[Bug] 网络模式使用host，推送钉钉消息失败。

[PrinSoul]

Verify steps

• [X] Tracker 我已经在 Issue Tracker 中找过我要提出的问题
• [X] Latest 我已经使用 最新源码 测试过，问题依旧存在
• [X] Core 这是 QD 框架存在的问题，并非我所使用的 QD 早期版本（如 20210628及之前版号 等）或模板的特定问题
• [X] Meaningful 我提交的不是无意义的 催促更新或修复 请求

QD Version

20240210

Bug on OS

Linux

Bug on Platform

Docker/Linux 64位

To Reproduce

威联通中 使用桥接模式，所有功能正常，也能正常推送钉钉消息(每个docker单独配置hosts有点麻烦)； 将网络模式从桥接改成host主机之后，钉钉消息无法成功推送，其他功能正常。

测试Bot的页面，提示失败原因为空。

Describe the Bug

docker网络模式使用host，推送钉钉消息失败。

QD config

QD config是在哪里能找到呢？

镜像  qdtoday/qd:lite-latest@sha256:14e41044160af10afe945f79904763bdaf347371ccb92d38f3781fa68948c537
CMD sh -c python /usr/src/app/run.py
ENTRYPOINT  null
ENV 
CURL_VERSION    8.6.0
PATH    /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PORT    1234
PYCURL_SSL_LIBRARY  openssl
QIANDAO_LITE    True
SSL_VERSION 3.1.5
TZ  CST-8
标签  
maintainer  a76yyyy <q981331502@163.com>
org.opencontainers.image.source https://github.com/qd-today/qd

QD log

[I 240220 03:36:37 tornado.access web:2348] 304 GET /util/toolbox/1 (192.168.3.249) 1.34ms
[I 240220 03:36:40 tornado.access web:2348] 200 GET /user/1/regpush (192.168.3.249) 26.40ms
[I 240220 03:36:55 tornado.access web:2348] 200 POST /user/1/UserPushShowPvar (192.168.3.249) 86.23ms
[E 240220 03:37:45 QD.Http.Funcs funcs:227] Sent to DingDing error: 
[I 240220 03:37:45 tornado.access web:2348] 200 POST /user/1/regpush (192.168.3.249) 30388.35ms

Expected behavior

希望修复后，docker能使用host网络模式，推送钉钉消息。

Screenshots

[a76yyyy]

1. 检查威联通本地网络是否无法解析钉钉推送或者手动设置了钉钉推送网址的host，具体请看一下以下命令的执行结果:

ping oapi.dingtalk.com

2. QD容器环境变量指定 QD_DEBUG=True，以开启DEBUG模式，看看日志中钉钉推送测试的详细错误信息是否为 TimeoutError，如果是的话请检查威联通本地网络设置

[PrinSoul]

1. 检查威联通本地网络是否无法解析钉钉推送或者手动设置了钉钉推送网址的host，具体请看一下以下命令的执行结果:

ping oapi.dingtalk.com

2. QD容器环境变量指定 QD_DEBUG=True，以开启DEBUG模式，看看日志中钉钉推送测试的详细错误信息是否为 TimeoutError，如果是的话请检查威联通本地网络设置

威联通本机网络能ping通 oapi.dingtalk.com，进入到网络设置为host的容器内则无法ping通 oapi.dingtalk.com（桥接的容器能ping通）

[~] # docker exec -it qd-lite-host /bin/sh
/usr/src/app # ping oapi.dingtalk.com
PING oapi.dingtalk.com (2401:b180:2000:60::f): 56 data bytes

[I 240220 13:29:25 tornado.access web:2348] 200 POST /user/1/regpush (192.168.3.249) 30526.69ms
        raise asyncio.TimeoutError from None
    TimeoutError
      File "/usr/lib/python3.11/site-packages/aiohttp/helpers.py", line 725, in __exit__
        with timer:
      File "/usr/lib/python3.11/site-packages/aiohttp/client.py", line 493, in _request
                     ^^^^^^^^^^^^^^^^
        self._resp = await self._coro
      File "/usr/lib/python3.11/site-packages/aiohttp/client.py", line 1167, in __aenter__
        async with session.post(link, json=d, verify_ssl=False, timeout=config.request_timeout) as res:
      File "/usr/src/app/libs/funcs.py", line 220, in send2dingding
    Traceback (most recent call last):
[E 240220 13:29:25 QD.Http.Funcs funcs:227] Sent to DingDing error:
[I 240220 13:28:39 tornado.access web:2348] 200 GET /user/1/regpush (192.168.3.249) 7.17ms

