• The APS Catalog has been deprecated and removed from all Plesk Obsidian versions.
    Applications already installed from the APS Catalog will continue working. However, Plesk will no longer provide support for APS applications.
  • Please be aware: with the Plesk Obsidian 18.0.78 release, the support for the ngx_pagespeed.so module will be deprecated and removed from the sw-nginx package.

Issue Docker containers unable to resolve DNS or access external network on Plesk Obsidian 18.0.76 Update #4 (Collabora / Nextcloud issue)

first4it

first4it

New Pleskian
Server operating system version
AlmaLinux 9.7 (Moss Jungle Cat)
Plesk version and microupdate number
18.0.76 Update #4
I am raising this as a potential infrastructure-level issue affecting Docker networking on Plesk, rather than an application-specific problem.

Environment:
  • Plesk Obsidian 18.0.76 Update #4
  • Docker Engine 29.3.1
  • AlmaLinux (Plesk managed server)
  • Dedicated server (not shared hosting)
  • Nextcloud installed via Plesk
  • Collabora Online (collabora/code) deployed via Docker
  • Separate subdomains:
    • Nextcloud: files.example.com
    • Collabora: collabora.example.com
Issue:

Nextcloud Office integration fails when opening .doc / .docx files.

The error shown in Nextcloud:

“Failed to establish socket connection or socket connection closed unexpectedly”

Collabora logs show:
  • Failed to lookup host
  • Temporary failure in name resolution
  • Failed to connect to Nextcloud host on port 443
Observed behaviour:
  • Collabora /hosting/discovery endpoint works correctly
  • WebSocket connection (/cool/.../ws) upgrades successfully (101)
  • Reverse proxy configuration is correct
  • SSL termination via Plesk works correctly
However:
  • DNS resolution inside Docker containers fails
  • External HTTP requests from containers fail
  • Containers cannot reach public internet resources
Diagnostics performed:

From inside the Collabora container:
  • getent hosts <nextcloud-domain> hangs
  • DNS resolution fails
  • WOPI calls fail due to hostname lookup
From test containers:
  • docker run alpine ping 8.8.8.8 → fails
  • docker run alpine wget Example Domain → hangs
  • Alpine package install fails due to unreachable repositories
From host:
  • DNS resolution works correctly
  • HTTPS access to Nextcloud works
  • Docker NAT and forwarding appear correctly configured
  • ip_forward = 1
  • MASQUERADE rule present for 172.17.0.0/16
Firewall checks:
  • Plesk Firewall forwarding policy tested (Allow) → no change
  • DOCKER-USER ACCEPT rule tested → no change

Conclusion from testing:

Docker bridge networking on this host cannot reliably:
  • resolve DNS
  • reach external HTTP services
This causes Collabora to fail WOPI communication with Nextcloud.

This is not a misconfiguration of:
  • Nextcloud
  • Collabora
  • Reverse proxy
  • SSL
Workaround:

Running Collabora in host network mode resolves the issue completely:

docker run --network host ...

Result:
  • DNS works
  • WOPI works
  • Documents open correctly
Concern:

This should not be required.

Docker containers should be able to:
  • resolve external DNS
  • access outbound HTTP/HTTPS
without requiring host networking.

Using host mode:
  • bypasses Docker networking entirely
  • is not ideal for isolation or portability
  • is not manageable via the Plesk Docker UI
Questions:
  1. Is this a known issue with Docker networking on recent Plesk versions?
  2. Is there a known interaction between Plesk firewall / nftables / Docker bridge networking that could cause this?
  3. Are additional routing or firewall adjustments required on Plesk-managed servers for Docker containers to access external DNS?
  4. Is this related to provider network topology (e.g. routed gateways like 10.x.x.x) and how Docker NAT behaves in that scenario?
Expectation:

A standard Plesk + Docker setup should allow containers to:
  • resolve DNS
  • access external services
without requiring host network mode.

Summary:
  • Issue affects Docker networking layer
  • Breaks Collabora / Nextcloud Office
  • Reproducible with simple test containers
  • Workaround exists but is not ideal
If anyone has experienced similar behaviour or has a recommended fix that restores normal Docker bridge networking, I would appreciate their input.
 
So what you didn't provide is how you have the containers set up. Are you deploying them through a stack or each container set up on their own? You using the NextCloud AIO? If each container was set up separately, are they all part of the default docker network or did you made a dedicated docker network for those 2 containers?

Technically speaking the Plesk Firewall should respect entries entered in by Docker but it can still be iffy, especially if you there's another firewall that's changing the IPTables.

With that said, if you are using the default docker network, make a dedicated docker network and put the 2 containers on that network, that should help a bit. Disable the firewall and test as well as a way to do another test.

Also, if you have any external networks using the same subnet that is being used by the docker network (through NAT) then you'll have issues.

Also, I randomly decided to throw your whole message into grok and it has some suggestions for you as well: Plesk Firewall Breaks Docker Outbound Connectivity | Shared Grok Conversation
 
You must log in or register to reply here.

Similar threads

B
Resolved Nextcloud extension on Plesk Obsidian working fine, But I cannot figure out how to configure the proxy
Replies
5
Views
3K
bosse1
B
M
Resolved How to configure Plesk databases to allow access from Plesk docker container
Replies
6
Views
4K
milanbx
M
Phantasia
Issue Persistent iptables DROP Rule for Docker Container IP 172.17.0.2
Replies
7
Views
4K
Phantasia
Phantasia
C
Question Pesk Docker running collabora online for nextcloud
Replies
1
Views
3K
UnixDrive
U
TheColin21
Resolved Docker outbound traffic gets blocked after 18.0.67 Update #3
2
Replies
28
Views
22K
Sebahat.hadzhi
Sebahat.hadzhi
Back
Top