I am running a node server inside a docker container on port 8080 and i can access it via 172.17.0.2:8080 (container ip) now i want to access this ip from localhost:9099. I have tried using iptables to redirect this traffic coming at localhost:9099 to 172.17.0.2:8080 but all measures are in vain. This is the command i was using. Please correct me where i am going wrong. Thanks in advance. sudo iptables -t nat -A PREROUTING -p tcp --dport 9099 -j DNAT --to-destination 172.17.0.2:8080 I took help from [this](https://stackoverflow.com/questions/19897743/exposing-a-port-on-a-live-docker-container) ans but didn't work.

We have lot of applications that run on Linux server using Docker. As an example, let us say my application runs on **ServerA** as a container (Docker). CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES df68695a00f1 app/myapp:latest "/run.sh" 2 weeks ago Up 2 days 0.0.0.0:50423->3000/tcp reallymyapp The app is listening on the port 50423 on the host (mapped to port 3000 on the container). The DNS (endpoint) that is used to access the app is pointing to the HAProxy host (say **ServerB**), that routes the traffic to **ServerA:50423**. Everything works well so far. The security team in our org raised a concern that all external source IPs are potentially allowed to connect to such Docker hosts (like **ServerA**) and they want us to restrict traffic to allow only a specific IP (**ServerB** which is a load balancer) to access the containers and vice versa (**ServerA** to **ServerB**). We would then allow connectivity from our users' machines to **ServerB**/load balancer only. Now, I followed Docker documentation and tried to insert the following rule using iptables to DOCKER-USER chain: iptables -I DOCKER-USER -i ekf192 -s 10.1.2.10, 10.1.2.11, 10.1.2.12 -j ACCEPT iptables -I DOCKER-USER -i ekf192 -j DROP ACCEPT all -- 10.1.2.10 anywhere ACCEPT all -- 10.1.2.11 anywhere ACCEPT all -- 10.1.2.12 anywhere LOG all -- anywhere anywhere LOG level info prefix "IPTables Dropped: " DROP all -- anywhere anywhere RETURN all -- anywhere anywhere Please note that we need both incoming and outgoing traffic from/to these hosts (10.1.2.10, 10.1.2.11, 10.1.2.12). Now, as per my (limited) knowledge on iptables, these rules should drop all incoming requests except for when it is origination from the mentioned IP addresses and vice versa i.e. allow outgoing traffic to mentioned IPs. The incoming traffic works as expected but the outgoing traffic to these HOSTS is getting dropped. I am scratching my head over this and cannot figure out what is going wrong...and not to mention that I absolutely suck at understanding how iptables rules work. Jan 12 16:24:43 sms100394 kernel: IPTables Dropped: IN=docker0 OUT=ekf192 MAC=02:42:09:37:a0:14:02:42:ac:11:00:02:08:00 SRC=172.17.0.2 DST=10.1.2.10 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=40235 DF PROTO=TCP SPT=3000 DPT=42579 WINDOW=242 RES=0x00 ACK FIN URGP=0 Jan 12 16:24:44 sms100394 kernel: IPTables Dropped: IN=docker0 OUT=ekf192 MAC=02:42:09:37:a0:14:02:42:ac:11:00:02:08:00 SRC=172.17.0.2 DST=10.1.2.11 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=3000 DPT=45182 WINDOW=29200 RES=0x00 ACK SYN URGP=0 Jan 12 16:24:45 sms100394 kernel: IPTables Dropped: IN=docker0 OUT=ekf192 MAC=02:42:09:37:a0:14:02:42:ac:11:00:02:08:00 SRC=172.17.0.2 DST=10.1.2.12 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=3000 DPT=45182 WINDOW=29200 RES=0x00 ACK SYN URGP=0

I've been stuck on this problem all day and am keeping my fingers crossed some iptables expert reads this and can help me please. I would like to force all my docker containers's outbound traffic to go through a socks5 proxy. This is the closest I've come:

iptables -t nat -N REDSOCKS
iptables -t nat -A REDSOCKS -s 172.20.0.0/16 -d 0.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -s 172.20.0.0/16 -d 10.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -s 172.20.0.0/16 -d 127.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -s 172.20.0.0/16 -d 169.254.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -s 172.20.0.0/16 -d 172.16.0.0/12 -j RETURN
iptables -t nat -A REDSOCKS -s 172.20.0.0/16 -d 192.168.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -s 172.20.0.0/16 -d 224.0.0.0/4 -j RETURN
iptables -t nat -A REDSOCKS -s 172.20.0.0/16 -d 240.0.0.0/4 -j RETURN

iptables -t nat -A REDSOCKS -s 172.20.0.0/16 -p tcp -j DNAT --to-destination 172.17.0.1:12345
iptables -t nat -A OUTPUT -s 172.20.0.0/16 -j REDSOCKS
iptables -t nat -A PREROUTING -s 172.20.0.0/16 -j REDSOCKS