[acooler15]

1. 检查威联通本地网络是否无法解析钉钉推送或者手动设置了钉钉推送网址的host，具体请看一下以下命令的执行结果:

ping oapi.dingtalk.com

2. QD容器环境变量指定 QD_DEBUG=True，以开启DEBUG模式，看看日志中钉钉推送测试的详细错误信息是否为 TimeoutError，如果是的话请检查威联通本地网络设置

威联通本机网络能ping通 oapi.dingtalk.com，进入到网络设置为host的容器内则无法ping通 oapi.dingtalk.com（桥接的容器能ping通）

[I 240220 13:29:25 tornado.access web:2348] 200 POST /user/1/regpush (192.168.3.249) 30526.69ms
        raise asyncio.TimeoutError from None
    TimeoutError
      File "/usr/lib/python3.11/site-packages/aiohttp/helpers.py", line 725, in __exit__
        with timer:
      File "/usr/lib/python3.11/site-packages/aiohttp/client.py", line 493, in _request
                     ^^^^^^^^^^^^^^^^
        self._resp = await self._coro
      File "/usr/lib/python3.11/site-packages/aiohttp/client.py", line 1167, in __aenter__
        async with session.post(link, json=d, verify_ssl=False, timeout=config.request_timeout) as res:
      File "/usr/src/app/libs/funcs.py", line 220, in send2dingding
    Traceback (most recent call last):
[E 240220 13:29:25 QD.Http.Funcs funcs:227] Sent to DingDing error:
[I 240220 13:28:39 tornado.access web:2348] 200 GET /user/1/regpush (192.168.3.249) 7.17ms

其它网址能否ping通？例如百度这些？

[acooler15]

检查在容器内、宿主机中能否ping通其它域名； 检查容器的DNS配置（创建容器时是否指定了DNS？在容器内是否设置了DNS？或者该容器使用的NetWork在创建时是否指定了DNS？) 检查宿主机的DNS配置情况（docker容器创建时或docker network创建时可能会使用宿主机的/etc/resolv.conf）

[PrinSoul]

1. 检查威联通本地网络是否无法解析钉钉推送或者手动设置了钉钉推送网址的host，具体请看一下以下命令的执行结果:

ping oapi.dingtalk.com

2. QD容器环境变量指定 QD_DEBUG=True，以开启DEBUG模式，看看日志中钉钉推送测试的详细错误信息是否为 TimeoutError，如果是的话请检查威联通本地网络设置

威联通本机网络能ping通 oapi.dingtalk.com，进入到网络设置为host的容器内则无法ping通 oapi.dingtalk.com（桥接的容器能ping通）

[I 240220 13:29:25 tornado.access web:2348] 200 POST /user/1/regpush (192.168.3.249) 30526.69ms
        raise asyncio.TimeoutError from None
    TimeoutError
      File "/usr/lib/python3.11/site-packages/aiohttp/helpers.py", line 725, in __exit__
        with timer:
      File "/usr/lib/python3.11/site-packages/aiohttp/client.py", line 493, in _request
                     ^^^^^^^^^^^^^^^^
        self._resp = await self._coro
      File "/usr/lib/python3.11/site-packages/aiohttp/client.py", line 1167, in __aenter__
        async with session.post(link, json=d, verify_ssl=False, timeout=config.request_timeout) as res:
      File "/usr/src/app/libs/funcs.py", line 220, in send2dingding
    Traceback (most recent call last):
[E 240220 13:29:25 QD.Http.Funcs funcs:227] Sent to DingDing error:
[I 240220 13:28:39 tornado.access web:2348] 200 GET /user/1/regpush (192.168.3.249) 7.17ms

其它网址能否ping通？例如百度这些？

威联通本机网络和桥接模式的docker内都能ping通 www.baidu.com 进入到网络设置为host的容器内则无法ping通 www.baidu.com

[PrinSoul]

检查在容器内、宿主机中能否ping通其它域名； 检查容器的DNS配置（创建容器时是否指定了DNS？在容器内是否设置了DNS？或者该容器使用的NetWork在创建时是否指定了DNS？) 检查宿主机的DNS配置情况（docker容器创建时或docker network创建时可能会使用宿主机的/etc/resolv.conf）

创建容器时没有指定IP和DNS 在容器内没有设置IP和DNS 全默认 直接选择了docker的网络模式为host

[acooler15]

