Docker container cannot connect to IPv4 discovery host

TL;DR

Inside a Docker container, Syncthing can’t connect to global@https://discovery-v4.syncthing.net/v2/ and global@https://discovery-v6.syncthing.net/v2/. Outside of container, Syncthing can connect to v4 but not v6. How can I fix that?

Problem

When I run the Docker container (either the official one or the LinuxServer one, the container is unable to IPv4 and IPv6 connect to the relay hosts. However, when I run Syncthing on the same machine, but outside of a Docker container, things work as expected. Other machines on the same network are able to connect to the IPv4 relay, but not the IPv6 relay.

Notes

  • The UI for the Docker container is behind a reverse proxy. See the nginx.conf section shared below.
  • The server is a NixOS machine with the firewall disabled.
  • I am running a local DNS server. However, running dig https://discovery-v{4,6}.syncthing.net returns as expected

Config and Logs

Errors message from log

listenerSupervisor@dynamic+https://relays.syncthing.net/endpoint: service dynamic+https://relays.syncthing.net/endpoint failed: Get "https://relays.syncthing.net/endpoint": dial tcp: lookup relays.syncthing.net on 127.0.0.11:53: read udp 127.0.0.1:40966->127.0.0.11:53: i/o timeout

Error message from UI

global@https://discovery-v4.syncthing.net/v2/: Post "https://discovery-v4.syncthing.net/v2/": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
global@https://discovery-v6.syncthing.net/v2/: Post "https://discovery-v6.syncthing.net/v2/": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)

nginx.conf

    location /syncthing/ {
      proxy_pass http://syncthing:8384/;

      proxy_set_header        Host $host;
      proxy_set_header        X-Real-IP $remote_addr;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto $scheme;
      proxy_read_timeout      600s;
      proxy_send_timeout      600s;
    }
    location /syncthing {
      rewrite ^([^.]*[^/])$ $1/ permanent;
    }

docker-compose.yml

  syncthing:
    image: ghcr.io/linuxserver/syncthing
    hostname: atlas
    environment:
      PUID: "1000"
      PGID: "100"
    ports:
      - "22000:22000/tcp"
      - "22000:22000/udp"
      - "21027:21027/udp"
    volumes:
      - "/data/documents/notes:/notes"
      - "./syncthing:/config"
    restart: unless-stopped

Logs when running Syncthing inside the Docker container

2021-07-25 16:41:38 My ID: <ID>
2021-07-25 16:41:38 Single thread SHA256 performance is 213 MB/s using minio/sha256-simd (212 MB/s using crypto/sha256).
2021-07-25 16:41:39 Hashing performance is 181.14 MB/s
2021-07-25 16:41:39 Overall send rate is unlimited, receive rate is unlimited
2021-07-25 16:41:39 Using discovery mechanism: global discovery server https://discovery.syncthing.net/v2/?noannounce&id=<ID2>
2021-07-25 16:41:39 Using discovery mechanism: global discovery server https://discovery-v4.syncthing.net/v2/?nolookup&id=<ID2>
2021-07-25 16:41:39 Using discovery mechanism: global discovery server https://discovery-v6.syncthing.net/v2/?nolookup&id=<ID2>
2021-07-25 16:41:39 Using discovery mechanism: IPv4 local broadcast discovery on port 21027
2021-07-25 16:41:39 Using discovery mechanism: IPv6 local multicast discovery on address [ff12::8384]:21027
2021-07-25 16:41:39 TCP listener ([::]:22000) starting
2021-07-25 16:41:39 ...
2021-07-25 16:41:39 Relay listener (dynamic+https://relays.syncthing.net/endpoint) starting
2021-07-25 16:41:39 QUIC listener ([::]:22000) starting
2021-07-25 16:41:39 Ready to synchronize "Default Folder" (default) (sendreceive)
2021-07-25 16:41:39 Completed initial scan of sendreceive folder "Default Folder" (default)
2021-07-25 16:41:39 GUI and API listening on [::]:8384
2021-07-25 16:41:39 Access the GUI via the following URL: http://127.0.0.1:8384/
2021-07-25 16:41:39 My name is "atlas"
2021-07-25 16:41:39 Device <ID3> is "Orion" at [dynamic]
2021-07-25 16:41:49 Relay listener (dynamic+https://relays.syncthing.net/endpoint) shutting down
2021-07-25 16:41:49 listenerSupervisor@dynamic+https://relays.syncthing.net/endpoint: service dynamic+https://relays.syncthing.net/endpoint failed: Get "https://relays.syncthing.net/endpoint": dial tcp: lookup relays.syncthing.net on 127.0.0.11:53: read udp 127.0.0.1:33866->127.0.0.11:53: i/o timeout
2021-07-25 16:41:49 Relay listener (dynamic+https://relays.syncthing.net/endpoint) starting
2021-07-25 16:41:53 Detected 1 NAT service
2021-07-25 16:41:59 Relay listener (dynamic+https://relays.syncthing.net/endpoint) shutting down
2021-07-25 16:41:59 listenerSupervisor@dynamic+https://relays.syncthing.net/endpoint: service dynamic+https://relays.syncthing.net/endpoint failed: Get "https://relays.syncthing.net/endpoint": dial tcp: lookup relays.syncthing.net on 127.0.0.11:53: read udp 127.0.0.1:40966->127.0.0.11:53: i/o timeout
2021-07-25 16:41:59 Relay listener (dynamic+https://relays.syncthing.net/endpoint) starting
2021-07-25 16:42:09 Relay listener (dynamic+https://relays.syncthing.net/endpoint) shutting down
2021-07-25 16:42:09 listenerSupervisor@dynamic+https://relays.syncthing.net/endpoint: service dynamic+https://relays.syncthing.net/endpoint failed: Get "https://relays.syncthing.net/endpoint": dial tcp: lookup relays.syncthing.net on 127.0.0.11:53: read udp 127.0.0.1:34348->127.0.0.11:53: i/o timeout

dig https://discovery-v{4,6}.syncthing.net

❯ dig https://discovery-v{4,6}.syncthing.net                                                                                                                                                                                            dig

; <<>> DiG 9.16.16 <<>> https://discovery-v4.syncthing.net https://discovery-v6.syncthing.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20970
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;https://discovery-v4.syncthing.net. IN A

;; AUTHORITY SECTION:
syncthing.net.          1800    IN      SOA     ns1.digitalocean.com. hostmaster.syncthing.net. 1616692690 10800 3600 604800 1800

;; Query time: 251 msec
;; SERVER: 100.70.234.26#53(100.70.234.26)
;; WHEN: Sun Jul 25 10:56:54 MDT 2021
;; MSG SIZE  rcvd: 130

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 43594
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;https://discovery-v6.syncthing.net. IN A

;; AUTHORITY SECTION:
syncthing.net.          1800    IN      SOA     ns1.digitalocean.com. hostmaster.syncthing.net. 1616692690 10800 3600 604800 1800

;; Query time: 69 msec
;; SERVER: 100.70.234.26#53(100.70.234.26)
;; WHEN: Sun Jul 25 10:56:54 MDT 2021
;; MSG SIZE  rcvd: 130E  rcvd: 12

It’s attempting to talk to a local DNS server inside the Docker container. I think you need to adjust the DNS settings for your containers. This might be helpful:

Just my luck—the dns option in Docker Compose is broken right now, so I can’t yet specify a different DNS server.

Thanks for the quick response.

What you really need in the end is probably an /etc/resolv.conf in the container that points to something sensible. Perhaps you can hand roll this, or add a step to sed s/127.0.0.11/8.8.8.8/ or whatever before starting Syncthing.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.