docksal: Not able to resolve on Corporate VPN "502 Bad Gateway"
Description
I having issues with the DNS inside corporate VPN when I visit my local project I got 502 Bad Gateway error, I have followed the instructions on the troubleshooting sections for DNS RESOLVER.
cat ~/.docksal/docksal.env
DOCKSAL_UUID=7191f153-3c2f-3f9e-ae06-cc245233259f
DOCKSAL_DNS_UPSTREAM="10.134.18.43"
DOCKSAL_NO_DNS_RESOLVER="1"
nslookup google.com
Server: 10.134.18.43
Address: 10.134.18.43#53
Non-authoritative answer:
Name: google.com
Address: 173.194.219.101
Steps to reproduce the issue:
- Connect to Cisco AnyConnect VPN
- Visit localhost http://baxter.docksal.site/
Describe the results you received:
502 Bad Gateway.
Describe the results you expected:
Be able to connect to the localhost, that only works when I’m disconnected from VPN
Output of fin config:
fin config output
---------------------
COMPOSE_PROJECT_NAME_SAFE: corvette
COMPOSE_FILE:
/home/gutierm18/.docksal/stacks/volumes-bind.yml
/home/gutierm18/.docksal/stacks/stack-acquia.yml
/home/gutierm18/Documents/Drupal/Corvette/.docksal/docksal.yml
/home/gutierm18/Documents/Drupal/Corvette/.docksal/docksal-local.yml
ENV_FILE:
/home/gutierm18/Documents/Drupal/Corvette/.docksal/docksal.env
/home/gutierm18/Documents/Drupal/Corvette/.docksal/docksal-local.env
PROJECT_ROOT: /home/gutierm18/Documents/Drupal/Corvette
DOCROOT: docroot
VIRTUAL_HOST: baxter.docksal.site
VIRTUAL_HOST_ALIASES: *.baxter.docksal.site
IP: 192.168.64.100
MYSQL: 192.168.64.100:32769
Docker Compose configuration
---------------------
services:
cli:
build:
context: /home/gutierm18/Documents/Drupal/Corvette/.docksal/services/cli
dns:
- 192.168.64.100
- 10.134.18.43
environment:
BLACKFIRE_CLIENT_ID: null
BLACKFIRE_CLIENT_TOKEN: null
COMPOSER_ALLOW_XDEBUG: '0'
COMPOSER_DISABLE_XDEBUG_WARN: '0'
DEFAULT_BUILD_THEME_PROFILE: bax_base
DOCKSAL_ENV: "true"
DOCROOT: docroot
DRUSH_ALLOW_XDEBUG: '0'
DRUSH_OPTIONS_URI: baxter.docksal.site
GIT_USER_EMAIL: manuel_gutierrez@baxter.com
GIT_USER_NAME: gutierm18
HOST_GID: '1000'
HOST_UID: '1000'
MYSQL_DATABASE: default
MYSQL_HOST: db
MYSQL_PASSWORD: user
MYSQL_ROOT_PASSWORD: root
MYSQL_USER: user
PHP_IDE_CONFIG: serverName=baxter.docksal.site
PUPPETEER_EXECUTABLE_PATH: /usr/bin/google-chrome
PUPPETEER_SKIP_CHROMIUM_DOWNLOAD: "true"
SECRET_ACAPI_EMAIL: null
SECRET_ACAPI_KEY: null
SECRET_ACQUIACLI_KEY: null
SECRET_ACQUIACLI_SECRET: null
SECRET_ACSF_API_KEY: 702d7*****63e29
SECRET_ACSF_USER: mangu*****gutie
SECRET_PLATFORMSH_CLI_TOKEN: null
SECRET_SSH_PRIVATE_KEY: null
SECRET_TERMINUS_TOKEN: null
SSH_AUTH_SOCK: /.ssh-agent/proxy-socket
VIRTUAL_HOST: baxter.docksal.site
XDEBUG_CONFIG: idekey=PHPSTORM remote_host=192.168.64.1
XDEBUG_ENABLED: '0'
hostname: cli
image: corvette_cli
labels:
io.docksal.shell: bash
io.docksal.user: docker
logging:
options:
max-file: '10'
max-size: 1m
volumes:
- docksal_ssh_agent:/.ssh-agent:ro
- cli_home:/home/docker:rw
- /home/gutierm18/.docksal/tmp/corvette:/home/gutierm18/.docksal/tmp/corvette:ro
- project_root:/var/www:rw,nocopy,cached
db:
dns:
- 192.168.64.100
- 10.134.18.43
environment:
MYSQL_ALLOW_EMPTY_PASSWORD: null
MYSQL_DATABASE: default
MYSQL_INITDB_SKIP_TZINFO: null
MYSQL_ONETIME_PASSWORD: null
MYSQL_PASSWORD: user
MYSQL_RANDOM_ROOT_PASSWORD: null
MYSQL_ROOT_PASSWORD: root
MYSQL_USER: user
hostname: db
image: docksal/mysql:5.6-1.5
logging:
options:
max-file: '10'
