Docker 容器无法从 github.com 克隆
Docker container unable to clone from github.com
我目前正尝试使用 HypriotOS 版本 0.6.1 在 Raspberry Pi 2 上 运行 docker 容器。不幸的是,在我的家庭网络上,我无法从 GitHub.
克隆
root@aaeac2ab909d:/home/meteor# GIT_CURL_VERBOSE=1 git clone --depth 1 https://github.com/4commerce-technologies-AG/meteor.git
Cloning into 'meteor'...
* Couldn't find host github.com in the .netrc file; using defaults
* Hostname was NOT found in DNS cache
* Trying 192.30.252.129...
* Connected to github.com (192.30.252.129) port 443 (#0)
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt
* server certificate verification OK
* common name: github.com (matched)
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: RSA
* certificate version: #3
* subject:
* start date: Tue, 08 Apr 2014 00:00:00 GMT
* expire date: Tue, 12 Apr 2016 12:00:00 GMT
* issuer: C=US,O=DigiCert Inc,OU=www.digicert.com,CN=DigiCert SHA2 Extended Validation Server CA
* compression: NULL
* cipher: AES-128-GCM
* MAC: AEAD
> GET /4commerce-technologies-AG/meteor.git/info/refs?service=git-upload-pack HTTP/1.1
User-Agent: git/2.1.4
Host: github.com
Accept: */*
Accept-Encoding: gzip
Pragma: no-cache
< HTTP/1.1 200 OK
* Server GitHub Babel 2.0 is not blacklisted
< Server: GitHub Babel 2.0
< Content-Type: application/x-git-upload-pack-advertisement
< Transfer-Encoding: chunked
< Expires: Fri, 01 Jan 1980 00:00:00 GMT
< Pragma: no-cache
< Cache-Control: no-cache, max-age=0, must-revalidate
< Vary: Accept-Encoding
< X-GitHub-Request-Id: 4B8A08F2:2C58:14CD5B7:56972928
<
* Connection #0 to host github.com left intact
* Couldn't find host github.com in the .netrc file; using defaults
* Found bundle for host github.com: 0x83cdf8
* Re-using existing connection! (#0) with host github.com
* Connected to github.com (192.30.252.129) port 443 (#0)
> POST /4commerce-technologies-AG/meteor.git/git-upload-pack HTTP/1.1
User-Agent: git/2.1.4
Host: github.com
Accept-Encoding: gzip
Content-Type: application/x-git-upload-pack-request
Accept: application/x-git-upload-pack-result
Content-Length: 205
* upload completely sent off: 205 out of 205 bytes
< HTTP/1.1 200 OK
* Server GitHub Babel 2.0 is not blacklisted
< Server: GitHub Babel 2.0
< Content-Type: application/x-git-upload-pack-result
< Transfer-Encoding: chunked
< Expires: Fri, 01 Jan 1980 00:00:00 GMT
< Pragma: no-cache
< Cache-Control: no-cache, max-age=0, must-revalidate
< Vary: Accept-Encoding
< X-GitHub-Request-Id: 4B8A08F2:2C58:14CD5EE:56972928
<
* Connection #0 to host github.com left intact
* Couldn't find host github.com in the .netrc file; using defaults
* Found bundle for host github.com: 0x83cdf8
* Re-using existing connection! (#0) with host github.com
* Connected to github.com (192.30.252.129) port 443 (#0)
> POST /4commerce-technologies-AG/meteor.git/git-upload-pack HTTP/1.1
User-Agent: git/2.1.4
Host: github.com
Accept-Encoding: gzip
Content-Type: application/x-git-upload-pack-request
Accept: application/x-git-upload-pack-result
Content-Length: 214
* upload completely sent off: 214 out of 214 bytes
< HTTP/1.1 200 OK
* Server GitHub Babel 2.0 is not blacklisted
< Server: GitHub Babel 2.0
< Content-Type: application/x-git-upload-pack-result
< Transfer-Encoding: chunked
< Expires: Fri, 01 Jan 1980 00:00:00 GMT
< Pragma: no-cache
< Cache-Control: no-cache, max-age=0, must-revalidate
< Vary: Accept-Encoding
< X-GitHub-Request-Id: 4B8A08F2:2C58:14CD635:56972929
<
remote: Counting objects: 2610, done.
remote: Compressing objects: 100% (2235/2235), done.
