Open skepticalwaves opened 3 years ago
My testing showed that /etc/hosts
entries only seem to make it into the container's /etc/hosts
if you launch the container with --net=host
:
docker run --rm docker.io/alpine:3.13 /bin/sh -c 'cat /etc/hosts'
. Has a pristine /etc/hosts
file that looks like this:127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.2 4dcf9047f2f8
docker run --rm --net=host docker.io/alpine:3.13 /bin/sh -c 'cat /etc/hosts'
. Has the host's /etc/hosts
file merged into its own.I also have matrix.DOMAIN
pointed to 127.0.0.1
in my own /etc/hosts
file, but it hasn't affected services negatively (yet).
I don't think we run containers with --net=host
though, so I wonder how you came to run into this issue. Perhaps some other way? Or some different Docker version does things differently?
This was deployed on a pristine Ubuntu 20.04.1 using only the ansible script, with ansible installed via pip3.
The only component I had issues with was the matrix_appservice_discord bot:
Jan 25 03:43:08 matrix systemd[1]: Started Matrix Appservice Discord bridge.
Jan 25 03:43:14 matrix matrix-appservice-discord[250626]: Jan-25 03:43:14.011 [DiscordStore] info: Starting DB Init
Jan 25 03:43:14 matrix matrix-appservice-discord[250626]: Jan-25 03:43:14.017 [DiscordStore] info: connString present in config, using postgres
Jan 25 03:43:14 matrix matrix-appservice-discord[250626]: Jan-25 03:43:14.019 [Postgres] info: Opening @matrix-postgres:5432/matrix_appservice_discord
Jan 25 03:43:14 matrix matrix-appservice-discord[250626]: Jan-25 03:43:14.120 [DiscordStore] info: Database schema version is 11, latest version is 11
Jan 25 03:43:14 matrix matrix-appservice-discord[250626]: Jan-25 03:43:14.121 [DiscordStore] info: Updated database to the latest schema
Jan 25 03:43:14 matrix matrix-appservice-discord[250626]: Jan-25 03:43:14.138 [bot-sdkMatrixLiteClient (REQ-1)] info: [ 'POST https://matrix.<redacted>.com/_matrix/client/r0/register' ]
Jan 25 03:43:14 matrix matrix-appservice-discord[250626]: Jan-25 03:43:14.181 [bot-sdkMatrixLiteClient (REQ-1)] error: [
Jan 25 03:43:14 matrix matrix-appservice-discord[250626]: Error: connect ECONNREFUSED 127.0.1.1:443
Jan 25 03:43:14 matrix matrix-appservice-discord[250626]: at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1146:16) {
Jan 25 03:43:14 matrix matrix-appservice-discord[250626]: errno: -111,
Jan 25 03:43:14 matrix matrix-appservice-discord[250626]: code: 'ECONNREFUSED',
Jan 25 03:43:14 matrix matrix-appservice-discord[250626]: syscall: 'connect',
Jan 25 03:43:14 matrix matrix-appservice-discord[250626]: address: '127.0.1.1',
Jan 25 03:43:14 matrix matrix-appservice-discord[250626]: port: 443
Jan 25 03:43:14 matrix matrix-appservice-discord[250626]: }
Jan 25 03:43:14 matrix matrix-appservice-discord[250626]: ]
Jan 25 03:43:14 matrix matrix-appservice-discord[250626]: Jan-25 03:43:14.184 [bot-sdkAppservice] error: [ 'Encountered error registering user: ' ]
Jan 25 03:43:14 matrix matrix-appservice-discord[250626]: Jan-25 03:43:14.185 [bot-sdkAppservice] error: [
Jan 25 03:43:14 matrix matrix-appservice-discord[250626]: Error: connect ECONNREFUSED 127.0.1.1:443
Jan 25 03:43:14 matrix matrix-appservice-discord[250626]: at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1146:16) {
