- Home
- Skills
- Trevors
- Dot Claude
- Claude Code Web Docker
claude-code-web-docker_skill
- Python
4
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill trevors/dot-claude --skill claude-code-web-docker- SKILL.md2.8 KB
Overview
This skill explains how to configure and run Docker inside Claude Code for Web's restricted container environment. It covers detection, daemon startup options that avoid iptables and bridge networking, build flags for SSL-intercepting proxies, sandbox creation, common errors and cleanup commands. Use it to get reliable Docker builds and sandboxes when running inside the web-hosted Claude Code environment.
How this skill works
It inspects the environment for proxy variables, the presence of /.dockerenv, and iptables permission errors to confirm the restricted runtime. The skill shows how to start dockerd with --iptables=false and --bridge=none so Docker does not attempt privileged network manipulations. It also provides build and sandbox command flags (--host-network, --insecure, --egress=all) to work around bridge networking and SSL interception by proxies.
When to use it
- You are running inside Claude Code for Web or another restricted container and need Docker to run reliably.
- Docker builds fail with iptables, bridge network, or network bridge not found errors.
- HTTPS requests fail due to an intercepting proxy causing SSL certificate errors during image builds.
- Creating sandboxes fails because the proxy egress container requires iptables or bridge networking.
- You need a quick, reproducible workflow to build and run csb images and sandboxes in the web environment.
Best practices
- Start dockerd with --iptables=false and --bridge=none to avoid permission issues and bridge creation.
- Use csb build --host-network --insecure when building behind an SSL-intercepting proxy.
- Create sandboxes with --egress=all because the proxy egress container cannot run without iptables.
- Temporarily disable strict SSL only for builds (e.g., npm config set strict-ssl false) and re-enable after.
- Stop dockerd and containers during cleanup to avoid leftover processes in the shared runtime.
Example use cases
- Install docker.io in Claude Code for Web, start the daemon with restricted flags, then run csb build --host-network --insecure.
- Recover from iptables permission denied by killing dockerd and restarting it with --iptables=false --bridge=none.
- Work around npm SSL verification failures by disabling strict-ssl for the install steps in the build.
- Create a development sandbox with csb create dev --egress=all so networking works without the proxy container.
- Clean up the environment before finishing a session: stop containers and pkill dockerd.
FAQ
Check for proxy env variables (http_proxy), the /.dockerenv file, and iptables errors like 'Permission denied'.
Why use --host-network and --insecure?
--host-network avoids bridge creation that needs iptables; --insecure bypasses SSL verification for builds behind intercepting proxies.