Self-Hosting Accessing the host address from inside a container

blog thumbnail


Hello everyone! đź‘‹

This post is about accessing the host URL from inside a Podman (or Docker) container and how to avoida mistake I made when setting up containers.

If you have a service running inside a container, and you would like to access the host URL you will have touse a special address called the host-gateway address. Other options include hard-coding the host ip address.

You can use any of the following URLs when you want to access the host from inside a container:

  • host.containers.internal
  • host.docker.internal
Source:
Code: 
The host-gateway address is also used by Podman to automatically add the 
host.containers.internal and host.docker.internal hostnames to /etc/hosts.

What not to do​

When I was setting up the Forgejo Runner for my NucuLabs Forge I added the host.containers.internal to the /etc/hosts file on my system.

The reason I did that is that Forgejo was behind Anubis, a proxy that protects it from scrappers and LLMs.

My first thought was that if Forgejo is behind the proxy then the Runner can’t access it.

Since the Runner’s jobs run inside Docker containers and the runner runs on host I needed an address to give to both services so that they both can connect to Forgejo. So I gave them host.containers.internal and I tried to be smart by adding a line in /etc/hosts to make host.containers.internal point to 127.0.0.1.

This worked fine, until I’ve restarted the system.

When Podman started it also read the /etc/hosts file and the settings from there took precedence over what it had initially (the IP of the host machine). Since I’ve used host.containers.internal in other containers as well, they all started to point to 127.0.0.1, making other services to become unavailable.

It took me a while to debug this and find the root cause. This hack worked just fine before rebooting the system.

The solution was easy, remove the entry from /etc/hosts and use https://forge.nuculabs.de/ as the URL for the Forgejo Runner, even if Anubis is in front of it, the Runner could access the Forgejo instance.

If I wasn’t trying to be smart I could have just tried this in the first place and avoid workarounds. Thank you for reading!

I will write soon an article about putting Anubis in front of your services so stay tuned by subscribing to the newsletter or RSS feed!
 
Click to expand...
You must log in or register to reply here.
Back
Top