[GH-ISSUE #1225] host.docker.internal not working with nginx (while curl does)

kerem commented

2026-02-26 06:35:22 +03:00

Owner

Originally created by @Galileon-venta on GitHub (Jul 8, 2021).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1225

Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
- Yes
Are you sure you're not using someone else's docker image?
- Yes
Have you searched for similar issues (both open and closed)?
- Yes

Describe the bug
I've created a container with the standard setup including 1 tweak:
I've added

extra_hosts:
  - "host.docker.internal:host:gateway"

I can curl the gitlab from inside my container without any problem but access via domain from outside leads to 502 Bad Gateway error.

Nginx Proxy Manager Version
2.9.4

Expected behavior
I can reverse proxy to a gitlab instance running on the docker host on non standard port

Operating System
debian vm on proxmox with Intel x86 Architecture

Originally created by @Galileon-venta on GitHub (Jul 8, 2021). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1225 - Have you pulled and found the error with `jc21/nginx-proxy-manager:latest` docker image? - Yes - Are you sure you're not using someone else's docker image? - Yes - Have you searched for similar issues (both open and closed)? - Yes **Describe the bug** I've created a container with the standard setup including 1 tweak: I've added ``` extra_hosts: - "host.docker.internal:host:gateway" ``` I can curl the gitlab from inside my container without any problem but access via domain from outside leads to 502 Bad Gateway error. **Nginx Proxy Manager Version** 2.9.4 **Expected behavior** I can reverse proxy to a gitlab instance running on the docker host on non standard port **Operating System** debian vm on proxmox with Intel x86 Architecture

kerem added the

bug

label

2026-02-26 06:35:22 +03:00

kerem commented

2026-02-26 06:35:22 +03:00

Author

Owner

@ij5 commented on GitHub (Jan 18, 2022):

Any update?

@ij5 commented on GitHub (Jan 18, 2022): Any update?

kerem commented

2026-02-26 06:35:22 +03:00

Author

Owner

@devadattas commented on GitHub (Mar 21, 2022):

Any update on this?

@devadattas commented on GitHub (Mar 21, 2022): Any update on this?

kerem commented

2026-02-26 06:35:22 +03:00

Author

Owner

@phocks commented on GitHub (Oct 23, 2022):

Looks like NGINX doesn't check /ect/hosts when resolving. Workaround seems to be to point to 172.17.0.1 for now instead.

@phocks commented on GitHub (Oct 23, 2022): Looks like NGINX doesn't check `/ect/hosts` when resolving. Workaround seems to be to point to `172.17.0.1` for now instead.

kerem commented

2026-02-26 06:35:22 +03:00

Author

Owner

@eddyJK commented on GitHub (May 9, 2023):

In this case this could be a spelling mistakes:

host:gateway
should be
host-gateway

@eddyJK commented on GitHub (May 9, 2023): In this case this could be a spelling mistakes: `host:gateway` should be `host-gateway`

kerem commented

2026-02-26 06:35:22 +03:00

Author

Owner

@fritzmg commented on GitHub (Jul 12, 2023):

A possible fix was suggested here: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/259#issuecomment-1125197753

@fritzmg commented on GitHub (Jul 12, 2023): A possible fix was suggested here: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/259#issuecomment-1125197753

kerem commented

2026-02-26 06:35:22 +03:00

Author

Owner

@AnastasiyaSoyka commented on GitHub (Jul 17, 2023):

I worked around this issue by using docker.io/qoomon/docker-host:3.1.2 to forward all of the ports from the relevant containers to the host.

@AnastasiyaSoyka commented on GitHub (Jul 17, 2023): I worked around this issue by using `docker.io/qoomon/docker-host:3.1.2` to forward all of the ports from the relevant containers to the host.

kerem commented

2026-02-26 06:35:22 +03:00

Author

Owner

@Nitrousoxide commented on GitHub (Sep 25, 2023):

I am also having an issue with this. I can successfully curl a home assistant container on the host.docker.internal localhost domain when I exec into the NPM container but I get a "host could not be found" error when trying to use the reverse proxy.

2023/09/25 00:30:04 [error] 301#301: *3025 host.docker.internal could not be resolved (3: Host not found), client: (redacted ip of requester), server: (redacted hostname), request: "GET / HTTP/2.0", host: "(redacted hostname)"

Switching it back to a direct ip route via the LAN has it working fine though.

