Unable to resolve domain name when trying to migrate a repo

[c-4-m]

• Gitea version (or commit ref): 1.15.0
• Git version: not relevant
• Operating system:
  Docker (20.10.3-0554), running on Synology NAS (920+, DSM 6.2.4-25556) , set up via the DSM Docker GUI. I access gitea via the reverse proxy built into DSM (git.DOMAIN.me:443 -> localhost:3333 [in docker 3333:3000]).
• Database (use [x]):
  • PostgreSQL
  • MySQL
  • MSSQL
  • SQLite
• Can you reproduce the bug at https://try.gitea.io:
  • Yes (provide example URL)
  • No
• Log gist:
  UI:

"Not a valid URL"

Console:

2021-08-30 16:29:56 | stdout | �[36m2021/08/30 16:29:56 �[0mCompleted �[34mGET�[0m �[1m/assets/serviceworker.js�[0m �[36m304�[0m �[36mNot Modified�[0m in �[32m202.925µs�[0m
-- | -- | --
2021-08-30 16:29:56 | stdout | �[36m2021/08/30 16:29:56 �[0mStarted �[34mGET�[0m �[1m/assets/serviceworker.js�[0m for �[1m172.17.0.1:54130�[0m
2021-08-30 16:29:55 | stdout | �[36m2021/08/30 16:29:55 �[0mStarted �[34mGET�[0m �[1m/user/events�[0m for �[1m172.17.0.1:54126�[0m
2021-08-30 16:29:54 | stdout | �[36m2021/08/30 16:29:54 �[0mCompleted �[32mPOST�[0m �[1m/repo/migrate�[0m �[32m200�[0m �[32mOK�[0m in �[45m20.016269031s�[0m
2021-08-30 16:29:34 | stdout | �[36m2021/08/30 16:29:34 �[0mStarted �[32mPOST�[0m �[1m/repo/migrate�[0m for �[1m172.17.0.1:54096�[0m
2021-08-30 16:29:34 | stdout | �[36m2021/08/30 16:29:34 �[0mCompleted �[34mGET�[0m �[1m/user/events�[0m �[32m200�[0m �[32mOK�[0m in �[45m2m13.360425822s�[0m
2021-08-30 16:27:21 | stdout | �[36m2021/08/30 16:27:21 �[0mCompleted �[34mGET�[0m �[1m/assets/serviceworker.js�[0m �[36m304�[0m �[36mNot Modified�[0m in �[32m233.821µs�[0m
2021-08-30 16:27:21 | stdout | �[36m2021/08/30 16:27:21 �[0mStarted �[34mGET�[0m �[1m/assets/serviceworker.js�[0m for �[1m172.17.0.1:53970�[0m
2021-08-30 16:27:21 | stdout | �[36m2021/08/30 16:27:21 �[0mStarted �[34mGET�[0m �[1m/user/events�[0m for �[1m172.17.0.1:53966�[0m
2021-08-30 16:27:20 | stdout | �[36m2021/08/30 16:27:20 �[0mCompleted �[34mGET�[0m �[1m/assets/serviceworker.js�[0m �[36m304�[0m �[36mNot Modified�[0m in �[32m198.91µs�[0m
2021-08-30 16:27:20 | stdout | �[36m2021/08/30 16:27:20 �[0mStarted �[34mGET�[0m �[1m/assets/serviceworker.js�[0m for �[1m172.17.0.1:53962�[0m
2021-08-30 16:27:20 | stdout | �[36m2021/08/30 16:27:20 �[0mCompleted �[34mGET�[0m �[1m/repo/migrate?service_type=2&org=&mirror=�[0m �[32m200�[0m �[32mOK�[0m in �[1m10.078064ms�[0m
2021-08-30 16:27:20 | stdout | �[36m2021/08/30 16:27:20 �[0mStarted �[34mGET�[0m �[1m/repo/migrate?service_type=2&org=&mirror=�[0m for �[1m172.17.0.1:53958�[0m
2021-08-30 16:27:20 | stdout | �[36m2021/08/30 16:27:20 �[0mCompleted �[34mGET�[0m �[1m/user/events�[0m �[32m200�[0m �[32mOK�[0m in �[33m853.686733ms�[0m
2021-08-30 16:27:19 | stdout | �[36m2021/08/30 16:27:19 �[0mStarted �[34mGET�[0m �[1m/user/events�[0m for �[1m172.17.0.1:53954�[0m
2021-08-30 16:27:17 | stdout | �[36m2021/08/30 16:27:17 �[0mCompleted �[34mGET�[0m �[1m/repo/migrate�[0m �[32m200�[0m �[32mOK�[0m in �[1m16.007772ms�[0m
2021-08-30 16:27:17 | stdout | �[36m2021/08/30 16:27:17 �[0mStarted �[34mGET�[0m �[1m/repo/migrate�[0m for �[1m172.17.0.1:53942�[0m

