mirror of
https://github.com/actions/runner.git
synced 2025-12-10 20:36:49 +00:00
Networking TSG (#1325)
* Update Network Troubleshooting doc * fix list * Update network.md
This commit is contained in:
Thomas Boop
@@ -2,17 +2,19 @@
|
|||||||
|
|
||||||
### Common things that can cause the runner to not working properly
|
### Common things that can cause the runner to not working properly
|
||||||
|
|
||||||
- Bug in the runner or the dotnet framework that causes actions runner can't make Http request in a certain network environment.
|
- A bug in the runner or the dotnet framework that causes the actions runner to be unable to make Http requests in a certain network environment.
|
||||||
|
|
||||||
- Proxy/Firewall block certain HTTP method, like it block all POST and PUT calls which the runner will use to upload logs.
|
- A Proxy or Firewall may block certain HTTP method, such as blocking all POST and PUT calls which the runner will use to upload logs.
|
||||||
|
|
||||||
- Proxy/Firewall only allows requests with certain user-agent to pass through and the actions runner user-agent is not in the allow list.
|
- A Proxy or Firewall may only allows requests with certain user-agent to pass through and the actions runner user-agent is not in the allow list.
|
||||||
|
|
||||||
- Proxy try to decrypt and exam HTTPS traffic for security purpose but cause the actions-runner to fail to finish SSL handshake due to the lack of trusting proxy's CA.
|
- A Proxy try to decrypt and exam HTTPS traffic for security purpose but cause the actions-runner to fail to finish SSL handshake due to the lack of trusting proxy's CA.
|
||||||
|
|
||||||
- Proxy try to modify the HTTPS request (like add or change some http headers) and causes the request become incompatible with the Actions Service (ASP.NetCore), Ex: [Nginx](https://github.com/dotnet/aspnetcore/issues/17081)
|
- The SSL handshake may fail if the client and server do not support the same TLS version, or the same cipher suites.
|
||||||
|
|
||||||
- Firewall rules that block action runner from accessing certain hosts, ex: `*.github.com`, `*.actions.githubusercontent.com`, etc.
|
- A Proxy may try to modify the HTTPS request (like add or change some http headers) and causes the request become incompatible with the Actions Service (ASP.NetCore), Ex: [Nginx](https://github.com/dotnet/aspnetcore/issues/17081)
|
||||||
|
|
||||||
|
- Firewall rules that block action runner from accessing certain hosts, ex: `*.github.com`, `*.actions.githubusercontent.com`, etc
|
||||||
|
|
||||||
|
|
||||||
### Identify and solve these problems
|
### Identify and solve these problems
|
||||||
@@ -29,4 +31,31 @@ Use a 3rd party tool to make the same requests as the runner did would be a good
|
|||||||
|
|
||||||
If the 3rd party tool is also experiencing the same error as the runner does, then you might want to contact your network administrator for help.
|
If the 3rd party tool is also experiencing the same error as the runner does, then you might want to contact your network administrator for help.
|
||||||
|
|
||||||
Otherwise, contact GitHub customer support or log an issue at https://github.com/actions/runner
|
Otherwise, contact GitHub customer support or log an issue at https://github.com/actions/runner
|
||||||
|
|
||||||
|
### Troubleshooting: Why can't I configure a runner?
|
||||||
|
|
||||||
|
If you are having trouble connecting, try these steps:
|
||||||
|
|
||||||
|
1. Validate you can reach our endpoints from your web browser. If not, double check your local network connection
|
||||||
|
- For hosted Github:
|
||||||
|
- https://api.github.com/
|
||||||
|
- https://vstoken.actions.githubusercontent.com/_apis/health
|
||||||
|
- https://pipelines.actions.githubusercontent.com/_apis/health
|
||||||
|
- For GHES/GHAE
|
||||||
|
- https://myGHES.com/_services/vstoken/_apis/health
|
||||||
|
- https://myGHES.com/_services/pipelines/_apis/health
|
||||||
|
- https://myGHES.com/api/v3
|
||||||
|
2. Validate you can reach those endpoints in powershell core
|
||||||
|
- The runner runs on .net core, lets validate the local settings for that stack
|
||||||
|
- Open up `pwsh`
|
||||||
|
- Run the command using the urls above `Invoke-WebRequest {url}`
|
||||||
|
3. If not, get a packet trace using a tool like wireshark and start looking at the TLS handshake.
|
||||||
|
- If you see a Client Hello followed by a Server RST:
|
||||||
|
- You may need to configure your TLS settings to use the correct version
|
||||||
|
- You should support TLS version 1.2 or later
|
||||||
|
- You may need to configure your TLS settings to have up to date cipher suites, this may be solved by system updates and patches.
|
||||||
|
- Your firewall, proxy or network configuration may be blocking the connection
|
||||||
|
- You will want to reach out to whoever is in charge of your network with these pcap files to further troubleshoot
|
||||||
|
- If you see a failure later in the handshake:
|
||||||
|
- Try the fix in the [SSLCert Fix](./sslcert.md)
|
||||||
|
|||||||
Reference in New Issue
Block a user