@Nitrousoxide commented on GitHub (Sep 25, 2023): I am also having an issue with this. I can successfully curl a home assistant container on the host.docker.internal localhost domain when I exec into the NPM container but I get a "host could not be found" error when trying to use the reverse proxy. `2023/09/25 00:30:04 [error] 301#301: *3025 host.docker.internal could not be resolved (3: Host not found), client: (redacted ip of requester), server: (redacted hostname), request: "GET / HTTP/2.0", host: "(redacted hostname)"` Switching it back to a direct ip route via the LAN has it working fine though.

kerem commented

2026-02-26 06:35:22 +03:00

Author

Owner

@rothn commented on GitHub (Oct 24, 2023):

I'm having this issue too. Surprised this hasn't been fixed by now!

@rothn commented on GitHub (Oct 24, 2023): I'm having this issue too. Surprised this hasn't been fixed by now!

kerem commented

2026-02-26 06:35:22 +03:00

Author

Owner

@slayernominee commented on GitHub (Dec 24, 2023):

same issue here

@slayernominee commented on GitHub (Dec 24, 2023): same issue here

kerem commented

2026-02-26 06:35:23 +03:00

Author

Owner

@MobCode100 commented on GitHub (Feb 28, 2024):

The issue is with Docker's default DNS 127.0.0.11 because it does not include extra_hosts and --add-host entries which are stored to /etc/hosts file. When resolver is set, nginx will not read /etc/hosts. 2 workarounds are:

Change host.docker.internal to 172.17.0.1 which it's not sure whether Docker will always use the same IP.
Install dnsmasq and run dnsmasq inside the container. Set nginx resolver to 127.0.0.1.

@MobCode100 commented on GitHub (Feb 28, 2024): The issue is with Docker's default DNS 127.0.0.11 because it does not include extra_hosts and --add-host entries which are stored to /etc/hosts file. When resolver is set, nginx will not read /etc/hosts. 2 workarounds are: 1. Change host.docker.internal to 172.17.0.1 which it's not sure whether Docker will always use the same IP. 2. Install dnsmasq and run dnsmasq inside the container. Set nginx resolver to 127.0.0.1.

kerem commented

2026-02-26 06:35:23 +03:00

Author

Owner

@brinza888 commented on GitHub (Jun 22, 2024):

Same issue. Curl is fine, but when I add proxy host to host.docker.internal the "bad gateway" error appears

@brinza888 commented on GitHub (Jun 22, 2024): Same issue. Curl is fine, but when I add proxy host to ```host.docker.internal``` the "bad gateway" error appears

kerem commented

2026-02-26 06:35:23 +03:00

Author

Owner

@5andr0 commented on GitHub (Jul 10, 2024):

I highly discourage using 172.17.0.1. This is not always the default gateway!
But you can force docker to use a fixed gateway for the host like this:

Docker Compose

networks:
  default:
    ipam:
      driver: default
      config:
        - subnet: 172.28.0.0/16
          ip_range: 172.28.5.0/24
          gateway: 172.28.5.254

Create the network externally and link your container to it

docker network create \
  --driver=bridge \
  --subnet=172.28.0.0/16 \
  --ip-range=172.28.5.0/24 \
  --gateway=172.28.5.254 \
  host-gateway

Other workarounds would be to create a container that is merged with the npm network via network_mode: "service:npm"
and inside that container run dnsmasq or systemd-resolved which both include /etc/hosts and then set the resolver to 127.0.0.1 / 127.0.0.53 in the nginx config.

Another option is to add a socat container, which internally forwards a port to your host or use a dummy container with a script to get the gateway ip from host.docker.internal and forward all traffic via iptables.
https://github.com/qoomon/docker-host This project uses the iptables approach.

I also vote that dnsmasq or systemd-resolved gets integrated in the npm container with the resolver set in the config!

@5andr0 commented on GitHub (Jul 10, 2024): I highly discourage using 172.17.0.1. This is not always the default gateway! But you can force docker to use a fixed gateway for the host like this: **Docker Compose** ``` networks: default: ipam: driver: default config: - subnet: 172.28.0.0/16 ip_range: 172.28.5.0/24 gateway: 172.28.5.254 ``` **Create the network externally and link your container to it** ``` docker network create \ --driver=bridge \ --subnet=172.28.0.0/16 \ --ip-range=172.28.5.0/24 \ --gateway=172.28.5.254 \ host-gateway ``` Other workarounds would be to create a container that is merged with the npm network via `network_mode: "service:npm"` and inside that container run **dnsmasq** or **systemd-resolved** which both include _/etc/hosts_ and then set the resolver to 127.0.0.1 / 127.0.0.53 in the nginx config. Another option is to add a socat container, which internally forwards a port to your host or use a dummy container with a script to get the gateway ip from host.docker.internal and forward all traffic via iptables. https://github.com/qoomon/docker-host This project uses the iptables approach. I also vote that dnsmasq or systemd-resolved gets integrated in the npm container with the resolver set in the config!

