Outgoing HTTP requests time out when running ASP.NET in Docker Desktop using Windows Container
I am running an ASP.NET web application in Docker Desktop for the first time. I have created an ASP.NET application (targeting .NET Framework) using the standard template in Visual Studio 2019 with Docker Support.
Dockerfile:
FROM mcr.microsoft.com/dotnet/framework/aspnet:4.7.2-windowsservercore-1803
ARG source
WORKDIR /inetpub/wwwroot
COPY ${source:-obj/Docker/publish} .
Docker-compose.yml:
version: '3.4'
services:
mydockerizedwebapp:
image: ${DOCKER_REGISTRY-}mydockerizedwebapp
container_name: mydockerizedwebapp
build:
context: .\MyDockerizedWebApp
dockerfile: Dockerfile
Docker-compose.override.yml:
version: '3.4'
services:
mydockerizedwebapp:
ports:
- "80"
networks:
default:
external:
name: nat
I have installed Docker Desktop on my Win 10 computer (running Windows Containers).
The problem is that I am not able to make outgoing http requests from the web server inside Docker.
I get the following error message:
'A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond'
Running the webserver in IIS Express works fine.
I have used Powershell to connect to the container hosting the image. Running "Test-NetConnection" returns the following output:
PS C:\inetpub\wwwroot> Test-NetConnection
ComputerName : internetbeacon.msedge.net
RemoteAddress : 13.107.4.52
InterfaceAlias : Ethernet
SourceAddress : 172.24.21.136
PingSucceeded : True
PingReplyDetails (RTT) : 14 ms
Test-NetConnection -port 80 fails after some time with this output:
PS C:\inetpub\wwwroot> Test-NetConnection -port 80
WARNING: TCP connect to (13.107.4.52 : 80) failed
ComputerName : internetbeacon.msedge.net
RemoteAddress : 13.107.4.52
RemotePort : 80
InterfaceAlias : Ethernet
SourceAddress : 172.24.21.136
PingSucceeded : True
PingReplyDetails (RTT) : 15 ms
TcpTestSucceeded : False
If I open a different powershell window into the same container and run "netstat -an" to see active connections, the TCP request is visible:
Active Connections
Proto Local Address Foreign Address State
[...]
TCP 172.24.21.136:49169 13.107.4.52:80 SYN_SENT
The State is "SYN_SENT" for the entire duration of the connection test.
I have tried setting the MTU as suggested in Docker - Outgoing HTTPS requests timing out but it did not work for me.
It is worth mentioning that I am working remotely, so I have an VPN connection (software), but it does not work even if I disconnect the VPN.
Am I missing something? I have tried creating an ASP.NET Core web app using the nanoserver image, but I the problem still exists. So I think the problem must be in my Docker/network configuration?
Update:
I tested running the same image on another computer which has neither VPN connection nor the same AV installed. "Test-NetConnection -port 80" worked instantly.
Here is Wireshark capture of successful test on different computer:
Here is Wireshark capture of failing test on my computer:
I see that the failing computer is using the same DNS server to find the ip for "internetbeacon.msedge.net" but after the response with IP 13.107.4.52, no TCP request is recorded from the container. On the working machine, this request is captured immediately after the DNS response.
Check host firewall/AV as it's most likely the curlpit here