Inner Docker default bridge MTU is 1500 while workspace interface MTU is 1450, causing GitHub TLS timeouts during docker build

[sundaycrafts]

We are seeing a network issue in a Coder envbox workspace where Docker builds fail to reach github.com unless --network=host is used.

Environment:

• Raspberry Pi 5
• Ubuntu 24.04.4 LTS
• microk8s
• Coder v2.32.0+34584e9

Observed behavior:

• Workspace shell can access https://github.com/ successfully.
• docker build with the default build network fails when a RUN curl https://github.com/ step is executed.
• docker build --network=host succeeds.
• A container started with Docker default bridge network cannot complete TLS handshake to github.com.
• A container started with --network host succeeds.
• A user-defined Docker bridge with MTU 1450 also succeeds.

You can reproduce the issue as follows:

# fail
docker run --rm --network bridge curlimages/curl:8.7.1 curl -I -L --verbose --max-time 20 https://github.com/

docker network create --driver bridge --opt com.docker.network.driver.mtu=1450 test1450

# success
docker run --rm --network test1450 curlimages/curl:8.7.1 curl -I -L --verbose --max-time 20 https://github.com/

docker network rm test1450

Observed MTU values:

• Workspace/inner host eth0: MTU 1450
• Docker default bridge docker0: MTU 1500
• Docker default bridge containers: MTU 1500

This suggests that the inner Docker default bridge MTU is not aligned with the workspace network MTU, and this causes connectivity issues (at least for GitHub TLS traffic) in envbox multi-layer networking environments.

Expected behavior:

• Inner Docker default bridge should inherit or be configurable to match the effective workspace MTU, or envbox should document the recommended MTU override.

Workaround:

• docker build --network=host
• or configure Docker bridge MTU to 1450. e.g. by editing /etc/docker/daemon.json

cat <<'EOF' | sudo tee /etc/docker/daemon.json >/dev/null
{
  "mtu": 1450
}
EOF