* GnuTLS recv error (-54): Error in the pull function.B/s
* Closing connection 0
error: RPC failed; result=56, HTTP code = 200| 2.90 MiB/s
fatal: The remote end hung up unexpectedly
fatal: early EOF
fatal: index-pack failed
这个错误每次都像时钟一样发生。我把系统带到了一个新的网络,它工作得很好,这表明我的家庭网络有问题。
我怀疑这与我使用 DNSMasq 的路由器本地 DNS 设置有关,但我不确定。以下是我的路由器上的 DNSMasq 选项:
路由器 DNSMasq 设置
主机/etc/resolv.conf
nameserver 127.0.1.1
search home.lan
容器/etc/resolv.conf
domain home.lan
search home.lan
nameserver 192.168.11.1
有趣的是,今晚我决定尝试 运行 使用 --net=host 标志连接我的容器,想知道它是否与 docker 的网桥和我的网络设置有关。这显然也可以完美运行!
容器成功git克隆
root@black-pearl:/home/meteor# GIT_CURL_VERBOSE=1 git clone --depth 1 https://github.com/4commerce-technologies-AG/meteor.git
Cloning into 'meteor'...
* Couldn't find host github.com in the .netrc file; using defaults
* Hostname was NOT found in DNS cache
* Trying 192.30.252.128...
* Connected to github.com (192.30.252.128) port 443 (#0)
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt
* server certificate verification OK
* common name: github.com (matched)
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: RSA
* certificate version: #3
* subject:
* start date: Tue, 08 Apr 2014 00:00:00 GMT
* expire date: Tue, 12 Apr 2016 12:00:00 GMT
* issuer: C=US,O=DigiCert Inc,OU=www.digicert.com,CN=DigiCert SHA2 Extended Validation Server CA
* compression: NULL
* cipher: AES-128-GCM
* MAC: AEAD
> GET /4commerce-technologies-AG/meteor.git/info/refs?service=git-upload-pack HTTP/1.1
User-Agent: git/2.1.4
Host: github.com
Accept: */*
Accept-Encoding: gzip
Pragma: no-cache
< HTTP/1.1 200 OK
* Server GitHub Babel 2.0 is not blacklisted
< Server: GitHub Babel 2.0
< Content-Type: application/x-git-upload-pack-advertisement
< Transfer-Encoding: chunked
< Expires: Fri, 01 Jan 1980 00:00:00 GMT
< Pragma: no-cache
< Cache-Control: no-cache, max-age=0, must-revalidate
< Vary: Accept-Encoding
< X-GitHub-Request-Id: 4B8A08F2:59C7:1E862A2:56972ABF
<
* Connection #0 to host github.com left intact
* Couldn't find host github.com in the .netrc file; using defaults
* Found bundle for host github.com: 0xb83df8
* Re-using existing connection! (#0) with host github.com
* Connected to github.com (192.30.252.128) port 443 (#0)
> POST /4commerce-technologies-AG/meteor.git/git-upload-pack HTTP/1.1
User-Agent: git/2.1.4
Host: github.com
Accept-Encoding: gzip
Content-Type: application/x-git-upload-pack-request
Accept: application/x-git-upload-pack-result
Content-Length: 205
* upload completely sent off: 205 out of 205 bytes
< HTTP/1.1 200 OK
* Server GitHub Babel 2.0 is not blacklisted
< Server: GitHub Babel 2.0
< Content-Type: application/x-git-upload-pack-result
< Transfer-Encoding: chunked
< Expires: Fri, 01 Jan 1980 00:00:00 GMT
< Pragma: no-cache
< Cache-Control: no-cache, max-age=0, must-revalidate
< Vary: Accept-Encoding
< X-GitHub-Request-Id: 4B8A08F2:59C7:1E86326:56972ABF
<
* Connection #0 to host github.com left intact
* Couldn't find host github.com in the .netrc file; using defaults
* Found bundle for host github.com: 0xb83df8
* Re-using existing connection! (#0) with host github.com
* Connected to github.com (192.30.252.128) port 443 (#0)
> POST /4commerce-technologies-AG/meteor.git/git-upload-pack HTTP/1.1
User-Agent: git/2.1.4
Host: github.com
Accept-Encoding: gzip
Content-Type: application/x-git-upload-pack-request
Accept: application/x-git-upload-pack-result
Content-Length: 214
* upload completely sent off: 214 out of 214 bytes
< HTTP/1.1 200 OK
* Server GitHub Babel 2.0 is not blacklisted
< Server: GitHub Babel 2.0
< Content-Type: application/x-git-upload-pack-result
< Transfer-Encoding: chunked
< Expires: Fri, 01 Jan 1980 00:00:00 GMT
< Pragma: no-cache
< Cache-Control: no-cache, max-age=0, must-revalidate
< Vary: Accept-Encoding
< X-GitHub-Request-Id: 4B8A08F2:59C7:1E863C3:56972AC0
<
remote: Counting objects: 2610, done.
remote: Compressing objects: 100% (2235/2235), done.
