Tunneling and ENOTFOUND host.docker.internal

I am trying to tunnel my forge app to local development server running on http://localhost:8080 but I have encountered problems (probably) with Docker network: after reaching the specified page (through xxxxxx.atlassian.net/jira page) I can see two messages in the forge tunnel output:

Received proxy request. Serving file index.html for resource myresource from specified address http://localhost:8080

Error: getaddrinfo ENOTFOUND host.docker.internal

Manifest file:

  - key: myresource
    path: static/myresource/dist
      port: 8080

I guess that application running in Docker container is not able to connect to the ‘localhost’.

Development server is running correctly (if visited directly through http://localhost:8080). If I remove tunnel: port: 8080 from manifest file, tunnel works correctly with message

Serving file index.html for resource myresource

My OS:
➜ ~ uname -a
Linux karol 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

My Docker:

➜  ~ docker version 
Client: Docker Engine - Community
 Version:           20.10.6
 API version:       1.41
 Go version:        go1.13.15
 Git commit:        370c289
 Built:             Fri Apr  9 22:47:17 2021
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true

Server: Docker Engine - Community
  Version:          20.10.6
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.13.15
  Git commit:       8728dd2
  Built:            Fri Apr  9 22:45:28 2021
  OS/Arch:          linux/amd64
  Experimental:     false
  Version:          1.4.4
  GitCommit:        05f951a3781f4f2c1911b05e61c160e9c30eaa8e
  Version:          1.0.0-rc93
  GitCommit:        12644e614e25b05da6fd08a38ffa0cfe1903fdec
  Version:          0.19.0
  GitCommit:        de40ad0

Thanks for the report @kbujacek

It looks like host.docker.internal isn’t supported in Linux, so we’ll have to update the CLI to get http proxying working there.

I’ve created [FRGE-255] Custom UI tunnelling does not work for Linux when using HTTP proxying - Ecosystem Jira for tracking purposes.

1 Like

@forge/cli 1.3.3 (or higher) should work now. Let us know how it goes!

Dear @RyanBraganza,

The original issue with ‘ENOTFOUND host.docker.internal’’ error message is gone and tunneling to the live dev server seems to be working.

However, I am not able to use hot reload feature (probable the most handy feature) – I see an error message in my browser console:

Content Security Policy: The page’s settings blocked the loading of a resource at (“connect-src”).

and a message in forge tunnel command line:

CSP violation detected for 'connect-src' while serving content at http://localhost:8001/
For an app to share data with external resources or use custom CSP, follow the steps in: http://go.atlassian.com/forge-content-security-and-egress-controls

(they seems to be the same, but in different words)

The hot reload is working when I access the development server at port 8080 directly.

I am not able to add my local IP address to the permissions section of the manifest, because it does not match required format (as described at https://developer.atlassian.com/platform/forge/manifest-reference/permissions/#valid-domain-formats). When wildcard '*' is used, then hot reload is working. However, this may lead to false positive situations and I can overlook required/critical configuration of permissions in manifest.

Is there any working best practice for the described use case? Is there anything I can or should configure which makes things working without worries?

1 Like


It looks like your code is trying to hot reload on a fixed IP/port origin ( instead of the tunnelling localhost:8001 URL.

Can you configure your dev server to make requests to /sockjs-node/? That should then be going through the tunnel and not have a CSP error.