aygp-dr commented 3 weeks ago

Port Mapping Issue in Nested Docker (DinD) Environment

Issue

Cannot access ComputerUse demo from host when running in Docker-in-Docker environment

Current Behavior

Host machine cannot access ComputerUse demo's web interfaces through mapped ports (8080, 8501, 5900, 6080) when running in nested Docker configuration.

Expected Behavior

All ComputerUse demo ports should be accessible from host machine:

localhost:8080 - Web interface
localhost:8501 - Streamlit interface
localhost:5900 - VNC server
localhost:6080 - noVNC web client

Investigation Results

✅ Working Configuration

# In Enclave (DinD)
docker run -it --privileged \
    -v $HOME/.anthropic:/root/.anthropic \
    -p 8080:8080 -p 8501:8501 -p 5900:5900 -p 6080:6080 \
    docker:dind sh -c 'dockerd > /var/log/dockerd.log 2>&1 & sleep 3 && /bin/sh'

# Then inside Enclave:
docker run -it \
    -v /root/.anthropic:/home/computeruse/.anthropic \
    --network host \
    ghcr.io/anthropics/anthropic-quickstarts:computer-use-demo-latest

❌ Non-working Configuration

docker run -it --net=host --privileged -it \
    -v $HOME/.anthropic:/root/.anthropic \
    -p 8080:8080 -p 8501:8501 -p 5900:5900 -p 6080:6080 \
    docker:dind \
    docker run -it \
        -v /root/.anthropic:/home/computeruse/.anthropic \
        -p 8080:8080 -p 8501:8501 -p 5900:5900 -p 6080:6080 \
        ghcr.io/anthropics/anthropic-quickstarts:computer-use-demo-latest

Solution

Split the container startup into two steps
Use --network host in the ComputerUse container
Start Docker daemon before running nested container
Remove duplicate port mappings

Implementation

The solution has been documented in infrastructure.org with:

Container architecture diagrams
Port mapping documentation
Configuration files
Setup scripts

Labels

bug
docker
networking
documentation

jwalsh commented 3 weeks ago

Initial testing work on DinD is noted in https://github.com/defrecord/anthropic-quickstarts/blob/main/computer-use-demo/infrastructure.org