* Connection #0 to host github.com left intact | 2.47 MiB/s
remote: Total 2610 (delta 245), reused 1412 (delta 149), pack-reused 0
Receiving objects: 100% (2610/2610), 14.26 MiB | 2.34 MiB/s, done.
Resolving deltas: 100% (245/245), done.
Checking connectivity... done.
Checking out files: 100% (2413/2413), done.
我试过在路由器上禁用 DNSMasq,但这似乎没有帮助,所以我想知道是否有人对尝试让 docker 的本地桥接模式工作有任何想法?
我忘了我在这里问过这个问题。但是,对于那些也遇到这个问题的人。
@aaronlehmann 在 GitHub Issue #1090 上发现了解决方案。这个问题曾经(可能仍然)影响 AWS 实例,但似乎也影响了一些住宅连接。
有两种可能的修复方法:
- 打开 conntrack 的 "be liberal" 标志:
echo 1 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_be_liberal。这导致 conntrack/NAT 将 TCP window 之外的数据包视为被跟踪流的一部分,而不是将它们标记为无效并导致它们由主机处理。
- 添加规则以丢弃无效数据包而不是允许它们触发 RST:
iptables -I INPUT -m conntrack --ctstate INVALID -j DROP
对我来说,ip_conntrack_tcp_be_liberal 在重启后永远不会保持其设置。每次我想使用 docker 时都需要手动 运行 上面的命令,所以对我来说最好的解决方案是保存
iptables -I INPUT -m conntrack --ctstate INVALID -j DROP
进入我的 iptables。
然后所有问题都消失了!
我目前正尝试使用 HypriotOS 版本 0.6.1 在 Raspberry Pi 2 上 运行 docker 容器。不幸的是,在我的家庭网络上,我无法从 GitHub.
克隆root@aaeac2ab909d:/home/meteor# GIT_CURL_VERBOSE=1 git clone --depth 1 https://github.com/4commerce-technologies-AG/meteor.git
Cloning into 'meteor'...
* Couldn't find host github.com in the .netrc file; using defaults
* Hostname was NOT found in DNS cache
* Trying 192.30.252.129...
* Connected to github.com (192.30.252.129) port 443 (#0)
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt
* server certificate verification OK
* common name: github.com (matched)
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: RSA
* certificate version: #3
* subject:
* start date: Tue, 08 Apr 2014 00:00:00 GMT
* expire date: Tue, 12 Apr 2016 12:00:00 GMT
* issuer: C=US,O=DigiCert Inc,OU=www.digicert.com,CN=DigiCert SHA2 Extended Validation Server CA
* compression: NULL
* cipher: AES-128-GCM
* MAC: AEAD
> GET /4commerce-technologies-AG/meteor.git/info/refs?service=git-upload-pack HTTP/1.1
User-Agent: git/2.1.4
Host: github.com
Accept: */*
Accept-Encoding: gzip
Pragma: no-cache
< HTTP/1.1 200 OK
* Server GitHub Babel 2.0 is not blacklisted
< Server: GitHub Babel 2.0
< Content-Type: application/x-git-upload-pack-advertisement
< Transfer-Encoding: chunked
< Expires: Fri, 01 Jan 1980 00:00:00 GMT
< Pragma: no-cache
< Cache-Control: no-cache, max-age=0, must-revalidate
< Vary: Accept-Encoding
< X-GitHub-Request-Id: 4B8A08F2:2C58:14CD5B7:56972928
<
* Connection #0 to host github.com left intact
* Couldn't find host github.com in the .netrc file; using defaults
* Found bundle for host github.com: 0x83cdf8
* Re-using existing connection! (#0) with host github.com
