduce from other vserver. Only this one vserver is affected.

Martin Muzatko
  • 21
  • 4
  • Timeouts usually mean a problem with a firewall. In rare cases, which I would consider possible as well with docker, it can also be a routing problem. Without seeing more of your configuration there is no way to even guess. – Gerald Schneider Oct 14 '19 at 12:29
  • And please, don't post screenshots of text that you can just copy&paste. – Gerald Schneider Oct 14 '19 at 12:31
  • From other containers, I can reach the hostname.. I'd guess it is then a problem with the jenkins container configuration. I'm extending the question to include the docker-compose parameters. – Martin Muzatko Oct 14 '19 at 12:31
  • Fun fact: with nmap I see that port 22 is open. I ssh into the server from within the docker container,, and then I can curl.. lol! – Martin Muzatko Oct 16 '19 at 13:02

0 Answers0