Logfile:

.../web/repo/migrate.go:138:handleMigrateRemoteAddrError() [E] Error whilst updating url: migration/cloning from 'github.com' is not allowed: unknown hostname

Description

I don't know if this is the right place for this, but I have searched almost all Issues/Forum posts/Discord messages from the last two years and still don't know an answer.

My Gitea instance is working perfectly fine, I can connect to it from the outside and from inside my network. However, Gitea seems to not be able to "talk" to the outside world or at least the DNS is not resolving.
Whenever I try to migrate or mirror from any outside repo (Public or not; Github/Gitlab/other Gitea; Selfhosted or official) I get the "not a valid URL" error.

Similar to Issue #15570 , When I try to connect or even ping any domain name from inside the gitea docker container, I get this:

bash-5.1# curl -vv https://github.com                                                                                         
* Could not resolve host: github.com                                                                                          
* Closing connection 0                                                                                                        
curl: (6) Could not resolve host: github.com    
                                                                              
bash-5.1# nslookup -debug github.com                                                                                          
;; connection timed out; no servers could be reached                                                                          
                                                                                                                              
bash-5.1# ping github.com                                                                                                     
ping: bad address 'github.com'

If it helps this is the resolv.conf:

bash-5.1# cat /etc/resolv.conf                                                                                                
nameserver      9.9.9.9                                                                                                       
domain  fritz.box

Is this some sort of problem with the Device firewall? If so which port do I additionally need to open? Or is this a problem with a DNS server? Honestly, I have no clue anymore, any feedback is appreciated.

...

[lunny]

see https://docs.gitea.io/en-us/config-cheat-sheet/#migrations-migrations

[KN4CK3R]

If you can't access the url from the device Gitea can't access it too. So yeah, could be a firewall issue. I have a Synology NAS too and can use curl with Github without problems.

[c-4-m]

see https://docs.gitea.io/en-us/config-cheat-sheet/#migrations-migrations

I don't really see what configuration I could change to improve my situation, but I tried the "allow local networks" set to 'true' and now I get a different Error message in the log file:

modules/task/task.go:54:handle() [E] Run task failed: Get "https://api.github.com/repos/c-4-m/pubrepo": dial tcp: lookup api.github.com on 9.9.9.9:53: read udp 172.17.0.7:57213->9.9.9.9:53: i/o timeout

Though I don't know what I can make of that.

[c-4-m]

If you can't access the url from the device Gitea can't access it too. So yeah, could be a firewall issue. I have a Synology NAS too and can use curl with Github without problems.

The device (in my case the NAS) itself can access the repo fine (e.g. I can use the download station to download the code from the repo as .zip file -> the device has access to the internet and the DNS works aswell.
So there seems to be a problem with docker I guess?

[c-4-m]

Turns out, this was not a problem with gitea.
I will close this issue, but for future reference:

If you have issues with containers not being able to access the internet, try this:
The solution was to add a firewall rule specifically for my bridge network. It had a subnet IP of 172.17.0.0/16.
I had to explicitly add a rules to allow them through my firewall. The firewall settings in DSM work just fine for this, no need to mess around with ip tables.

I added a rule that allowed all ports with a source IP of 172.17.0.0 and 255.255.0.0 for the subnet which is the same as /16.

Thanks.