检查在容器内、宿主机中能否ping通其它域名； 检查容器的DNS配置（创建容器时是否指定了DNS？在容器内是否设置了DNS？或者该容器使用的NetWork在创建时是否指定了DNS？) 检查宿主机的DNS配置情况（docker容器创建时或docker network创建时可能会使用宿主机的/etc/resolv.conf）

创建容器时没有指定IP和DNS 在容器内没有设置IP和DNS 全默认 直接选择了docker的网络模式为host

在容器内cat /etc/resolv.conf看一下DNS配置，在宿主机docker inspect -f '{{json .HostConfig}}' 容器名/ID查看一下配置

[PrinSoul]

检查在容器内、宿主机中能否ping通其它域名； 检查容器的DNS配置（创建容器时是否指定了DNS？在容器内是否设置了DNS？或者该容器使用的NetWork在创建时是否指定了DNS？) 检查宿主机的DNS配置情况（docker容器创建时或docker network创建时可能会使用宿主机的/etc/resolv.conf）

创建容器时没有指定IP和DNS 在容器内没有设置IP和DNS 全默认 直接选择了docker的网络模式为host

在容器内cat /etc/resolv.conf看一下DNS配置，在宿主机docker inspect -f '{{json .HostConfig}}' 容器名/ID查看一下配置

[~] # docker inspect -f '{{json .HostConfig}}' qd-lite-host
{"Binds":["34e72441dfe1d9f8bbfc325efba15bb97ca9056edda6c28c0b317ce4ab99a368:/usr/src/app/config"],"ContainerIDFile":"","LogConfig":{"Type":"json-file","Config":{"max-file":"10","max-size":"10m"}},"NetworkMode":"host","PortBindings":{},"RestartPolicy":{"Name":"no","MaximumRetryCount":0},"AutoRemove":false,"VolumeDriver":"","VolumesFrom":null,"CapAdd":["AUDIT_WRITE","CHOWN","DAC_OVERRIDE","FOWNER","FSETID","KILL","MKNOD","NET_BIND_SERVICE","NET_RAW","SETFCAP","SETGID","SETPCAP","SETUID","SYS_CHROOT"],"CapDrop":["AUDIT_CONTROL","BLOCK_SUSPEND","DAC_READ_SEARCH","IPC_LOCK","IPC_OWNER","LEASE","LINUX_IMMUTABLE","MAC_ADMIN","MAC_OVERRIDE","NET_ADMIN","NET_BROADCAST","SYSLOG","SYS_ADMIN","SYS_BOOT","SYS_MODULE","SYS_NICE","SYS_PACCT","SYS_PTRACE","SYS_RAWIO","SYS_RESOURCE","SYS_TIME","SYS_TTY_CONFIG","WAKE_ALARM"],"CgroupnsMode":"host","Dns":[],"DnsOptions":null,"DnsSearch":null,"ExtraHosts":[],"GroupAdd":null,"IpcMode":"private","Cgroup":"","Links":null,"OomScoreAdj":0,"PidMode":"","Privileged":false,"PublishAllPorts":true,"ReadonlyRootfs":false,"SecurityOpt":null,"UTSMode":"","UsernsMode":"","ShmSize":67108864,"Runtime":"runc","ConsoleSize":[0,0],"Isolation":"","CpuShares":0,"Memory":0,"NanoCpus":0,"CgroupParent":"","BlkioWeight":0,"BlkioWeightDevice":null,"BlkioDeviceReadBps":null,"BlkioDeviceWriteBps":null,"BlkioDeviceReadIOps":null,"BlkioDeviceWriteIOps":null,"CpuPeriod":0,"CpuQuota":0,"CpuRealtimePeriod":0,"CpuRealtimeRuntime":0,"CpusetCpus":"","CpusetMems":"","Devices":[],"DeviceCgroupRules":null,"DeviceRequests":[],"KernelMemory":0,"KernelMemoryTCP":0,"MemoryReservation":0,"MemorySwap":0,"MemorySwappiness":null,"OomKillDisable":false,"PidsLimit":null,"Ulimits":[{"Name":"nofile","Hard":65535,"Soft":65535}],"CpuCount":0,"CpuPercent":0,"IOMaximumIOps":0,"IOMaximumBandwidth":0,"MaskedPaths":["/proc/asound","/proc/acpi","/proc/kcore","/proc/keys","/proc/latency_stats","/proc/timer_list","/proc/timer_stats","/proc/sched_debug","/proc/scsi","/sys/firmware"],"ReadonlyPaths":["/proc/bus","/proc/fs","/proc/irq","/proc/sys","/proc/sysrq-trigger"],"Init":false}
[~] # docker exec -it qd-lite-host /bin/sh
/usr/src/app # cat /etc/resolv.conf
nameserver 10.0.3.1
/usr/src/app # 