* Connected to github.com (192.30.252.129) port 443 (#0)
> POST /4commerce-technologies-AG/meteor.git/git-upload-pack HTTP/1.1
User-Agent: git/2.1.4
Host: github.com
Accept-Encoding: gzip
Content-Type: application/x-git-upload-pack-request
Accept: application/x-git-upload-pack-result
Content-Length: 205
* upload completely sent off: 205 out of 205 bytes
< HTTP/1.1 200 OK
* Server GitHub Babel 2.0 is not blacklisted
< Server: GitHub Babel 2.0
< Content-Type: application/x-git-upload-pack-result
< Transfer-Encoding: chunked
< Expires: Fri, 01 Jan 1980 00:00:00 GMT
< Pragma: no-cache
< Cache-Control: no-cache, max-age=0, must-revalidate
< Vary: Accept-Encoding
< X-GitHub-Request-Id: 4B8A08F2:2C58:14CD5EE:56972928
<
* Connection #0 to host github.com left intact
* Couldn't find host github.com in the .netrc file; using defaults
* Found bundle for host github.com: 0x83cdf8
* Re-using existing connection! (#0) with host github.com
* Connected to github.com (192.30.252.129) port 443 (#0)
> POST /4commerce-technologies-AG/meteor.git/git-upload-pack HTTP/1.1
User-Agent: git/2.1.4
Host: github.com
Accept-Encoding: gzip
Content-Type: application/x-git-upload-pack-request
Accept: application/x-git-upload-pack-result
Content-Length: 214
* upload completely sent off: 214 out of 214 bytes
< HTTP/1.1 200 OK
* Server GitHub Babel 2.0 is not blacklisted
< Server: GitHub Babel 2.0
< Content-Type: application/x-git-upload-pack-result
< Transfer-Encoding: chunked
< Expires: Fri, 01 Jan 1980 00:00:00 GMT
< Pragma: no-cache
< Cache-Control: no-cache, max-age=0, must-revalidate
< Vary: Accept-Encoding
< X-GitHub-Request-Id: 4B8A08F2:2C58:14CD635:56972929
<
remote: Counting objects: 2610, done.
remote: Compressing objects: 100% (2235/2235), done.
* GnuTLS recv error (-54): Error in the pull function.B/s
* Closing connection 0
error: RPC failed; result=56, HTTP code = 200| 2.90 MiB/s
fatal: The remote end hung up unexpectedly
fatal: early EOF
fatal: index-pack failed
这个错误每次都像时钟一样发生。我把系统带到了一个新的网络,它工作得很好,这表明我的家庭网络有问题。
我怀疑这与我使用 DNSMasq 的路由器本地 DNS 设置有关,但我不确定。以下是我的路由器上的 DNSMasq 选项:
路由器 DNSMasq 设置
主机/etc/resolv.conf
nameserver 127.0.1.1
search home.lan
容器/etc/resolv.conf
domain home.lan
search home.lan
nameserver 192.168.11.1
有趣的是,今晚我决定尝试 运行 使用 --net=host 标志连接我的容器,想知道它是否与 docker 的网桥和我的网络设置有关。这显然也可以完美运行!
容器成功git克隆
root@black-pearl:/home/meteor# GIT_CURL_VERBOSE=1 git clone --depth 1 https://github.com/4commerce-technologies-AG/meteor.git
Cloning into 'meteor'...
* Couldn't find host github.com in the .netrc file; using defaults
* Hostname was NOT found in DNS cache
* Trying 192.30.252.128...