Jan 25 03:43:14 matrix matrix-appservice-discord[250626]: errno: -111,
Jan 25 03:43:14 matrix matrix-appservice-discord[250626]: code: 'ECONNREFUSED',
Jan 25 03:43:14 matrix matrix-appservice-discord[250626]: syscall: 'connect',
Jan 25 03:43:14 matrix matrix-appservice-discord[250626]: address: '127.0.1.1',
Jan 25 03:43:14 matrix matrix-appservice-discord[250626]: port: 443
Jan 25 03:43:14 matrix matrix-appservice-discord[250626]: }
Jan 25 03:43:14 matrix matrix-appservice-discord[250626]: ]
Jan 25 03:43:14 matrix matrix-appservice-discord[250626]: Jan-25 03:43:14.190 [DiscordAS] error: A fatal error occurred during startup: Error: connect ECONNREFUSED 127.0.1.1:443
Jan 25 03:43:14 matrix matrix-appservice-discord[250626]: at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1146:16) {
Jan 25 03:43:14 matrix matrix-appservice-discord[250626]: errno: -111,
Jan 25 03:43:14 matrix matrix-appservice-discord[250626]: code: 'ECONNREFUSED',
Jan 25 03:43:14 matrix matrix-appservice-discord[250626]: syscall: 'connect',
Jan 25 03:43:14 matrix matrix-appservice-discord[250626]: address: '127.0.1.1',
Jan 25 03:43:14 matrix matrix-appservice-discord[250626]: port: 443
Jan 25 03:43:14 matrix matrix-appservice-discord[250626]: }
Jan 25 03:43:14 matrix systemd[1]: matrix-appservice-discord.service: Main process exited, code=exited, status=1/FAILURE
Jan 25 03:43:14 matrix systemd[1]: matrix-appservice-discord.service: Failed with result 'exit-code'.
After adjusting /etc/hosts
and restarting the bot, things started working.
Interesting! What's your vars.yml
file like (hiding secrets, of course)?
# The bare domain name which represents your Matrix identity.
# Matrix user ids for your server will be of the form (`@user:<matrix-domain>`).
#
# Note: this playbook does not touch the server referenced here.
# Installation happens on another server ("matrix.<matrix-domain>").
#
# If you've deployed using the wrong domain, you'll have to run the Uninstalling step,
# because you can't change the Domain after deployment.
#
# Example value: example.com
matrix_domain: <redacted>
# This is something which is provided to Let's Encrypt when retrieving SSL certificates for domains.
#
# In case SSL renewal fails at some point, you'll also get an email notification there.
#
# If you decide to use another method for managing SSL certifites (different than the default Let's Encrypt),
# you won't be required to define this variable (see `docs/configuring-playbook-ssl-certificates.md`).
#
# Example value: someone@example.com
matrix_ssl_lets_encrypt_support_email: '<redacted>'
# A shared secret (between Coturn and Synapse) used for authentication.
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
matrix_coturn_turn_static_auth_secret: '<redacted>'
# A secret used to protect access keys issued by the server.
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
matrix_synapse_macaroon_secret_key: '<redacted>'
# A Postgres password to use for the superuser Postgres user (called `matrix` by default).
#
# The playbook creates additional Postgres users and databases (one for each enabled service)
# using this superuser account.
matrix_postgres_connection_password: '<redacted>'