[acooler15]

检查在容器内、宿主机中能否ping通其它域名； 检查容器的DNS配置（创建容器时是否指定了DNS？在容器内是否设置了DNS？或者该容器使用的NetWork在创建时是否指定了DNS？) 检查宿主机的DNS配置情况（docker容器创建时或docker network创建时可能会使用宿主机的/etc/resolv.conf）

创建容器时没有指定IP和DNS 在容器内没有设置IP和DNS 全默认 直接选择了docker的网络模式为host

在容器内cat /etc/resolv.conf看一下DNS配置，在宿主机docker inspect -f '{{json .HostConfig}}' 容器名/ID查看一下配置

[~] # docker inspect -f '{{json .HostConfig}}' qd-lite-host
{"Binds":["34e72441dfe1d9f8bbfc325efba15bb97ca9056edda6c28c0b317ce4ab99a368:/usr/src/app/config"],"ContainerIDFile":"","LogConfig":{"Type":"json-file","Config":{"max-file":"10","max-size":"10m"}},"NetworkMode":"host","PortBindings":{},"RestartPolicy":{"Name":"no","MaximumRetryCount":0},"AutoRemove":false,"VolumeDriver":"","VolumesFrom":null,"CapAdd":["AUDIT_WRITE","CHOWN","DAC_OVERRIDE","FOWNER","FSETID","KILL","MKNOD","NET_BIND_SERVICE","NET_RAW","SETFCAP","SETGID","SETPCAP","SETUID","SYS_CHROOT"],"CapDrop":["AUDIT_CONTROL","BLOCK_SUSPEND","DAC_READ_SEARCH","IPC_LOCK","IPC_OWNER","LEASE","LINUX_IMMUTABLE","MAC_ADMIN","MAC_OVERRIDE","NET_ADMIN","NET_BROADCAST","SYSLOG","SYS_ADMIN","SYS_BOOT","SYS_MODULE","SYS_NICE","SYS_PACCT","SYS_PTRACE","SYS_RAWIO","SYS_RESOURCE","SYS_TIME","SYS_TTY_CONFIG","WAKE_ALARM"],"CgroupnsMode":"host","Dns":[],"DnsOptions":null,"DnsSearch":null,"ExtraHosts":[],"GroupAdd":null,"IpcMode":"private","Cgroup":"","Links":null,"OomScoreAdj":0,"PidMode":"","Privileged":false,"PublishAllPorts":true,"ReadonlyRootfs":false,"SecurityOpt":null,"UTSMode":"","UsernsMode":"","ShmSize":67108864,"Runtime":"runc","ConsoleSize":[0,0],"Isolation":"","CpuShares":0,"Memory":0,"NanoCpus":0,"CgroupParent":"","BlkioWeight":0,"BlkioWeightDevice":null,"BlkioDeviceReadBps":null,"BlkioDeviceWriteBps":null,"BlkioDeviceReadIOps":null,"BlkioDeviceWriteIOps":null,"CpuPeriod":0,"CpuQuota":0,"CpuRealtimePeriod":0,"CpuRealtimeRuntime":0,"CpusetCpus":"","CpusetMems":"","Devices":[],"DeviceCgroupRules":null,"DeviceRequests":[],"KernelMemory":0,"KernelMemoryTCP":0,"MemoryReservation":0,"MemorySwap":0,"MemorySwappiness":null,"OomKillDisable":false,"PidsLimit":null,"Ulimits":[{"Name":"nofile","Hard":65535,"Soft":65535}],"CpuCount":0,"CpuPercent":0,"IOMaximumIOps":0,"IOMaximumBandwidth":0,"MaskedPaths":["/proc/asound","/proc/acpi","/proc/kcore","/proc/keys","/proc/latency_stats","/proc/timer_list","/proc/timer_stats","/proc/sched_debug","/proc/scsi","/sys/firmware"],"ReadonlyPaths":["/proc/bus","/proc/fs","/proc/irq","/proc/sys","/proc/sysrq-trigger"],"Init":false}
[~] # docker exec -it qd-lite-host /bin/sh
/usr/src/app # cat /etc/resolv.conf
nameserver 10.0.3.1
/usr/src/app # 

