Debian 11 install failure due to iptable command

[knitdv]

sudo bash -c "$(wget -qO- https://raw.githubusercontent.com/Jigsaw-Code/outline-server/master/src/server_manager/install_scripts/install_server.sh)"
> Verifying that Docker is installed .......... OK
> Verifying that Docker daemon is running ..... OK
> Setting PUBLIC_HOSTNAME to external IP ...... OK
> Creating persistent state dir ............... OK
> Generating secret key ....................... OK
> Generating TLS certificate .................. OK
> Generating SHA-256 certificate fingerprint .. OK
> Writing config .............................. OK
> Starting Shadowbox .......................... OK
> Starting Watchtower ......................... OK
> Waiting for Outline server to be healthy .... 

LOGS

docker logs shadowbox 
I2023-08-06T03:38:39.753Z 12 main.js:33] ======== Outline Server main() ========
I2023-08-06T03:38:39.770Z 12 main.js:33] Version is 1.7.2
I2023-08-06T03:38:39.802Z 12 main.js:33] Hostname: 192.168.1.1
I2023-08-06T03:38:39.803Z 12 main.js:33] SB_METRICS_URL: https://prod.metrics.getoutline.org
(node:12) [DEP0111] DeprecationWarning: Access to process.binding('http_parser') is deprecated.
(Use `node --trace-deprecation ...` to show where the warning was created)
I2023-08-06T03:38:39.819Z 12 main.js:33] Prometheus is at 127.0.0.1:9090
I2023-08-06T03:38:39.819Z 12 main.js:33] Node metrics is at 127.0.0.1:9091
I2023-08-06T03:38:39.820Z 12 main.js:33] outline-ss-server metrics is at 127.0.0.1:9092
I2023-08-06T03:38:39.822Z 12 main.js:33] Replay protection enabled: true
I2023-08-06T03:38:39.849Z 12 main.js:102] ======== Starting Prometheus ========
I2023-08-06T03:38:39.850Z 12 main.js:102] /opt/outline-server/bin/prometheus "--config.file" "/opt/outline/persisted-state/prometheus/config.yml" "--web.enable-admin-api" "--storage.tsdb.retention.time" "31d" "--storage.tsdb.path" "/opt/outline/persisted-state/prometheus/data" "--web.listen-address" "127.0.0.1:9090" "--log.level" "info"
ts=2023-08-06T03:38:39.960Z caller=main.go:535 level=info msg="Starting Prometheus Server" mode=server version="(version=2.37.1, branch=HEAD, revision=1ce2197e7f9e95089bfb95cb61762b5a89a8c0da)"
ts=2023-08-06T03:38:39.963Z caller=main.go:540 level=info build_context="(go=go1.18.6, user=root@3caaaea7ba87, date=20220912-12:42:39)"
ts=2023-08-06T03:38:39.963Z caller=main.go:541 level=info host_details="(Linux 5.10.0-21-amd64 #1 SMP Debian 5.10.162-1 (2023-01-21) x86_64 v2038487.hosted-by-vdsina.ru (none))"
ts=2023-08-06T03:38:39.963Z caller=main.go:542 level=info fd_limits="(soft=32768, hard=32768)"
ts=2023-08-06T03:38:39.963Z caller=main.go:543 level=info vm_limits="(soft=unlimited, hard=unlimited)"
ts=2023-08-06T03:38:39.967Z caller=web.go:553 level=info component=web msg="Start listening for connections" address=127.0.0.1:9090
ts=2023-08-06T03:38:39.967Z caller=main.go:972 level=info msg="Starting TSDB ..."
ts=2023-08-06T03:38:39.968Z caller=dir_locker.go:77 level=warn component=tsdb msg="A lockfile from a previous execution already existed. It was replaced" file=/opt/outline/persisted-state/prometheus/data/lock
ts=2023-08-06T03:38:39.974Z caller=head.go:493 level=info component=tsdb msg="Replaying on-disk memory mappable chunks if any"
ts=2023-08-06T03:38:39.975Z caller=head.go:536 level=info component=tsdb msg="On-disk memory mappable chunks replay completed" duration=19.023µs
ts=2023-08-06T03:38:39.975Z caller=head.go:542 level=info component=tsdb msg="Replaying WAL, this may take a while"
ts=2023-08-06T03:38:39.979Z caller=tls_config.go:195 level=info component=web msg="TLS is disabled." http2=false
ts=2023-08-06T03:38:39.981Z caller=head.go:613 level=info component=tsdb msg="WAL segment loaded" segment=0 maxSegment=3
ts=2023-08-06T03:38:39.983Z caller=head.go:613 level=info component=tsdb msg="WAL segment loaded" segment=1 maxSegment=3
ts=2023-08-06T03:38:39.987Z caller=head.go:613 level=info component=tsdb msg="WAL segment loaded" segment=2 maxSegment=3
ts=2023-08-06T03:38:39.989Z caller=head.go:613 level=info component=tsdb msg="WAL segment loaded" segment=3 maxSegment=3
ts=2023-08-06T03:38:39.989Z caller=head.go:619 level=info component=tsdb msg="WAL replay completed" checkpoint_replay_duration=82.921µs wal_replay_duration=13.212364ms total_replay_duration=14.47763ms
ts=2023-08-06T03:38:39.993Z caller=main.go:993 level=info fs_type=EXT4_SUPER_MAGIC
ts=2023-08-06T03:38:39.994Z caller=main.go:996 level=info msg="TSDB started"
ts=2023-08-06T03:38:39.994Z caller=main.go:1177 level=info msg="Loading configuration file" filename=/opt/outline/persisted-state/prometheus/config.yml
ts=2023-08-06T03:38:40.023Z caller=main.go:1214 level=info msg="Completed loading of configuration file" filename=/opt/outline/persisted-state/prometheus/config.yml totalDuration=28.626511ms db_storage=1.145µs remote_storage=2.959µs web_handler=632ns query_engine=1.393µs scrape=27.376579ms scrape_sd=182.727µs notify=2.188µs notify_sd=3.369µs rules=6.445µs tracing=54.113µs
ts=2023-08-06T03:38:40.024Z caller=main.go:957 level=info msg="Server is ready to receive web requests."
ts=2023-08-06T03:38:40.024Z caller=manager.go:941 level=info component="rule manager" msg="Starting rule manager..."

[knitdv]

with the rules of iptables -P INPUT DROP is not installed, if you change -P INPUT ACCEPT, the installation passes. What permissive rules should be set for the successful installation of an outline server with iptables -P INPUT DROP?

[knitdv]

is it possible to switch the container to "NetworkMode": "bridge" from host mode ?

[maddyhof]

Thanks for reaching out! Glad you were able to find a workaround to get it installed. I'll mark this as a bug to look into it in the future. Can you submit a separate issue for your feature request to switch the container network mode, since that's not currently possible? Thanks again!