I have a docker-compose project that I am trying to run on my server, which does not have IPv6 enabled. Whenever I try to run the container, I get the following error message:
nginx: [emerg] socket() [::]:80 failed (97: Address family not supported by protocol)
I figured that is because IPv6 is not enabled on my server (it is managed by a third party, so I can't touch that), so I tried disabling IPv6 for docker-compose, so far without any luck.
I tried adding
sysctls:
net.ipv6.conf.all.disable_ipv6: 1
on my config file, but then I received the following error
Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: open /proc/sys/net/ipv6/conf/all/disable_ipv6: no such file or directory: unknown
How can I disable IPv6 in docker-compose, either for this particular container or system-wide to not have issues like this?
This is my current config
container_name: cont-nginx
networks:
- cont
image: nginx:latest
depends_on:
- cont-app
restart: always
ports:
- "880:880"
- "4443:4443"
sysctls:
- net.ipv6.conf.all.disable_ipv6=1
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
networks:
cont:
driver: bridge
Disabling IPv6 for the docker's network should do the job:
networks:
cont:
driver: bridge
enable_ipv6: false
Also, maybe you should consider removing this from your nginx conf
listen [::]:80;
because [::] is for IPv6.
Related
I have been trying to run docker-compose up command but everytime it errors out saying the ports are not available. I have tried all the random ports I can think of but they all give me the same error
Here's my full error:
ERROR: for 5123b7524073_interaction Cannot start service interaction: Ports are not available: listen tcp 0.0.0.0:4005: bind:
An attempt was made to access a socket in a way forbidden by its access permissions.
ERROR: for content Cannot start service content: Ports are not available: listen tcp 0.0.0.0:4000: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
ERROR: for mongo Cannot start service mongo: Ports are not available: listen tcp 0.0.0.0:40000: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
ERROR: for user Cannot start service user: Ports are not available: listen tcp 0.0.0.0:4003: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
ERROR: for interaction Cannot start service interaction: Ports are not available: listen tcp 0.0.0.0:4005: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
ERROR: Encountered errors while bringing up the project.
and here's my compose file
version: "3.7"
services:
content:
container_name: content
restart: always
build: ./Content
ports:
- "4000:3000"
external_links:
- mongo
interaction:
container_name: interaction
restart: always
build: ./Interaction
ports:
- "4005:3002"
external_links:
- mongo
user:
container_name: user
restart: always
build: ./User
ports:
- "4003:3001"
external_links:
- mongo
mongo:
container_name: mongo
image: mongo
ports:
- "40000:27017"
I have tried to use net stop winnat before running docker and made sure there were no blocked ports I was accessing by running netsh interface ipv4 show excludedportrange protocol=tcp.
Here's my output for running netsh
Start Port End Port
---------- --------
5357 5357
7080 7080
50000 50059 *
* - Administered port exclusions.
Does anybody know what could be the problem here? I am running docker on win 10
I just found the problem, my antivirus was blocking docker from accessing those ports. I just made sure to run docker desktop with admin privileges after reinstalling it. it asked me firewall permissions from com.docker.backend or smth like that, make sure to give the permissions and it worked now
I have a docker project that uses the MAC address for hardware license enforcement. I cannot change this, the ISV uses a hardware fingerprint that includes the MAC address.
I am trying to create a macvlan network, that will use the physical adapter and get an IP address from my network DHCP server, alternatively I will assign a static IP address manually.
I must be able to set the MAC address manually such that it does not dynamically change and invalidate my license key.
Based on Docker docs the mac_address setting is deprecated, at least in v3 schema, but seems to be honored in v2 schemas.