kerem commented

2026-02-26 06:35:23 +03:00

Author

Owner

@github-actions[bot] commented on GitHub (Feb 9, 2025):

Issue is now considered stale. If you want to keep it open, please comment 👍

@github-actions[bot] commented on GitHub (Feb 9, 2025): Issue is now considered stale. If you want to keep it open, please comment :+1:

kerem commented

2026-02-26 06:35:23 +03:00

Author

Owner

@kmarius commented on GitHub (Feb 9, 2025):

I'm still looking for a solution to this issue. I run homeassistant in host network mode in docker, NPM in a docker network with some other containers. I've never been able to proxy the homeassistant web interface via NPM.

@kmarius commented on GitHub (Feb 9, 2025): I'm still looking for a solution to this issue. I run homeassistant in host network mode in docker, NPM in a docker network with some other containers. I've never been able to proxy the homeassistant web interface via NPM.

kerem commented

2026-02-26 06:35:23 +03:00

Author

Owner

@vmatt commented on GitHub (Feb 27, 2025):

I have the same issue. The funny thing is that it works on macos, but if i run the same container on almalinux, it doesn't work!

@vmatt commented on GitHub (Feb 27, 2025): I have the same issue. The funny thing is that it works on macos, but if i run the same container on almalinux, it doesn't work!

kerem commented

2026-02-26 06:35:23 +03:00

Author

Owner

@auxym commented on GitHub (Mar 12, 2025):

Also interested in this, to proxy services running in other containers on the same host in TrueNAS. Currently it works if I set all my proxy destinations to the host's externally accessible IP address (192.168.0.x), but if I change that address, it can get annoying to update each destination individually.

@auxym commented on GitHub (Mar 12, 2025): Also interested in this, to proxy services running in other containers on the same host in TrueNAS. Currently it works if I set all my proxy destinations to the host's externally accessible IP address (192.168.0.x), but if I change that address, it can get annoying to update each destination individually.

kerem commented

2026-02-26 06:35:23 +03:00

Author

Owner

@filisko commented on GitHub (Mar 20, 2025):

this seems lie a joke to me.. so long to fix this

@filisko commented on GitHub (Mar 20, 2025): this seems lie a joke to me.. so long to fix this

kerem commented

2026-02-26 06:35:23 +03:00

Author

Owner

@Eskimo-Sitcom commented on GitHub (Jul 6, 2025):

I'm still looking for a solution to this issue. I run homeassistant in host network mode in docker, NPM in a docker network with some other containers. I've never been able to proxy the homeassistant web interface via NPM.

Aside from the know issue with nginx resolving host.docker.local in /etc/hosts, I was able to proxy to homeassistant via the host machine IP and/or docker container gateway IP without installing dnsmaq inside NPM container .

On a standard docker install, a network bridge is setup and the IP range is usually 172.17.0.0/16 and the gateway 172.17.0.1

docker network inspect bridge

Enter the gateway IP in NPM proxy host. It should be fine even if your NPM container is on a different subnet like 172.21.0.0/16 since the host routing table would route appropriately to 172.17.0.1.

Following this https://www.home-assistant.io/integrations/http#reverse-proxies

My addition to homeassistant configuration.yaml

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.16.0.0/12

I used 172.16.0.0/12 to cover the private ranges that docker might assign my NPM container.

@Eskimo-Sitcom commented on GitHub (Jul 6, 2025): > I'm still looking for a solution to this issue. I run homeassistant in host network mode in docker, NPM in a docker network with some other containers. I've never been able to proxy the homeassistant web interface via NPM. Aside from the know issue with nginx resolving `host.docker.local` in `/etc/hosts`, I was able to proxy to homeassistant via the host machine IP and/or docker container gateway IP without installing dnsmaq inside NPM container . On a standard docker install, a network bridge is setup and the IP range is usually `172.17.0.0/16` and the gateway `172.17.0.1` ```shell docker network inspect bridge ``` Enter the gateway IP in NPM proxy host. It should be fine even if your NPM container is on a different subnet like `172.21.0.0/16` since the host routing table would route appropriately to `172.17.0.1`. <img width="493" height="174" alt="Image" src="https://github.com/user-attachments/assets/264a97a2-84db-4671-b991-be3c06fd7a98" /> Following this https://www.home-assistant.io/integrations/http#reverse-proxies My addition to homeassistant `configuration.yaml` ```yaml http: use_x_forwarded_for: true trusted_proxies: - 172.16.0.0/12 ``` I used `172.16.0.0/12` to cover the private ranges that docker might assign my NPM container.

kerem commented

2026-02-26 06:35:23 +03:00

Author

Owner

@GregYeo commented on GitHub (Nov 21, 2025):

What extra_hosts does?

extra_hosts:
  - "host.docker.internal:host-gateway"

It means you have HOST_IP in /etc/hosts in your container.
This is what docker engine does but it's not DNS service.

you can check via exec 'cat /etc/hosts' it will have like the ip is depends on your docker daemon.

