search

wollomatic / socket-proxy

A secure-by-design and flexible unix socket proxy. No external dependencies. Needs no shell or interpreter in a container. Written in Go (memory safe). Can replace tecnativa/docker-socket-proxy or linuxserver/docker-socket-proxy. Most flexible configuration with regular expressions
https://hub.docker.com/r/wollomatic/socket-proxy
MIT License
76 stars 3 forks source link

failed to start [/usr/sbin/iptables-restore --wait 30 --wait-interval 100000]: exit status 2: unknown #34

Closed johnwmail closed 1 month ago

johnwmail commented 1 month ago

docker-compose: image

error messages: image

/etc/docker/daemon.json: image

Any workaround how to solve it? thanks.

wollomatic commented 1 month ago

I'm not familiar with sysbox-runc. Socket-proxy is just a SCRATCH image, so there is no /usr/sbin/iptables-restore binary in the container image. There is also no glibc or musl in the image that could be needed to run iptables-restore.

Maybe it's worth a try to create a container image based on a distroless or a minimal linux image, like gcr.io/distroless/base-debian12:nonroot, alpine:3.20, or even Ubuntu.

Sample Dockerfile:

FROM wollomatic/socket-proxy:1 AS proxy
FROM gcr.io/distroless/base-debian12:nonroot AS base
VOLUME /var/run/docker.sock
EXPOSE 2375
ENTRYPOINT ["/socket-proxy"]
COPY --from=proxy ./healthcheck ./socket-proxy /
johnwmail commented 1 month ago

Thank for your sharing, thanks.

I noticed, it works if comment out "#internal: true" (it also work, if external: false), thanks image