Support for host.docker.internal

[koseduhemak]

Adjust DNS config / nginx within swag to allow resolution "special DNS" name host.docker.internal (which points usally to 172.17.0.1). This "special DNS" "entry" is baked-in functionality of the docker engine in versions 20.10 and above (Linux)

---

Desired Behavior

Support host.docker.internal inside proxy-configs. This "magic" DNS name points to 172.17.0.1, if docker was configured especially. See https://stackoverflow.com/a/43541681.

Current Behavior

At the moment I need to set the IP 172.17.0.1 to direct traffic to the HOST. The setting "host.docker.internal" is not working at the moment (e.g. for passing traffic to a container running in host mode from swag instance, running in "bridge" network mode. Only 172.17.0.1 is working if one needs to access a container with network_mode "host" from a swag instance running with network_mode "bridge".

Alternatives Considered

Use 172.17.0.1 instead of "host.docker.internal". This works, but why not support docker backed-in DNS magic regarding "host.docker.internal" entry (which should resolve to 172.17.0.1).

[github-actions]

Thanks for opening your first issue here! Be sure to follow the bug or feature issue templates!

[Roxedus]

How do you propose we fix this on a container? This is something the docker engine has to support, and since you did not fill the issue template completely, I cant tell if the version you are on supports it.

[koseduhemak]

This feature, using special DNS entry host.docker.internal is indeed a docker engine feature. It does already work in Linux for docker versions 20.10 and above.
If you use a config similar like this:

version: "3.3"
services:
  swag:
    image: linuxserver/swag
    container_name: swag
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Berlin
      - URL=example.com
      - SUBDOMAINS=my-subdomain-here
      - ONLY_SUBDOMAINS=true
      - VALIDATION=dns
      - DNSPLUGIN=cloudflare
      - DHLEVEL=2048 #optional
      - STAGING=false #optional
      - PROPAGATION=60
    volumes:
      - /appdata/volumes/swag:/config
    ports:
      - 443:443
      - 80:80 #optional
    restart: always
    extra_hosts:
      - "host.docker.internal:host-gateway"

do a docker exec -it swag bash and from inside the swag container do a curl -vvv host.docker.internal:8080 you are able to access a webservice on the HOST system listening on port 8080.
In my case it is openhab, which is a docker container which runs in network_mode: host.
The output from curl (from within swag):

root@996f3a0768a1:/# curl -I http://host.docker.internal:8080
HTTP/1.1 200 OK
ETag: 1611677736000
Content-Type: text/html
Content-Length: 1000
Server: Jetty(9.4.20.v20190813)

However, if I configure something like this inside a nginx proxy-config, it does not work the same as it works with curl:

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name openhab.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    # enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /login;

        # enable for Authelia
        #include /config/nginx/authelia-location.conf;

        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app host.docker.internal;
        set $upstream_port 8080;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
    }
}

It does work, if I replace the line set $upstream_app host.docker.internal; with set $upstream_app 172.17.0.1; which is the IP host.docker.internal points to.
So I guess something is different in terms of DNS when using curl inside swag vs. nginx configuration within swag.

[Roxedus]

While I'm updating my laptop, looking at the PR that add it mentions that you might need --add-host=host.docker.internal:host-gateway.

moby/moby#40007

[Roxedus]

I missed that you had that in your compose, my bad

[Roxedus]

So I guess something is different in terms of DNS when using curl inside swag vs. nginx configuration within swag.

DIG nor nslookup actually resolves this, which is the culprit. All docker is doing is adding it to the host file, which their embedded DNS server happily ignores.

[ranomier]

How can we solve this? I have the same problem.

BTW curl for some reason works ?.?

[github-actions]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[thespad]

I don't believe it's possible to solve this issue with the current implementation of host.docker.internal on Linux as it directly modifies the local hosts file in the container and nginx does not and will not use that for name resolution.