I have a config that builds, using vanilla LSIO Nginx as test, but fails to run with an error stating that the MAC address cannot be assigned.
version: "2.1"
services:
nginx:
image: linuxserver/nginx
container_name: nginx_macvlan
environment:
- TZ=Americas/Los_Angeles
volumes:
- .mount:/config
ports:
- 80:80
- 443:443
restart: unless-stopped
mac_address: b7-48-d5-a6-d1-99
networks:
nginx_vlan:
ipv4_address: 192.168.1.10
networks:
nginx_vlan:
driver: macvlan
ipam:
driver: default
config:
- subnet: 192.168.1.0/24
PS C:\Users\piete\source\TestMacVlan> cd "c:\Users\piete\source\TestMacVlan"
PS C:\Users\piete\source\TestMacVlan> docker-compose -f "docker-compose-macvlan.yml" up -d --build
Creating network "testmacvlan_nginx_vlan" with driver "macvlan"
Creating nginx_macvlan ... error
ERROR: for nginx_macvlan Cannot start service nginx: OCI runtime create failed: container_linux.go:349: starting container process caused "process_linux.go:449: container init caused \"process_linux.go:432: running prestart hook 0 caused \\\"error running hook: exit status 1, stdout: , stderr: time=\\\\\\\"2020-05-16T02:46:50Z\\\\\\\" level=fatal msg=\\\\\\\"failed to add interface veth2b7c9ef to sandbox: error setting interface \\\\\\\\\\\\\\\"veth2b7c9ef\\\\\\\\\\\\\\\" MAC to \\\\\\\\\\\\\\\"b7:48:d5:a6:d1:99\\\\\\\\\\\\\\\": cannot assign requested address\\\\\\\"\\\\n\\\"\"": unknown
ERROR: for nginx Cannot start service nginx: OCI runtime create failed: container_linux.go:349: starting container process caused "process_linux.go:449: container init caused \"process_linux.go:432: running prestart hook 0 caused \\\"error running hook: exit status 1, stdout: , stderr: time=\\\\\\\"2020-05-16T02:46:50Z\\\\\\\" level=fatal msg=\\\\\\\"failed to add interface veth2b7c9ef to sandbox: error setting interface \\\\\\\\\\\\\\\"veth2b7c9ef\\\\\\\\\\\\\\\" MAC to \\\\\\\\\\\\\\\"b7:48:d5:a6:d1:99\\\\\\\\\\\\\\\": cannot assign requested address\\\\\\\"\\\\n\\\"\"": unknown
ERROR: Encountered errors while bringing up the project.
PS C:\Users\piete\source\TestMacVlan>
I am testing on Win10 using Docker for Windows.
PS C:\Users\piete\source\TestMacVlan> docker --version
Docker version 19.03.1, build 5b38d82a-
PS C:\Users\piete\source\TestMacVlan> [Environment]::OSVersion
Platform ServicePack Version VersionString
-------- ----------- ------- -------------
Win32NT 10.0.18363.0 Microsoft Windows NT 10.0.18363.0
How do I use macvlan in compose and set a MAC and IP or use DHCP for IP?
I got it working on ubuntu 18 lts in a Hyper-V container.
You have to edit the Hyper-V guest network adapter to allow "enable mac address spoofing", this is under the advanced options.
When using compose, the version can't be greater than ~v2.1, when using current v3.7+ versions you'll get a gateway is unexpected error.
On Linux the host does not get traffic routed to the macvlan, so containers need to be on the same macvlan if they need to talk to each other.
There can only be one macvlan per subnet range, or one gateway per range, not sure what the cause is.
I could not get it working on Docker for Windows, specifically I do not know how to specify the parent adapter name. I tried the actual adapter name, did not work, "eth0" works for creating the macvlan, but no traffic flows. I don't know if it is because the adapter name is wrong, or something else.
I could not get network infrastructure DHCP working using macvlan, maybe this will require creating bridges on the host.
