Could not resolve host: github.com

Hi,

./launcher rebuild app

fatal: unable to access ‘GitHub - discourse/discourse: A platform for community discussion. Free, open, simple.’: Could not resolve host: github.com

but

root@discourse:/var/discourse# host github.com
github.com has address 140.82.121.3
github.com mail is handled by 1 aspmx.l.google.com.
github.com mail is handled by 10 alt4.aspmx.l.google.com.
github.com mail is handled by 10 alt3.aspmx.l.google.com.
github.com mail is handled by 5 alt1.aspmx.l.google.com.
github.com mail is handled by 5 alt2.aspmx.l.google.com.

any idea ?

Thanks


FAILED
--------------------
Pups::ExecError: cd /var/www/discourse && sudo -H -E -u discourse bash -c '
  set -o errexit
  if [ $(git rev-parse --is-shallow-repository) == "true" ]; then
      git remote set-branches --add origin main
      git remote set-branches origin tests-passed
      git fetch --depth 1 origin tests-passed
  else
      git fetch --tags --prune-tags --prune --force origin
  fi
' failed with return #<Process::Status: pid 144 exit 128>
Location of failure: /usr/local/lib/ruby/gems/3.3.0/gems/pups-1.2.1/lib/pups/exec_command.rb:132:in `spawn'
exec failed with the params {"cd"=>"$home", "hook"=>"code", "cmd"=>["sudo -H -E -u discourse git clean -f", "sudo -H -E -u discourse bash -c '\n  set -o errexit\n  if [ $(git rev-parse --is-shallow-repository) == \"true\" ]; then\n      git remote set-branches --add origin main\n      git remote set-branches origin $version\n      git fetch --depth 1 origin $version\n  else\n      git fetch --tags --prune-tags --prune --force origin\n  fi\n'", "sudo -H -E -u discourse bash -c '\n  set -o errexit\n  if [[ $(git symbolic-ref --short HEAD) == $version ]] ; then\n      git pull\n  else\n      git -c advice.detachedHead=false checkout $version\n  fi\n'", "sudo -H -E -u discourse git config user.discourse-version $version", "mkdir -p tmp", "chown discourse:www-data tmp", "mkdir -p tmp/pids", "mkdir -p tmp/sockets", "touch tmp/.gitkeep", "mkdir -p                    /shared/log/rails", "bash -c \"touch -a           /shared/log/rails/{production,production_errors,unicorn.stdout,unicorn.stderr,sidekiq}.log\"", "bash -c \"ln    -s           /shared/log/rails/{production,production_errors,unicorn.stdout,unicorn.stderr,sidekiq}.log $home/log\"", "bash -c \"mkdir -p           /shared/{uploads,backups}\"", "bash -c \"ln    -s           /shared/{uploads,backups} $home/public\"", "bash -c \"mkdir -p           /shared/tmp/{backups,restores}\"", "bash -c \"ln    -s           /shared/tmp/{backups,restores} $home/tmp\"", "chown -R discourse:www-data /shared/log/rails /shared/uploads /shared/backups /shared/tmp", "[ ! -d public/plugins ] || find public/plugins/ -maxdepth 1 -xtype l -delete"]}
bootstrap failed with exit code 128

That’s inside the container, so you could have a docker networking issue, or it could have been a temporary issue?

Is the container using the hosts /etc/resolv.conf by default? If there is a local resolver like nameserver 127.0.0.1, I guess that one might not be available from within the container. Unbound is configured to allow queries from all reserved IP ranges, including 172.16.0.0/12 used by Docker containers, so that is not the issue.

Though as we run into the same issue on rebuild, and indeed set up our own Unbound in the meantime, also after removing the the line so that /etc/resolv.conf contains again only nameserver 1.1.1.1 like before, the rebuild still fails at the same point. So maybe it is even cached somewhere? :thinking:

From the host, github.com can be resolved without issues.

EDIT: Nope, the /etc/resolv.conf is not the issue now. I added some debug output:

I, [2025-09-25T17:32:38.092043 #1]  INFO -- : > cd /var/www/discourse && cat /etc/resolv.conf
I, [2025-09-25T17:32:38.093195 #1]  INFO -- : # Generated by Docker Engine.
# This file can be edited; Docker Engine will not make further changes once it
# has been modified.

nameserver 1.1.1.1

# Based on host file: '/etc/resolv.conf' (legacy)
# Overrides: []

I, [2025-09-25T17:32:38.093221 #1]  INFO -- : > cd /var/www/discourse && getent hosts github.com
I, [2025-09-25T17:32:58.111177 #1]  INFO -- :
I, [2025-09-25T17:32:58.111456 #1]  INFO -- : Terminating async processes

EDIT: apt update as well hangs forever, a test curl fails as well, both as test added to the Discourse templates to check whether network is online. nameserver 9.9.9.9 does not work either, so looks like the container has no network access, but no idea why.

… EDIT2: Okay, in our case Fail2Ban banned the container IP due to an invalid user account email address it was trying to sent emails to, triggering the Fail2Ban Postfix filter :smile:.

Hence, checking Fail2Ban can be one debug step if container has not network.

EDIT3: In Fail2Ban’s jail config:

ignoreip = 127.0.0.1/8 172.16.0.0/12

To avoid loopback and Docker IPs being banned.