* Connected to github.com (192.30.252.128) port 443 (#0)
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt
* server certificate verification OK
* common name: github.com (matched)
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: RSA
* certificate version: #3
* subject:
* start date: Tue, 08 Apr 2014 00:00:00 GMT
* expire date: Tue, 12 Apr 2016 12:00:00 GMT
* issuer: C=US,O=DigiCert Inc,OU=www.digicert.com,CN=DigiCert SHA2 Extended Validation Server CA
* compression: NULL
* cipher: AES-128-GCM
* MAC: AEAD
> GET /4commerce-technologies-AG/meteor.git/info/refs?service=git-upload-pack HTTP/1.1
User-Agent: git/2.1.4
Host: github.com
Accept: */*
Accept-Encoding: gzip
Pragma: no-cache
< HTTP/1.1 200 OK
* Server GitHub Babel 2.0 is not blacklisted
< Server: GitHub Babel 2.0
< Content-Type: application/x-git-upload-pack-advertisement
< Transfer-Encoding: chunked
< Expires: Fri, 01 Jan 1980 00:00:00 GMT
< Pragma: no-cache
< Cache-Control: no-cache, max-age=0, must-revalidate
< Vary: Accept-Encoding
< X-GitHub-Request-Id: 4B8A08F2:59C7:1E862A2:56972ABF
<
* Connection #0 to host github.com left intact
* Couldn't find host github.com in the .netrc file; using defaults
* Found bundle for host github.com: 0xb83df8
* Re-using existing connection! (#0) with host github.com
* Connected to github.com (192.30.252.128) port 443 (#0)
> POST /4commerce-technologies-AG/meteor.git/git-upload-pack HTTP/1.1
User-Agent: git/2.1.4
Host: github.com
Accept-Encoding: gzip
Content-Type: application/x-git-upload-pack-request
Accept: application/x-git-upload-pack-result
Content-Length: 205
* upload completely sent off: 205 out of 205 bytes
< HTTP/1.1 200 OK
* Server GitHub Babel 2.0 is not blacklisted
< Server: GitHub Babel 2.0
< Content-Type: application/x-git-upload-pack-result
< Transfer-Encoding: chunked
< Expires: Fri, 01 Jan 1980 00:00:00 GMT
< Pragma: no-cache
< Cache-Control: no-cache, max-age=0, must-revalidate
< Vary: Accept-Encoding
< X-GitHub-Request-Id: 4B8A08F2:59C7:1E86326:56972ABF
<
* Connection #0 to host github.com left intact
* Couldn't find host github.com in the .netrc file; using defaults
* Found bundle for host github.com: 0xb83df8
* Re-using existing connection! (#0) with host github.com
* Connected to github.com (192.30.252.128) port 443 (#0)
> POST /4commerce-technologies-AG/meteor.git/git-upload-pack HTTP/1.1
User-Agent: git/2.1.4
Host: github.com
Accept-Encoding: gzip
Content-Type: application/x-git-upload-pack-request
Accept: application/x-git-upload-pack-result
Content-Length: 214
* upload completely sent off: 214 out of 214 bytes
< HTTP/1.1 200 OK
* Server GitHub Babel 2.0 is not blacklisted
< Server: GitHub Babel 2.0
< Content-Type: application/x-git-upload-pack-result
< Transfer-Encoding: chunked
< Expires: Fri, 01 Jan 1980 00:00:00 GMT
< Pragma: no-cache
< Cache-Control: no-cache, max-age=0, must-revalidate
< Vary: Accept-Encoding
< X-GitHub-Request-Id: 4B8A08F2:59C7:1E863C3:56972AC0
<
remote: Counting objects: 2610, done.
remote: Compressing objects: 100% (2235/2235), done.
* Connection #0 to host github.com left intact | 2.47 MiB/s
remote: Total 2610 (delta 245), reused 1412 (delta 149), pack-reused 0
Receiving objects: 100% (2610/2610), 14.26 MiB | 2.34 MiB/s, done.
Resolving deltas: 100% (245/245), done.
Checking connectivity... done.
Checking out files: 100% (2413/2413), done.
我试过在路由器上禁用 DNSMasq,但这似乎没有帮助,所以我想知道是否有人对尝试让 docker 的本地桥接模式工作有任何想法?
我忘了我在这里问过这个问题。但是,对于那些也遇到这个问题的人。
@aaronlehmann 在 GitHub Issue #1090 上发现了解决方案。这个问题曾经(可能仍然)影响 AWS 实例,但似乎也影响了一些住宅连接。
有两种可能的修复方法:
- 打开 conntrack 的 "be liberal" 标志:
echo 1 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_be_liberal。这导致 conntrack/NAT 将 TCP window 之外的数据包视为被跟踪流的一部分,而不是将它们标记为无效并导致它们由主机处理。 - 添加规则以丢弃无效数据包而不是允许它们触发 RST:
iptables -I INPUT -m conntrack --ctstate INVALID -j DROP
对我来说,ip_conntrack_tcp_be_liberal 在重启后永远不会保持其设置。每次我想使用 docker 时都需要手动 运行 上面的命令,所以对我来说最好的解决方案是保存
iptables -I INPUT -m conntrack --ctstate INVALID -j DROP
进入我的 iptables。
然后所有问题都消失了!