Here is working compose file running two nginx instances on two specific IP's with two specific MAC addresses, tested on Ubuntu 18.04 LTS running on Hyper-V. I have not yet tested bare metal.
version: "2.1"
services:
nginx_10:
image: linuxserver/nginx
container_name: nginx_macvlan_10
environment:
- TZ=Americas/Los_Angeles
ports:
- 80:80
- 443:443
restart: unless-stopped
mac_address: 02:42:c0:a8:84:22
networks:
nginx_vlan:
ipv4_address: 192.168.1.10
nginx_45:
image: linuxserver/nginx
container_name: nginx_macvlan_45
environment:
- TZ=Americas/Los_Angeles
ports:
- 80:80
- 443:443
restart: unless-stopped
mac_address: 02:42:c0:a8:84:23
networks:
nginx_vlan:
ipv4_address: 192.168.1.45
networks:
nginx_vlan:
driver: macvlan
driver_opts:
parent: eth0
ipam:
driver: default
config:
- subnet: 192.168.1.0/24
gateway: 192.168.1.1
# docker-compose --file docker-compose-macvlan-ubuntu-multi.yml up --detach
I'd still like to know:
How to get this working with docker compose schema v3+.
How to get it working on Docker for Windows.
How to get DHCP working.
IPAM configuration (gateway, ip_range, aux_addresses) is now supported by docker-compose v1.27.0+.
https://github.com/docker/compose/issues/6569#issuecomment-709195165
Releases 1.27.0+ have merged v2/v3 file formats, so you should be able
to use ipam anywhere now.
https://github.com/docker/compose/releases/tag/1.27.0
Merge 2.x and 3.x compose formats and align with COMPOSE_SPEC schema
More info: https://blog.jjhayes.net/wp/2020/10/28/using-a-macvlan-network-in-docker-compose/
I have the following configuration in my docker-compose file:
fluentd:
build: ./fluentd
container_name: fluentd
expose:
- 24224
- 24224/udp
depends_on:
- "elasticsearch"
networks:
- internal
public-site:
build: ./public-site
container_name: public-site
depends_on:
- fluentd
logging:
driver: fluentd
options:
tag: public-site
networks:
- internal
networks:
internal:
When I start the app using docker-compose up, then the webserver exists with the error message ERROR: for public-site Cannot start service public-site: failed to initialize logging driver: dial tcp 127.0.0.1:24224: connect: connection refused.
On the other hand, when I publish the ports from fluentd (ports: 24224:24224), it works. The problem is that I don't want to publish those ports on the host, since it bypasses the linux firewall (i.e. it exposes the fluentd port to everyone, see here).
This is confusing, since exposing a port should make it available for every container in the network. I am using an internal network betweem fluentd and the webserver, so I would expect that the exposed ports of fluentd are enough (which isn't the case).
When I connect to the webserver container, I can ping and resolve the fluentd container, so there is a connection. For some reasons however, at startup it won't accept a fluentd config with no published ports.
The communication to 127.0.0.1 is always problematic if you're in a container. I found this explanation in the docs that performs way better than I would do:
To use the fluentd driver as the default logging driver, set the
log-driver and log-opt keys to appropriate values in the daemon.json
file, which is located in /etc/docker/ on Linux hosts or
C:\ProgramData\docker\config\daemon.json on Windows Server. For more
about +configuring Docker using daemon.json, see +daemon.json.
The following example sets the log driver to fluentd and sets the
fluentd-address option.
{
"log-driver": "fluentd",
"log-opts": {
"fluentd-address": "fluentd:24224"
}
}
src: https://docs.docker.com/config/containers/logging/fluentd/
EDIT: this works until you want to have an application on the host communicating with the dockerized fluentd (then it's a pain)
I have facing issue, I have solve using using static ip address.
logging:
driver: fluentd
options:
fluentd-address: 172.24.0.5:24224
I am facing the same error with you. After check the example config in fluent official site, I was able to connect fluentd through links.
Below is my configuration that works:
version: "3.5"
networks:
test:
services:
flog:
container_name: flog
image: mingrammer/flog:0.4.3
command: -t stdout -f apache_common -d 1s -l
logging:
driver: "fluentd"
options:
fluentd-address: localhost:24224
links:
- fluentd
networks:
- test
fluentd:
container_name: fluentd
image: moonape1226/fluentd-with-loki-plugin:v1.13-1
ports:
- "24224:24224"
- "24224:24224/udp"
volumes:
- ./config/fluentd/fluent.conf:/fluentd/etc/fluent.conf
networks:
- test
In my development environment I want to simulate a "web farm" deployment, where I have several "physical" nodes running multiple services, which belong to the same network.