max-size: 1m
ports:
- 3306/tcp
volumes:
- db_data:/var/lib/mysql:rw
- project_root:/var/www:ro,nocopy,cached
mail:
dns:
- 192.168.64.100
- 10.134.18.43
hostname: mail
image: mailhog/mailhog
labels:
io.docksal.cert-name: none
io.docksal.virtual-host: mail.baxter.docksal.site,mail.baxter.docksal.site.*
io.docksal.virtual-port: '8025'
logging:
options:
max-file: '10'
max-size: 1m
volumes:
- project_root:/var/www:ro,nocopy,cached
memcached:
command:
- -m
- '128'
dns:
- 192.168.64.100
- 10.134.18.43
hostname: memcached
image: memcached:1.4-alpine
logging:
options:
max-file: '10'
max-size: 1m
solr:
dns:
- 192.168.64.100
- 10.134.18.43
hostname: solr
image: docksal/solr:1.0-solr4
labels:
io.docksal.cert-name: none
io.docksal.virtual-host: solr.baxter.docksal.site,solr.baxter.docksal.site.*
io.docksal.virtual-port: '8983'
logging:
options:
max-file: '10'
max-size: 1m
volumes:
- project_root:/var/www:ro,nocopy,cached
varnish:
depends_on:
web:
condition: service_started
dns:
- 192.168.64.100
- 10.134.18.43
environment:
VARNISH_BACKEND_HOST: web
hostname: varnish
image: docksal/varnish:1.1-varnish4
labels:
io.docksal.cert-name: none
io.docksal.virtual-host: varnish.renaldtpmy20201802.baxter.docksal.site,varnish.renaldtpmy20201903.baxter.docksal.site,varnish.canadapro20200427.baxter.docksal.site,varnish.evoiqbr.baxter.docksal.site,varnish.pdempowersv2.baxter.docksal.site,varnish.renalpoland05142020.baxter.docksal.site,varnish.apacevents.baxter.docksal.site,varnish.renaldtptr.baxter.docksal.site,varnish.starling.baxter.docksal.site,varnish.becpoland.baxter.docksal.site
logging:
options:
max-file: '10'
max-size: 1m
volumes:
- project_root:/var/www:ro,nocopy,cached
web:
depends_on:
cli:
condition: service_started
dns:
- 192.168.64.100
- 10.134.18.43
environment:
APACHE_BASIC_AUTH_PASS: null
APACHE_BASIC_AUTH_USER: null
APACHE_DOCUMENTROOT: /var/www/docroot
APACHE_FCGI_HOST_PORT: cli:9000
VIRTUAL_HOST: baxter.docksal.site
hostname: web
image: docksal/apache:2.4-2.3
labels:
io.docksal.cert-name: none
io.docksal.permanent: "false"
io.docksal.project-root: /home/gutierm18/Documents/Drupal/Corvette
io.docksal.virtual-host: baxter.docksal.site,*.baxter.docksal.site,baxter.docksal.site.*
logging:
options:
max-file: '10'
max-size: 1m
volumes:
- project_root:/var/www:ro,nocopy,cached
version: '2.1'
volumes:
cli_home: {}
db_data: {}
docksal_ssh_agent:
external: true
name: docksal_ssh_agent
project_root:
driver: local
driver_opts:
device: /home/gutierm18/Documents/Drupal/Corvette
o: bind
type: none
Output of fin sysinfo:
fin sysinfo output
███ OS
Linux Debian GNU/Linux 10
Linux debian 4.19.0-9-amd64 #1 SMP Debian 4.19.118-2+deb10u1 (2020-06-07) x86_64 GNU/Linux
███ ENVIRONMENT
MODE : Linux Kernel
DOCKER_HOST :
███ FIN
fin version: 1.99.0
███ DOCKER COMPOSE
EXPECTED VERSION: 1.26.0
docker-compose version 1.26.0, build d4451659
docker-py version: 4.2.1
CPython version: 3.7.7
OpenSSL version: OpenSSL 1.1.0l 10 Sep 2019
███ DOCKER
EXPECTED CLIENT VERSION: 19.03.9
EXPECTED SERVER VERSION: 19.03.9
Client: Docker Engine - Community
Version: 19.03.12
API version: 1.40
Go version: go1.13.10
Git commit: 48a66213fe
Built: Mon Jun 22 15:45:50 2020
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.12
API version: 1.40 (minimum version 1.12)
Go version: go1.13.10
Git commit: 48a66213fe
Built: Mon Jun 22 15:44:21 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.2.13
