Join Log in
Score:0
Lueton avatar Server

podman/docker cannot reach exposed ports

dk flag
Lueton

We recently upgraded our infrastructure to the new Strato KVM VPS. After we had set up our dockerized services we noticed that none of our services are reachable through their defined ports. Neither from localhost nor from external. This happens with both podman and docker. Our images are working correctly. If we use the --net host flag everything works fine and can be reached but thats not what we want and should not be necessary. If you need more information feel free to ask.

We are grateful for any help.

Additional information:
os: ubuntu 22.04
podman: 3.4.4
cat /proc/sys/net/ipv6/conf/all/forwarding 1
cat /proc/sys/net/ipv4/ip_forward 1
cat /sys/module/ipv6/parameters/disable 0

Interfaces (podman)

3: cni-podman0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
    inet6 xxxx::xxxx:xxxx:xxxx:xxxx/64 scope link
       valid_lft forever preferred_lft forever
6: veth0b47ca4c@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether xx:xx:xx:xx:xx:xxbrd ff:ff:ff:ff:ff:ff link-netns cni-3b592073-b05b-6473-f81c-23018ac36950
    inet6 xxxx::xxxx:xxxx:xxxx:xxxx/64 scope link
       valid_lft forever preferred_lft forever

Podman inspect

[
    {
        "Id": "c999130c8645cbc407c1df1df03e185884b5cbe6dacb1088567f89191ae9aad2",
        "Created": "2023-06-23T07:40:22.316742043Z",
        "Path": "docker-entrypoint.sh",
        "Args": [
            "node",
            "server.js"
        ],
        "State": {
            "OciVersion": "1.0.2-dev",
            "Status": "running",
            "Running": true,
            "Paused": false,
            "Restarting": false,
            "OOMKilled": false,
            "Dead": false,
            "Pid": 13418,
            "ConmonPid": 13415,
            "ExitCode": 0,
            "Error": "",
            "StartedAt": "2023-06-23T07:40:22.546936291Z",
            "FinishedAt": "0001-01-01T00:00:00Z",
            "Healthcheck": {
                "Status": "",
                "FailingStreak": 0,
                "Log": null
            },
            "CgroupPath": "/machine.slice/libpod-c999130c8645cbc407c1df1df03e185884b5cbe6dacb1088567f89191ae9aad2.scope"
        },
        "Image": "71c248232ca5eaf774116371245d524516a6fcf46abd2f99fe2c4b721eed77c9",
        "ImageName": "nextjs-docker-test:main",
        "Rootfs": "",
        "Pod": "",
        "ResolvConfPath": "/run/containers/storage/overlay-containers/c999130c8645cbc407c1df1df03e185884b5cbe6dacb1088567f89191ae9aad2/userdata/resolv.conf",
        "HostnamePath": "/run/containers/storage/overlay-containers/c999130c8645cbc407c1df1df03e185884b5cbe6dacb1088567f89191ae9aad2/userdata/hostname",
        "HostsPath": "/run/containers/storage/overlay-containers/c999130c8645cbc407c1df1df03e185884b5cbe6dacb1088567f89191ae9aad2/userdata/hosts",
        "StaticDir": "/var/lib/containers/storage/overlay-containers/c999130c8645cbc407c1df1df03e185884b5cbe6dacb1088567f89191ae9aad2/userdata",
        "OCIConfigPath": "/var/lib/containers/storage/overlay-containers/c999130c8645cbc407c1df1df03e185884b5cbe6dacb1088567f89191ae9aad2/userdata/config.json",
        "OCIRuntime": "crun",
        "ConmonPidFile": "/run/containers/storage/overlay-containers/c999130c8645cbc407c1df1df03e185884b5cbe6dacb1088567f89191ae9aad2/userdata/conmon.pid",
        "PidFile": "/run/containers/storage/overlay-containers/c999130c8645cbc407c1df1df03e185884b5cbe6dacb1088567f89191ae9aad2/userdata/pidfile",
        "Name": "nextjs-docker-test",
        "RestartCount": 0,
        "Driver": "overlay",
        "MountLabel": "",
        "ProcessLabel": "",
        "AppArmorProfile": "containers-default-0.44.4",
        "EffectiveCaps": null,
        "BoundingCaps": [
            "CAP_CHOWN",
            "CAP_DAC_OVERRIDE",
            "CAP_FOWNER",
            "CAP_FSETID",
            "CAP_KILL",
            "CAP_NET_BIND_SERVICE",
            "CAP_SETFCAP",
            "CAP_SETGID",
            "CAP_SETPCAP",
            "CAP_SETUID",
            "CAP_SYS_CHROOT"
        ],
        "ExecIDs": [],
        "GraphDriver": {
            "Name": "overlay",
            "Data": {
