search

Tecnativa / docker-socket-proxy

Proxy over your Docker socket to restrict which requests it accepts
Apache License 2.0
1.3k stars 156 forks source link

Error "Docker daemon connection interrupted" after 20 minutes of bringing up containers #89

Open jors opened 1 year ago

jors commented 1 year ago

Hi,

I was checking your image with the following setup and I am getting the error "Docker daemon connection interrupted" after 20 minutes of bringing up containers, and then it repeats every 10 minutes after that:

image

This is my docker-compose.yml:

version: '3.8'
services:
  socket-proxy:
    image: tecnativa/docker-socket-proxy
    ports:
      - "127.0.0.1:2375:2375"
    # privileged: true # true for VM, false for unprivileged LXC container
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      LOG_LEVEL: debug # debug,info,notice,warning,err,crit,alert,emerg
      # Flags: 0 to revoke or 1 to grant access
      ## Granted by Default
      EVENTS: 1 # nginx-proxy
      PING: 1 # nginx-proxy
      VERSION: 1
      ## Revoked by Default
      # Security critical
      AUTH: 1
      SECRETS: 1
      POST: 1
      # Not always needed
      BUILD: 1
      COMMIT: 1
      CONFIGS: 1
      CONTAINERS: 1
      DISTRIBUTION: 1
      EXEC: 1
      IMAGES: 1
      INFO: 1
      NETWORKS: 1
      NODES: 1
      PLUGINS: 1
      SERVICES: 1
      SESSION: 1
      SWARM: 1
      SYSTEM: 1
      TASKS: 1
      VOLUMES: 1
    networks:
      - proxy

  nginx-proxy:
    image: jwilder/nginx-proxy:1.3
    ports:
      - 80:80
      - 443:443
    volumes:
      #- /var/run/docker.sock:/tmp/docker.sock:ro
      - ssl:/etc/nginx/certs
      - vhost:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
    environment:
      DOCKER_HOST: "tcp://socket-proxy:2375"
    labels:
      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: ""
    networks:
      - proxy
      - edge
      - frontend
    depends_on:
      - socket-proxy

  acme-companion:
    image: nginxproxy/acme-companion:2.2
    volumes:
      #- /var/run/docker.sock:/var/run/docker.sock:ro
      - acme:/etc/acme.sh
      - ssl:/etc/nginx/certs
      - vhost:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
    environment:
      DOCKER_HOST: "tcp://socket-proxy:2375"
    networks:
      - proxy
      - edge
      - frontend
    depends_on:
      - nginx-proxy

  apache:
    image: bitnami/apache:2.4
    volumes:
      # Web files
      - ./test:/app
    environment:
      VIRTUAL_HOST: fulano.com
      VIRTUAL_PORT: 8080
    networks:
      - frontend
    depends_on:
      - nginx-proxy

volumes:
  ssl:
  vhost:
  html:
  acme:

networks:
  edge:
  frontend:
  proxy:

This is my docker version:

$ docker version
Client:
 Version:           20.10.21
 API version:       1.41
 Go version:        go1.18.1
 Git commit:        20.10.21-0ubuntu1~20.04.2
 Built:             Thu Apr 27 05:56:19 2023
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true

Server:
 Engine:
  Version:          20.10.21
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.18.1
  Git commit:       20.10.21-0ubuntu1~20.04.2
  Built:            Thu Apr 27 05:37:01 2023
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.12-0ubuntu1~20.04.1
  GitCommit:        
 runc:
  Version:          1.1.4-0ubuntu1~20.04.3
  GitCommit:        
 docker-init:
  Version:          0.19.0
  GitCommit:

This is what I get on the logs of the nginx-proxy (also happens on the acme-companion one):

dockergen.1 | 2023/06/11 14:25:25 Docker daemon connection interrupted

And this on the systemd docker.service log:

jun 11 16:25:25 prt2 1b5ccb10ab23[5650]: dockergen.1 | 2023/06/11 14:25:25 Docker daemon connection interrupted
jun 11 16:25:25 prt2 dockerd[5650]: time="2023-06-11T16:25:25.455961717+02:00" level=debug msg="Client context cancelled, stop sending events"
jun 11 16:25:25 prt2 b85512b08cc9[5650]: 192.168.144.5:40022 [11/Jun/2023:14:15:25.454] dockerfrontend dockerbackend/dockersocket 0/0/0/0/600001 200 230 - - sD-- 9/9/8/8/0 0/0 "GET /events? HTTP/1.1"
jun 11 16:25:25 prt2 ba6f37369766[5650]: 2023/06/11 14:25:25 Docker daemon connection interrupted
jun 11 16:25:35 prt2 1b5ccb10ab23[5650]: dockergen.1 | 2023/06/11 14:25:35 Watching docker events

What I have tried without luck:

Maybe it has something to do with the api version (unsupported)?

Thanks in advance.

jors commented 1 year ago

Hi again,

I've been reviewing past issues and I guess this happened before (with Traefik instead): https://github.com/Tecnativa/docker-socket-proxy/issues/21

So this won't be an issue since HAproxy is timming out past 10 minutes (timeout server 10m) of innactivity on the connection, right? If this is the case, maybe it would be a good idea to let users specify an ENV var to setup this timeout other than the default one.