GitCommit: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc:
Version: 1.0.0-rc10
GitCommit: dc9208a3303feef5b3839f4323d9beb36df0a9dd
docker-init:
Version: 0.18.0
GitCommit: fec3683
███ DOCKSAL: PROJECTS
project STATUS virtual host project root
corvette Up 3 minutes (healthy) baxter.docksal.site,*.baxter.docksal.site,baxter.docksal.site.* /home/gutierm18/Documents/Drupal/Corvette
███ DOCKSAL: VIRTUAL HOSTS
*.baxter.docksal.site
baxter.docksal.site.*
baxter.docksal.site
mail.baxter.docksal.site.*
mail.baxter.docksal.site
solr.baxter.docksal.site.*
solr.baxter.docksal.site
varnish.apacevents.baxter.docksal.site
varnish.becpoland.baxter.docksal.site
varnish.canadapro20200427.baxter.docksal.site
varnish.evoiqbr.baxter.docksal.site
varnish.pdempowersv2.baxter.docksal.site
varnish.renaldtpmy20201802.baxter.docksal.site
varnish.renaldtpmy20201903.baxter.docksal.site
varnish.renaldtptr.baxter.docksal.site
varnish.renalpoland05142020.baxter.docksal.site
varnish.starling.baxter.docksal.site
███ DOCKSAL: NETWORKING
DOCKSAL_IP: 192.168.64.100
DOCKSAL_VHOST_PROXY_IP:
DOCKSAL_DNS_IP:
DOCKSAL_DNS_DISABLED: 0
DOCKSAL_NO_DNS_RESOLVER: 1
DOCKSAL_DNS_UPSTREAM: 10.134.18.43
DOCKSAL_DNS_DOMAIN: docksal
Checking connectivity to http://dns-test.docksal...
Host: FAIL
Containers: FAIL
███ DOCKER: RUNNING CONTAINERS
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
234953a3c73b docksal/varnish:1.1-varnish4 "/opt/startup.sh" 3 minutes ago Up 3 minutes 80/tcp, 6082/tcp corvette_varnish_1
da516bb4ad06 docksal/apache:2.4-2.3 "httpd-foreground" 3 minutes ago Up 3 minutes (healthy) 80/tcp, 443/tcp corvette_web_1
d8c8aebb366f memcached:1.4-alpine "docker-entrypoint.s…" 3 minutes ago Up 3 minutes 11211/tcp corvette_memcached_1
3237223d913e docksal/mysql:5.6-1.5 "docker-entrypoint.s…" 3 minutes ago Up 3 minutes (healthy) 0.0.0.0:32769->3306/tcp corvette_db_1
a55316a587c8 docksal/solr:1.0-solr4 "/opt/solr/bin/solr …" 3 minutes ago Up 3 minutes 8983/tcp corvette_solr_1
f91077413f03 mailhog/mailhog "MailHog" 3 minutes ago Up 3 minutes 1025/tcp, 8025/tcp corvette_mail_1
3e28c5b978ba corvette_cli "/opt/startup.sh sup…" 3 minutes ago Up 3 minutes (healthy) 22/tcp, 3000/tcp, 9000/tcp corvette_cli_1
7a5b88fdaa3c docksal/ssh-agent:1.3 "docker-entrypoint.s…" 3 minutes ago Up 3 minutes (healthy) docksal-ssh-agent
a2817f6ee41e docksal/dns:1.1 "docker-entrypoint.s…" 3 minutes ago Up 3 minutes (healthy) 192.168.64.100:53->53/udp docksal-dns
fb9b7f949699 docksal/vhost-proxy:1.6 "docker-entrypoint.s…" 3 minutes ago Up 3 minutes (healthy) 192.168.64.100:80->80/tcp, 192.168.64.100:443->443/tcp docksal-vhost-proxy
███ DOCKER: NETWORKS
NETWORK ID NAME DRIVER SCOPE
5e82b24b2e66 _default bridge local
d594c0f8181b bridge bridge local
384e85bef220 corvette_default bridge local
7178d868eb7a ctfd_default bridge local
3018586cdb7a ctfd_internal bridge local
51edf210b7f8 ddev_default bridge local
011acff5c2b2 host host local
feaa37f104df none null local
d194d8ff7317 test-site-vpn-off_default bridge local
a33b40bdff7a test-site_default bridge local
███ VIRTUALBOX
EXPECTED VERSION: 6.1.10
WARNING: The vboxdrv kernel module is not loaded. Either there is no module
available for the current kernel (4.19.0-9-amd64) or it failed to
load. Please recompile the kernel module and install it by
sudo /sbin/vboxconfig
You will not be able to start VMs until this problem is fixed.