10.0.3.1是你的网关IP么？看一下是否和宿主机的一致。如果一致的话可能是NAS防火墙配置或者网关的防火墙配置给拒绝了。可以尝试查看修改防火墙配置，也可以指定容器的DNS为公共DNS试一下

[PrinSoul]

[~] # docker inspect -f '{{json .HostConfig}}' qd-lite-host
{"Binds":["34e72441dfe1d9f8bbfc325efba15bb97ca9056edda6c28c0b317ce4ab99a368:/usr/src/app/config"],"ContainerIDFile":"","LogConfig":{"Type":"json-file","Config":{"max-file":"10","max-size":"10m"}},"NetworkMode":"host","PortBindings":{},"RestartPolicy":{"Name":"no","MaximumRetryCount":0},"AutoRemove":false,"VolumeDriver":"","VolumesFrom":null,"CapAdd":["AUDIT_WRITE","CHOWN","DAC_OVERRIDE","FOWNER","FSETID","KILL","MKNOD","NET_BIND_SERVICE","NET_RAW","SETFCAP","SETGID","SETPCAP","SETUID","SYS_CHROOT"],"CapDrop":["AUDIT_CONTROL","BLOCK_SUSPEND","DAC_READ_SEARCH","IPC_LOCK","IPC_OWNER","LEASE","LINUX_IMMUTABLE","MAC_ADMIN","MAC_OVERRIDE","NET_ADMIN","NET_BROADCAST","SYSLOG","SYS_ADMIN","SYS_BOOT","SYS_MODULE","SYS_NICE","SYS_PACCT","SYS_PTRACE","SYS_RAWIO","SYS_RESOURCE","SYS_TIME","SYS_TTY_CONFIG","WAKE_ALARM"],"CgroupnsMode":"host","Dns":[],"DnsOptions":null,"DnsSearch":null,"ExtraHosts":[],"GroupAdd":null,"IpcMode":"private","Cgroup":"","Links":null,"OomScoreAdj":0,"PidMode":"","Privileged":false,"PublishAllPorts":true,"ReadonlyRootfs":false,"SecurityOpt":null,"UTSMode":"","UsernsMode":"","ShmSize":67108864,"Runtime":"runc","ConsoleSize":[0,0],"Isolation":"","CpuShares":0,"Memory":0,"NanoCpus":0,"CgroupParent":"","BlkioWeight":0,"BlkioWeightDevice":null,"BlkioDeviceReadBps":null,"BlkioDeviceWriteBps":null,"BlkioDeviceReadIOps":null,"BlkioDeviceWriteIOps":null,"CpuPeriod":0,"CpuQuota":0,"CpuRealtimePeriod":0,"CpuRealtimeRuntime":0,"CpusetCpus":"","CpusetMems":"","Devices":[],"DeviceCgroupRules":null,"DeviceRequests":[],"KernelMemory":0,"KernelMemoryTCP":0,"MemoryReservation":0,"MemorySwap":0,"MemorySwappiness":null,"OomKillDisable":false,"PidsLimit":null,"Ulimits":[{"Name":"nofile","Hard":65535,"Soft":65535}],"CpuCount":0,"CpuPercent":0,"IOMaximumIOps":0,"IOMaximumBandwidth":0,"MaskedPaths":["/proc/asound","/proc/acpi","/proc/kcore","/proc/keys","/proc/latency_stats","/proc/timer_list","/proc/timer_stats","/proc/sched_debug","/proc/scsi","/sys/firmware"],"ReadonlyPaths":["/proc/bus","/proc/fs","/proc/irq","/proc/sys","/proc/sysrq-trigger"],"Init":false}
[~] # docker exec -it qd-lite-host /bin/sh
/usr/src/app # cat /etc/resolv.conf
nameserver 10.0.3.1
/usr/src/app # 

10.0.3.1是你的网关IP么？看一下是否和宿主机的一致。如果一致的话可能是NAS防火墙配置或者网关的防火墙配置给拒绝了。可以尝试查看修改防火墙配置，也可以指定容器的DNS为公共DNS试一下

容器内已设置共用DNS，钉钉仍无法成功推送

容器内ping baidu.com 能通 ping www.baidu.com 不能通

[PrinSoul]

10.0.3.1是你的网关IP么？看一下是否和宿主机的一致。如果一致的话可能是NAS防火墙配置或者网关的防火墙配置给拒绝了。可以尝试查看修改防火墙配置，也可以指定容器的DNS为公共DNS试一下

我把威联通的ipv6停用了才正常

[a76yyyy]

host模式未启用ipv6支持，手动启用即可