/ # cat /etc/hosts
127.0.0.1       localhost
::1     localhost ip6-localhost ip6-loopback
fe00::  ip6-localnet
ff00::  ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
0.250.250.254   host.docker.internal
...

So you can access to host successfully via curl command.

What nginx does

Nginx doesn't read hosts's /etc/hosts generally. It always see DNS server which OS relies on. So your container may not having meaning to have extra host.

There is some complex problem about it and infra engineer gets same problem everyday.
This is kind of strategy and concept of nginx to resolve DNS problem to ensure the environment setup although it is linux concept to read /etc/hosts as default

I believe this product also has same problem because nginx is base engine.

Why it can be work on your Windows or MAC?
Linux docker and other environment are has different engine actually. Desktop version docker engine intercept DNS query and response properly for easy environment setup. So, it depends on which docker engine you are using and linux docker doesn't offer it.

Solution

As @5andr0 said you'd better to use DNS server for it.

I'm not this product user but you may set somewhere DNS server in nginx.

Since dnsmasq is reading /etc/hosts as default, When dnsmasq is targeted as DNS server and it responses IP of host.docker.internal.
e.g.)

#/etc/nginx.conf

http {
    include       mime.types;
    default_type  application/octet-stream;

    sendfile        on;
    keepalive_timeout  65;

    resolver dnsmasq valid=1s;  #dnsmasq is DNS server hostname
}

services:
  dnsmasq:
    image: dockurr/dnsmasq
    expose:
      - 53
    extra_hosts:
      - "host.docker.internal:host-gateway"
  proxy:
    image: nginx:alpine

I generally recommend side car container instead of installing two process in same container because it needs additional image building and application container is generally for single process as concept.

It is really depends on load balancer's implementation i believe the maintainer of this product doesn't have much power to do it. Because it might be way out of concept of this product but nginx itself.

Since we are using container, it comes with additional issues. So other cloud native solutions like traefik are used.

@GregYeo commented on GitHub (Nov 21, 2025): ### What extra_hosts does? ``` extra_hosts: - "host.docker.internal:host-gateway" ``` It means you have HOST_IP in /etc/hosts in your container. This is what docker engine does but it's not DNS service. you can check via exec 'cat /etc/hosts' it will have like the ip is depends on your docker daemon. ```sh / # cat /etc/hosts 127.0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback fe00:: ip6-localnet ff00:: ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters 0.250.250.254 host.docker.internal ... ``` So you can access to host successfully via curl command. ### What nginx does Nginx doesn't read hosts's /etc/hosts generally. It always see DNS server which OS relies on. So your container may not having meaning to have extra host. There is some complex problem about it and infra engineer gets same problem everyday. This is kind of strategy and concept of nginx to resolve DNS problem to ensure the environment setup although it is linux concept to read /etc/hosts as default I believe this product also has same problem because nginx is base engine. Why it can be work on your Windows or MAC? Linux docker and other environment are has different engine actually. Desktop version docker engine intercept DNS query and response properly for easy environment setup. So, it depends on which docker engine you are using and linux docker doesn't offer it. ### Solution As @5andr0 said you'd better to use DNS server for it. I'm not this product user but you may set somewhere DNS server in nginx. Since dnsmasq is reading /etc/hosts as default, When dnsmasq is targeted as DNS server and it responses IP of host.docker.internal. e.g.) ``` #/etc/nginx.conf http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; resolver dnsmasq valid=1s; #dnsmasq is DNS server hostname } ``` ```yaml services: dnsmasq: image: dockurr/dnsmasq expose: - 53 extra_hosts: - "host.docker.internal:host-gateway" proxy: image: nginx:alpine ``` I generally recommend side car container instead of installing two process in same container because it needs additional image building and application container is generally for single process as concept. It is really depends on load balancer's implementation i believe the maintainer of this product doesn't have much power to do it. Because it might be way out of concept of this product but nginx itself. Since we are using container, it comes with additional issues. So other cloud native solutions like traefik are used.

Rows
Columns

[GH-ISSUE #1225] host.docker.internal not working with nginx (while curl does) #998

What extra_hosts does?

What nginx does

Solution