# Additional Custom Setup Stuff added by SkepticalWaves
# Disable the identity server for now, no need for people to be id'd via email/phone
matrix_ma1sd_enabled: false
##ENABLE JITSI
matrix_jitsi_enabled: true
# Run `bash inventory/scripts/jitsi-generate-passwords.sh` to generate these passwords,
# or define your own strong passwords manually.
matrix_jitsi_jicofo_component_secret: <redacted>
matrix_jitsi_jicofo_auth_password: <redacted>
matrix_jitsi_jvb_auth_password: <redacted>
matrix_jitsi_jibri_recorder_password: <redacted>
matrix_jitsi_jibri_xmpp_password: <redacted>
#matrix_jitsi_enable_auth: true
#matrix_jitsi_enable_guests: true
matrix_jitsi_web_custom_config_extension: |
config.enableLayerSuspension = true;
config.disableAudioLevels = true;
// Limit the number of video feeds forwarded to each client
config.channelLastN = 4;
matrix_jitsi_web_config_resolution_width_ideal_and_max: 480
matrix_jitsi_web_config_resolution_height_ideal_and_max: 240
##ENABLE WEB ADMIN
matrix_synapse_admin_enabled: true
#Synapse
matrix_synapse_enable_registration: true
matrix_synapse_enable_registration_captcha: true
matrix_synapse_recaptcha_public_key: '<redacted>'
matrix_synapse_recaptcha_private_key: '<redacted>'
matrix_synapse_max_upload_size_mb: 10
matrix_synapse_configuration_extension_yaml: |
limit_remote_rooms:
enabled: true
complexity: 1.0
##Synapse Federation
matrix_synapse_allow_public_rooms_over_federation: true
##ELEMENT DEFAULTS
matrix_client_element_themes_enabled: true
matrix_client_element_default_theme: 'dark'
##Anti Spam Config
#matrix_synapse_ext_spam_checker_synapse_simple_antispam_enabled: true
#You need to specify domains to block
#matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers:
#- example.com
#- another.com
##Reminder bot
matrix_bot_matrix_reminder_bot_enabled: true
# Adjust this to whatever password you chose when registering the bot user
matrix_bot_matrix_reminder_bot_matrix_user_password: <redacted>
# Adjust this to your timezone
matrix_bot_matrix_reminder_bot_reminders_timezone: Europe/London
## Email configuration
matrix_mailer_sender_address: "matrix@<redacted>"
matrix_mailer_relay_use: true
matrix_mailer_relay_host_name: "mail.<redacted>"
matrix_mailer_relay_host_port: 587
matrix_mailer_relay_auth: true
matrix_mailer_relay_auth_username: "matrix@<redacted>"
matrix_mailer_relay_auth_password: "<redacted>"
## Dimension Configuration
matrix_dimension_enabled: true
matrix_dimension_admins:
- "<redacted>:{{ matrix_domain }}"
- "<redacted>:{{ matrix_domain }}"
- "<redacted>:{{ matrix_domain }}"
matrix_dimension_access_token: "<redacted>"
#Telegram Bridging
matrix_mautrix_telegram_enabled: true
matrix_mautrix_telegram_api_id: <redacted>
matrix_mautrix_telegram_api_hash: <redacted>
#Password provide
matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: <redacted>
#Discord bridging
matrix_mx_puppet_discord_enabled: false
#matrix_mx_puppet_discord_client_id: ""
#matrix_mx_puppet_discord_client_secret: ""
matrix_appservice_discord_enabled: true
matrix_appservice_discord_client_id: '<redacted>'
matrix_appservice_discord_bot_token: '<redacted>'
matrix_appservice_discord_bridge_enableSelfServiceBridging: true
matrix_appservice_webhooks_enabled: true
matrix_appservice_webhooks_api_secret: '<redacted>'
I don't see anything out of the ordinary that should trigger this.
Which Docker version are you on? docker version
.
root@matrix:~# docker version
Client: Docker Engine - Community
Version: 20.10.2
API version: 1.41
Go version: go1.13.15
Git commit: 2291f61
Built: Mon Dec 28 16:17:43 2020
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.2
API version: 1.41 (minimum version 1.12)
Go version: go1.13.15
Git commit: 8891c58
Built: Mon Dec 28 16:15:19 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.4.3
GitCommit: 269548fa27e0089a8b8278fc4fc781d7f65a939b
runc:
Version: 1.0.0-rc92
GitCommit: ff819c7e9184c13b7c2607fe6c30ae19403a7aff
docker-init:
Version: 0.19.0
GitCommit: de40ad0
Not sure why this happens.
I've tested on Ubuntu 20.04.1 LTS
With Docker 19.03.13, I can't reproduce it. docker run --network=some-custom-network ..
also leads to the same (no /etc/hosts
sharing). It's only with --net=host
that the container's /etc/hosts
file contains the entries from the host.
I have even upgraded that system to Docker 20.10.2, so it should be the same as yours. It's still the same result - custom /etc/hosts
entries are only transferred when --net=host
is used (which the playbook doesn't normally use).
https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-dns.md
I ran into an issue with the
matrix_appservice_discord
bot, because the bot was resolving thematrix.example.com
to 127.0.1.1 because that's how the default ubuntu/etc/hosts
config resolves it.I had to fix up
/etc/hosts
so the FQDN would resolve to the external IP.