                "LowerDir": "/var/lib/containers/storage/overlay/ef964276b39d5c231f0bc8930d37d390edfc0ac85979882c76ea8f11afb2ed97/diff:/var/lib/containers/storage/overlay/2f321646b65a22c485d662a660fe1d4ca0af09e05bd69e886264db5375f4b592/diff:/var/lib/containers/storage/overlay/4ed7439a59a6561844e6e59ae14b20f3a9175cce3cc8973714f8816da94422e2/diff:/var/lib/containers/storage/overlay/fb3e6189305043478f27f86f34cfdcd77a0913bf31adea6b44c7d5c3252ed5bb/diff:/var/lib/containers/storage/overlay/dabf1d2858b89bf69c1b98e85b661abe837a7af196cf9f655426a12a32147e58/diff:/var/lib/containers/storage/overlay/027e7695d766dfd80b221dd37accdea27dd790ebe9ed059c52a8929fed1f9b94/diff:/var/lib/containers/storage/overlay/406c6f7fd87fd2cfd1f33236a8cb68449860265a170ea8a2713625809ec9355e/diff:/var/lib/containers/storage/overlay/739b7c1d47c50966c7056fa3cd650cf2c4acff257645c3dc6bdc0be4b3eb53c3/diff:/var/lib/containers/storage/overlay/58cafb3f4cd1cb8956b4a925072c958e57765037b7bc5d2e9b443530f7744600/diff:/var/lib/containers/storage/overlay/408c359632854f654eb3648038eb6cc7508d9a102d6d233fc6db090ceff2e247/diff:/var/lib/containers/storage/overlay/78a822fe2a2d2c84f3de4a403188c45f623017d6a4521d23047c9fbb0801794c/diff",
                "MergedDir": "/var/lib/containers/storage/overlay/a0acea5314c51cd0e05a51f48204014e9368e01549ed6da4e81f17d140a06a8c/merged",
                "UpperDir": "/var/lib/containers/storage/overlay/a0acea5314c51cd0e05a51f48204014e9368e01549ed6da4e81f17d140a06a8c/diff",
                "WorkDir": "/var/lib/containers/storage/overlay/a0acea5314c51cd0e05a51f48204014e9368e01549ed6da4e81f17d140a06a8c/work"
            }
        },
        "Mounts": [],
        "Dependencies": [],
        "NetworkSettings": {
            "EndpointID": "",
            "Gateway": "10.88.0.1",
            "IPAddress": "10.88.0.4",
            "IPPrefixLen": 16,
            "IPv6Gateway": "",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "MacAddress": "xx:xx:xx:xx:xx:xx",
            "Bridge": "",
            "SandboxID": "",
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "Ports": {
                "3000/tcp": [
                    {
                        "HostIp": "",
                        "HostPort": "3001"
                    }
                ]
            },
            "SandboxKey": "/run/netns/cni-3b592073-b05b-6473-f81c-23018ac36950",
            "Networks": {
                "podman": {
                    "EndpointID": "",
                    "Gateway": "10.88.0.1",
                    "IPAddress": "10.88.0.4",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "xx:xx:xx:xx:xx:xx",
                    "NetworkID": "podman",
                    "DriverOpts": null,
                    "IPAMConfig": null,
                    "Links": null
                }
            }
        },
        "ExitCommand": [
            "/usr/bin/podman",
            "--root",
            "/var/lib/containers/storage",
            "--runroot",
            "/run/containers/storage",
            "--log-level",
            "warning",
            "--cgroup-manager",
            "systemd",
            "--tmpdir",
            "/run/libpod",
            "--runtime",
            "crun",
            "--events-backend",
            "journald",
            "container",
            "cleanup",
            "c999130c8645cbc407c1df1df03e185884b5cbe6dacb1088567f89191ae9aad2"
        ],
        "Namespace": "",
        "IsInfra": false,
        "Config": {
            "Hostname": "c999130c8645",
            "Domainname": "",
            "User": "nextjs",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "TERM=xterm",
                "container=podman",
                "NODE_VERSION=18.16.1",
                "YARN_VERSION=1.22.19",
                "NODE_ENV=production",
                "PORT=3000",
                "HOME=/home/nextjs",
                "HOSTNAME=c999130c8645"
            ],
            "Cmd": [
                "node",
                "server.js"
            ],
            "Image": "nextjs-docker-test:main",
            "Volumes": null,
            "WorkingDir": "/app",
            "Entrypoint": "docker-entrypoint.sh",
            "OnBuild": null,
            "Labels": null,
            "Annotations": {
                "io.container.manager": "libpod",
                "io.kubernetes.cri-o.Created": "2023-06-23T07:40:22.316742043Z",