So, say I have 5 nodes, each node will host 1 mysql, 1 nginx and 2 web apps. And mysql will bind to the same port 3306, but on different ip addresses.
I started to write down docker-compose config and stuck on a very first step: Docker refuses to create new ip in a given network and bind mysql to a port on that ip.
That's the configuration I'm trying to use:
version: "3"
services:
node1_sql:
image: mariadb:10.0.33
restart: always
networks:
skkb:
ipv4_address: 10.9.2.2
ports:
- 10.9.2.2:3306:3306
environment:
- MYSQL_DATABASE=dbname
- MYSQL_ROOT_PASSWORD=password
volumes:
- ./sql_data/1:/var/lib/mysql
command: mysqld --character-set-server=utf8 --collation-server=utf8_general_ci
networks:
skkb:
driver: bridge
ipam:
driver: default
config:
- subnet: 10.9.2.0/24
When I try to do docker-compose up I get following error:
Creating network "node-r_skkb" with driver "bridge"
Creating node-r_node1_sql_1 ... error
ERROR: for node-r_node1_sql_1 Cannot start service node1_sql: driver failed programming external connectivity on endpoint node-r_node1_sql_1 (24a8412b80ebc95f5b15f5d4ea5281639d6914f312f525cf8803ed5179b906a7): Error starting userland proxy: listen tcp 10.9.2.2:3306: bind: cannot assign requested address
ERROR: for node1_sql Cannot start service node1_sql: driver failed programming external connectivity on endpoint node-r_node1_sql_1 (24a8412b80ebc95f5b15f5d4ea5281639d6914f312f525cf8803ed5179b906a7): Error starting userland proxy: listen tcp 10.9.2.2:3306: bind: cannot assign requested address
ERROR: Encountered errors while bringing up the project.
If I try to bind to 10.9.2.1, it works no problem. So it seems to me that it cannot create new IP address which is configured as ipv4_address: 10.9.2.2
Any ideas how to fix that?
I want to send logs from one container running my_service to another running the ELK stack with the syslog driver (so I will need the logstash-input-syslog plugin installed).
I am tweaking this elk image (and tagging it as elk-custom) via the following Dockerfile-elk
(using port 514 because this seems to be the default port)
FROM sebp/elk
WORKDIR /opt/logstash/bin
RUN ./logstash-plugin install logstash-input-syslog
EXPOSE 514
Running my services via a docker-compose as follows more or less:
elk-custom:
# image: elk-custom
build:
context: .
dockerfile: Dockerfile-elk
ports:
- 5601:5601
- 9200:9200
- 5044:5044
- 514:514
my_service:
image: some_image_from_my_local_registry
depends_on:
- elk-custom
logging:
driver: syslog
options:
syslog-address: "tcp://elk-custom:514"
However:
ERROR: for b4cd17dc1142_namespace_my_service_1 Cannot start service
my_service: failed to initialize logging driver: dial tcp: lookup
elk-custom on 10.14.1.31:53: server misbehaving
ERROR: for api Cannot start service my_service: failed to initialize
logging driver: dial tcp: lookup elk-custom on 10.14.1.31:53: server
misbehaving ERROR: Encountered errors while bringing up the project.
Any suggestions?
UPDATE: Apparently nothing seems to be listening on port 514, cause from within the container, the command netstat -a shows nothing on this port....no idea why...
You need to use tcp://127.0.0.1:514 instead of tcp://elk-custom:514. Reason being this address is being used by docker and not by the container. That is why elk-custom is not reachable.
So this will only work when you map the port (which you have done) and the elk-service is started first (which you have done) and the IP is reachable from the docker host, for which you would use tcp://127.0.0.1:514