6.1.10r138449
███ HDD Usage
Filesystem Size Used Avail Use% Mounted on
udev 7.8G 0 7.8G 0% /dev
tmpfs 1.6G 27M 1.6G 2% /run
/dev/mapper/debian--vg-root 453G 94G 337G 22% /
tmpfs 7.8G 324M 7.5G 5% /dev/shm
tmpfs 5.0M 4.0K 5.0M 1% /run/lock
tmpfs 7.8G 0 7.8G 0% /sys/fs/cgroup
/dev/loop1 145M 145M 0 100% /snap/zoom-client/90
/dev/loop2 55M 55M 0 100% /snap/core18/1754
/dev/loop3 159M 159M 0 100% /snap/gitkraken/157
/dev/loop5 256K 256K 0 100% /snap/gtk2-common-themes/9
/dev/loop4 273M 273M 0 100% /snap/freecad/8
/dev/loop0 62M 62M 0 100% /snap/authy/4
/dev/loop7 55M 55M 0 100% /snap/core18/1880
/dev/loop8 162M 162M 0 100% /snap/gnome-3-28-1804/128
/dev/loop6 97M 97M 0 100% /snap/core/9665
/dev/loop11 55M 55M 0 100% /snap/gtk-common-themes/1502
/dev/loop9 63M 63M 0 100% /snap/gtk-common-themes/1506
/dev/loop10 164M 164M 0 100% /snap/spotify/41
/dev/loop12 545M 545M 0 100% /snap/freecad/16
/dev/loop13 11M 11M 0 100% /snap/kubectl/1559
/dev/loop14 161M 161M 0 100% /snap/gnome-3-28-1804/116
/dev/loop15 62M 62M 0 100% /snap/authy/3
/dev/loop16 145M 145M 0 100% /snap/zoom-client/92
/dev/loop17 11M 11M 0 100% /snap/kubectl/1580
/dev/loop18 30M 30M 0 100% /snap/snapd/8542
/dev/loop19 30M 30M 0 100% /snap/snapd/8140
/dev/nvme0n1p2 237M 109M 117M 49% /boot
/dev/nvme0n1p1 511M 5.1M 506M 1% /boot/efi
/dev/loop20 156M 156M 0 100% /snap/gitkraken/159
/dev/loop22 97M 97M 0 100% /snap/core/9436
/dev/loop23 256K 256K 0 100% /snap/gtk2-common-themes/13
/dev/loop24 178M 178M 0 100% /snap/skype/139
/dev/loop25 178M 178M 0 100% /snap/skype/143
tmpfs 1.6G 24K 1.6G 1% /run/user/1000
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Comments: 18 (11 by maintainers)
Commits related to this issue
- Updated VPN troubleshooting docs Mentioned that the VPN workaround is only possible with Docker Desktop for Mac/Windows (see #1397). — committed to docksal/docksal by deleted user 4 years ago
ok, that’s what I’d expect. The page you saw in the browser was likely just a cache.
We discussed this issue last week with @lpeabody in the maintainers Slack and it looks like there may be no way around strict VPNs on Linux. The VPN workaround in the docs (https://docs.docksal.io/troubleshooting/vpn/) only works with Docker Desktop for Mac/Win and we should update the docs to mention that.
This article looks somewhat worthy of investigation https://www.lullabot.com/articles/fixing-docker-and-vpn-ip-address-conflicts.
If you follow the steps in that, does it resolve your issue?
@mangutie check https://docs.docksal.io/troubleshooting/vpn/
@mangutie if you disable DNS resolver you have to manage your DNS records manually or use
docksal.siteTLD by settingfin config set --global DOCKSAL_DNS_DOMAIN=docksal.site, restarting your project and accessing them accordinglyyourproject.docksal.site