                "io.kubernetes.cri-o.TTY": "false",
                "io.podman.annotations.autoremove": "FALSE",
                "io.podman.annotations.init": "FALSE",
                "io.podman.annotations.privileged": "FALSE",
                "io.podman.annotations.publish-all": "FALSE",
                "org.opencontainers.image.stopSignal": "15"
            },
            "StopSignal": 15,
            "CreateCommand": [
                "podman",
                "run",
                "-p",
                "3001:3000",
                "--network=bridge",
                "-d",
                "--restart",
                "unless-stopped",
                "--name",
                "nextjs-docker-test",
                "nextjs-docker-test:main"
            ],
            "Umask": "0022",
            "Timeout": 0,
            "StopTimeout": 10
        },
        "HostConfig": {
            "Binds": [],
            "CgroupManager": "systemd",
            "CgroupMode": "private",
            "ContainerIDFile": "",
            "LogConfig": {
                "Type": "journald",
                "Config": null,
                "Path": "",
                "Tag": "",
                "Size": "0B"
            },
            "NetworkMode": "bridge",
            "PortBindings": {
                "3000/tcp": [
                    {
                        "HostIp": "",
                        "HostPort": "3001"
                    }
                ]
            },
            "RestartPolicy": {
                "Name": "unless-stopped",
                "MaximumRetryCount": 0
            },
            "AutoRemove": false,
            "VolumeDriver": "",
            "VolumesFrom": null,
            "CapAdd": [],
            "CapDrop": [
                "CAP_AUDIT_WRITE",
                "CAP_MKNOD",
                "CAP_NET_RAW"
            ],
            "Dns": [],
            "DnsOptions": [],
            "DnsSearch": [],
            "ExtraHosts": [],
            "GroupAdd": [],
            "IpcMode": "private",
            "Cgroup": "",
            "Cgroups": "default",
            "Links": null,
            "OomScoreAdj": 0,
            "PidMode": "private",
            "Privileged": false,
            "PublishAllPorts": false,
            "ReadonlyRootfs": false,
            "SecurityOpt": [],
            "Tmpfs": {},
            "UTSMode": "private",
            "UsernsMode": "",
            "ShmSize": 65536000,
            "Runtime": "oci",
            "ConsoleSize": [
                0,
                0
            ],
            "Isolation": "",
            "CpuShares": 0,
            "Memory": 0,
            "NanoCpus": 0,
            "CgroupParent": "",
            "BlkioWeight": 0,
            "BlkioWeightDevice": null,
            "BlkioDeviceReadBps": null,
            "BlkioDeviceWriteBps": null,
            "BlkioDeviceReadIOps": null,
            "BlkioDeviceWriteIOps": null,
            "CpuPeriod": 0,
            "CpuQuota": 0,
            "CpuRealtimePeriod": 0,
            "CpuRealtimeRuntime": 0,
            "CpusetCpus": "",
            "CpusetMems": "",
            "Devices": [],
            "DiskQuota": 0,
            "KernelMemory": 0,
            "MemoryReservation": 0,
            "MemorySwap": 0,
            "MemorySwappiness": 0,
            "OomKillDisable": false,
            "PidsLimit": 2048,
            "Ulimits": [
                {
                    "Name": "RLIMIT_NOFILE",
                    "Soft": 1048576,
                    "Hard": 1048576
                },
                {
                    "Name": "RLIMIT_NPROC",
                    "Soft": 4194304,
                    "Hard": 4194304
                }
            ],
            "CpuCount": 0,
            "CpuPercent": 0,
            "IOMaximumIOps": 0,
            "IOMaximumBandwidth": 0,
            "CgroupConf": null
        }
    }
]
163
1 + 0
Score:0
Lueton avatar Server
dk flag
Lueton

After a long conversation with Strato, they admitted that, as stated in the more or less hidden FAQ, the VPS do not fully support Docker. The label "docker ready" only means that Docker could partially work. Docker works fine a slong as you use the --net host flag.

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.