claude-code-web-docker

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Docker in Claude Code for Web

在Claude Code for Web中使用Docker

Claude Code for Web runs in a restricted container environment that requires special configuration for Docker.

Claude Code for Web运行在受限制的容器环境中，需要对Docker进行特殊配置。

Detection

环境检测

You're in Claude Code for Web if:

bash

undefined

你处于Claude Code for Web环境的判断方式：

bash

undefined

Proxy environment is set

存在代理环境配置

echo $http_proxy # Shows a proxy URL

echo $http_proxy # 显示代理URL

Running inside a container

运行在容器内部

test -f /.dockerenv && echo "In container"

iptables is restricted

iptables权限受限

iptables -L 2>&1 | grep -q "Permission denied"

undefined

iptables -L 2>&1 | grep -q "Permission denied"

undefined

Quick Setup

快速设置

bash

undefined

bash

undefined

Install Docker

安装Docker

sudo apt-get update && sudo apt-get install -y docker.io

Start daemon with restrictions (background)

带限制参数启动守护进程（后台运行）

sudo dockerd --iptables=false --bridge=none &

Wait for daemon to be ready

等待守护进程就绪

sleep 3

Verify

验证

docker info

undefined

docker info

undefined

Building csb Images

构建csb镜像

Standard builds fail because Docker tries to create bridge networks. Use these flags:

bash

undefined

标准构建会失败，因为Docker尝试创建桥接网络。请使用以下参数：

bash

undefined

Build with host networking and insecure SSL (for intercepting proxy)

使用主机网络和不安全SSL（适配代理拦截场景）

csb build --host-network --insecure


What these flags do:

- `--host-network`: Uses host networking instead of bridge (which requires iptables)
- `--insecure`: Adds `-k` to curl commands and disables npm strict-ssl (for SSL-intercepting proxies)

csb build --host-network --insecure


这些参数的作用：

- `--host-network`：使用主机网络而非桥接网络（桥接网络需要iptables权限）
- `--insecure`：在curl命令中添加`-k`参数，并禁用npm的strict-ssl（适配SSL拦截代理）

Creating Sandboxes

创建沙箱

Sandbox creation also needs host networking:

bash

undefined

创建沙箱同样需要使用主机网络：

bash

undefined

When creating sandboxes, they'll run in the Docker network

创建沙箱时，它们将在Docker网络中运行

The proxy container won't work (needs iptables), so use --egress=all

代理容器无法工作（需要iptables），因此使用--egress=all

csb create my-sandbox --egress=all

undefined

csb create my-sandbox --egress=all

undefined

Common Errors and Fixes

常见错误与修复

"iptables: Permission denied"

The daemon is trying to manage iptables rules. Restart with:

bash

sudo pkill dockerd
sudo dockerd --iptables=false --bridge=none &

守护进程尝试管理iptables规则。请重启守护进程：

bash

sudo pkill dockerd
sudo dockerd --iptables=false --bridge=none &

"network bridge not found"

Same issue - daemon needs

--bridge=none

flag.

同样的问题 - 守护进程需要添加

--bridge=none

参数。

"SSL certificate problem"

The proxy intercepts HTTPS. Use

--insecure

flag with csb build, or for manual curl:

bash

curl -k https://example.com

代理拦截了HTTPS请求。请在csb build时使用

--insecure

参数，或者手动执行curl时：

bash

curl -k https://example.com

"npm ERR! unable to verify certificate"

bash

npm config set strict-ssl false
npm install
npm config set strict-ssl true  # Reset after

bash

npm config set strict-ssl false
npm install
npm config set strict-ssl true  # 安装完成后重置

Full Workflow Example

完整工作流示例

bash

undefined

bash

undefined

1. Install and start Docker

1. 安装并启动Docker

sudo apt-get update && sudo apt-get install -y docker.io sudo dockerd --iptables=false --bridge=none & sleep 3

2. Build csb images

2. 构建csb镜像

csb build --host-network --insecure

3. Create a sandbox

3. 创建沙箱

csb create dev --egress=all

4. Connect

4. 连接沙箱

csb ssh dev

undefined

csb ssh dev

undefined

Limitations

限制说明

In Claude Code for Web:

No bridge networking - containers share host network
No egress proxy container (requires iptables)
SSL verification must be disabled for builds
GPU passthrough not available

在Claude Code for Web环境中：

不支持桥接网络 - 容器共享主机网络
无法使用出口代理容器（需要iptables权限）
构建时必须禁用SSL验证
不支持GPU透传

Cleanup

清理操作

bash

undefined

bash

undefined

Stop all containers

停止所有容器

docker stop $(docker ps -q) 2>/dev/null

Stop daemon

停止守护进程

sudo pkill dockerd

undefined

sudo pkill dockerd

undefined