fix: add route for host-local IP (14.215.128.96) in agent container

14.215.128.96 is bound to a host NIC (enp5s0) and unreachable from Docker bridge via default NAT. Add NET_ADMIN + ip route via gateway. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-26 18:05:30 -08:00 · 2026-02-26 18:05:30 -08:00 · ae7d9251ec
parent 0dea3f82bc
commit ae7d9251ec
2 changed files with 9 additions and 0 deletions
--- a/deploy/docker/docker-compose.yml
+++ b/deploy/docker/docker-compose.yml
@ -116,6 +116,8 @@ services:
        SERVICE_PORT: 3002
    container_name: it0-agent-service
    restart: unless-stopped
+    cap_add:
+      - NET_ADMIN
    ports:
      - "13002:3002"
    volumes:
--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -6,5 +6,12 @@ if [ -f /tmp/host-ssh-key ]; then
  chown appuser:appuser /home/appuser/.ssh/id_ed25519
 fi

+# Route host-local IPs through Docker gateway (for IPs bound to host NICs)
+# 14.215.128.96 is on the host's enp5s0 NIC, unreachable via default Docker NAT
+GATEWAY=$(ip route | awk '/default/ {print $3}')
+if [ -n "$GATEWAY" ]; then
+  ip route add 14.215.128.96/32 via "$GATEWAY" 2>/dev/null || true
+fi
+
 # Drop privileges and start the service
 exec su-exec appuser node dist/services/${SERVICE_NAME}/src/main