Problem: git clone issue on docker-compose setup

[raghu-manne]

Issue

I have installed semaphore using docker-compose using below docker-compose.yaml file

services:
    semaphore_db:
        restart: unless-stopped
        image: mysql:8.0
        environment:
            MYSQL_USER: semaphore
            MYSQL_PASSWORD: XXXXXXXX
            MYSQL_DATABASE: semaphore
            MYSQL_RANDOM_ROOT_PASSWORD: yes
        volumes:
            - semaphore_mysql:/var/lib/mysql
        networks:
            - semaphore_network
    semaphore:
        restart: unless-stopped
        ports:
            - 8080:3000
        depends_on:
            - semaphore_db
        image: semaphoreui/semaphore:latest
        environment:
            SEMAPHORE_DB_DIALECT: mysql
            SEMAPHORE_DB_HOST: semaphore_db
            SEMAPHORE_DB_NAME: semaphore
            SEMAPHORE_DB_USER: semaphore
            SEMAPHORE_DB_PASS: XXXXXXX
            SEMAPHORE_ADMIN: admin
            SEMAPHORE_ADMIN_PASSWORD: XXXXX
            SEMAPHORE_ADMIN_NAME: Admin
            SEMAPHORE_ADMIN_EMAIL: admin@localhost
            SEMAPHORE_WEB_ROOT: https://ansible.example.com
        volumes:
            - semaphore_data:/var/lib/semaphore
            - semaphore_config:/etc/semaphore
            - semaphore_tmp:/tmp/semaphore
            - /usr/users/muleaws/ansible/ansible-configs/semaphore/id_rsa:/home/semaphore/.ssh/id_rsa:ro
        networks:
            - semaphore_network
volumes:
    semaphore_data:
    semaphore_config:
    semaphore_tmp:
    semaphore_mysql:
networks:
    semaphore_network: {driver: "bridge"}

I have configured GitHub Repo, using PAT. There is some issue with cloning the repo; it works on the ansible host but not inside the container.

1:57:45 PM Task 15 added to queue
1:57:45 PM Started: 15
1:57:45 PM Run TaskRunner with template: test-template
1:57:45 PM Preparing: 15
1:59:55 PM fatal: unable to access 'https://github.com/org/ansible-configs/': Failed to connect to github.com port 443 after 130064 ms: Could not connect to server
1:59:55 PM Cloning Repository https://github.com/org/ansible-configs
1:59:55 PM Cloning into 'repository_1_template_1'...
2:02:06 PM Failed updating repository: exit status 128
2:02:06 PM Failed to run task: exit status 128

anisble-host$ git clone https://oauth2:PAT@github.com/org/ansible-configs.git
Cloning into 'ansible-configs'...
remote: Enumerating objects: 192, done.
remote: Counting objects: 100% (192/192), done.
remote: Compressing objects: 100% (128/128), done.
remote: Total 192 (delta 72), reused 157 (delta 37), pack-reused 0 (from 0)
Receiving objects: 100% (192/192), 21.91 KiB | 2.43 MiB/s, done.
Resolving deltas: 100% (72/72), done.

I also have a nginx reverse proxy configures infront of Semaphore, below is the nginx configuration.

events {
    worker_connections 1024;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;

    server {
        listen 80;
        server_name example.com
        return 301 https://$host$request_uri;
    }

    server {
        listen 443 ssl;
        server_name example.com;

        ssl_certificate  /path/to/crt;
        ssl_certificate_key  /path/to/key;

        location / {
            proxy_pass http://127.0.0.1:8080;
            proxy_http_version 1.1;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
        location /api/ws {
            proxy_pass http://127.0.0.1:8080/api/ws;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header Origin "";
        }


    }
}

I did some troubleshooting with Docker. This works for the time being, but it gets overwritten again.

# Enable IP forwarding
sysctl -w net.ipv4.ip_forward=1
# Apply NAT rule for Docker custom network
nft flush ruleset
nft add table ip nat
nft add chain ip nat POSTROUTING { type nat hook postrouting priority srcnat \; }
nft add rule ip nat POSTROUTING ip saddr 172.18.0.0/16 oifname != "docker0" masquerade

Impact

Docker

Installation method

Docker

Database

MySQL

Browser

Chrome

Semaphore Version

v2.15.0-1e13324-1749881668

Ansible Version

Logs & errors

time="2025-07-14T08:27:44Z" level=info msg="Task 15 added to queue"
time="2025-07-14T08:27:44Z" level=info msg="Set resource locker with TaskRunner 15"
time="2025-07-14T08:27:44Z" level=info msg="Task 15 started"
time="2025-07-14T08:27:48Z" level=error msg="Failed to upgrade connection to websocket" context=websocket error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header" user_id=1
2025/07/14 08:27:48 http: superfluous response.WriteHeader call from github.com/semaphoreui/semaphore/api/sockets.Handler (handler.go:165)
time="2025-07-14T08:27:56Z" level=error msg="Failed to upgrade connection to websocket" context=websocket error="websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header" user_id=1
2025/07/14 08:27:56 http: superfluous response.WriteHeader call from github.com/semaphoreui/semaphore/api/sockets.Handler (handler.go:165)```

[fiftin]

It looks like configuration issue.

[raghu-manne]

@fiftin Which configuration you mean?

[raghu-manne]

Hi @fiftin, could you please specify which configuration?