It works almost perfectly, but the socks5 proxy is unable to tell the originating IP address. The remote address is always '127.0.0.1' Is there any way I can keep the originating IP address? # Example Scenario 1) I have applied the iptables rules above to my docker host 2) I have a docker container with the address 172.20.0.2 2) Inside that container, I do a curl to example.com 3) The traffic is forwarded to 172.17.0.1:12345 (the docker host machine) 4) The server running on 12345 shows the remote IP address as being '127.0.0.1' 5) I would like the remote IP address to show as 172.20.0.2 Thank to anyway who can try and help me with this.

I need to monitor a directory and do some post actions based on the events happened. I am familiar with inotifywait but since we use docker based on alpine, I was thinking about is there other way to do that. Then I found Inotifyd , according to the document there said "While there are tools designed around inotify (inotify-tools) alpine has a build in tool called inotifyd (part of busybox) to execute a command on file system events." But the problem are, a) according that alpine document setting inotifyd to work seems quite complicated compared to inotifywait b) I can't find many articles about inotifyd. So I get the feeling that it is not widely-used. So can someone with experience of Inotifyd shed some light on this ?

For a specific task, **I am failing to scan BLE / BlueZ (hcitool, gatttool, btdevice-l) in Docker under non-privileged and Non-Host network mode.** These are my results (in Debian-Jessie-8.8.0 Host and debian:jessie docker image): root1@73ab53a9268e:/# hciconfig -a Can't open HCI socket.: Operation not permitted root1@73ab53a9268e:/# bt-device -l Couldn't connect to DBus system bus: Could not connect: Connection refused On another image: root2@0d208802d44a:/# hciconfig -a Can't open HCI socket.: Address family not supported by protocol I even gave ALL-CAP permissions for Docker on Host but still could not make it. docker run --name container-ID --cap-add=ALL -d -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro Image-ID So, is it possible by any chance to scan BLE / BlueZ in docker under Non-Privileged & Non-Host network mode?

I am trying to access the docker image labels from Python as follows hostname = socket.gethostname() cmd = "sudo curl --unix-socket /var/run/docker.sock http:/containers/" + hostname + "/json" output = os.popen(cmd).read() But, the thing is I am getting the following error: We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. sudo: no tty present and no askpass program specified It's one of the fancy messages by Unix from some other posts I read from StackOverflow. I am following the below link https://stackoverflow.com/questions/37439887/how-to-access-the-metadata-of-a-docker-container-from-a-script-running-inside-th Only thing is I want to run these things from Python not from the Terminal. Also, FYI, I get the response when I run the same command from the terminal. I tried appending the following piece in Dockerfile RUN echo "root ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers Thanks

Whenever I suspend/resume my VMs the docker networking fails to function (e.g. timeouts between containers and the host, etc.). I'm using docker in the VM, the VM is not controlled by docker. This issue can be resolved by restarting docker (sudo systemctl restart docker) but I would prefer to just restart/reset the network component so I can add it to a resume script. Does docker offer an api to restart its network component?

I am starting with Laravel and I am following the installation guide from the official website . So I had to install Docker with this guide . When I run the last command it works fine

sudo docker run hello-world

Then, following the guide on the Laravel site, I run the command:

curl -s https://laravel.build/example-app  | bash

to create a Laravel application as it said. But when I do so it doesn't work and this message appears:

is not running.

The output of systemctl status docker

● docker.service - Docker Application Container Engine
   Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2021-03-24 09:55:07 EDT; 6min ago
     Docs: https://docs.docker.com 
 Main PID: 1445 (dockerd)
    Tasks: 13
   CGroup: /system.slice/docker.service
           └─1445 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

Mar 24 09:55:06 wrrnrtm-A320M-HD2 dockerd: time="2021-03-24T09:55:06.568086445-04:00" level=warning msg="Your kernel does not support CPU realtime scheduler"
Mar 24 09:55:06 wrrnrtm-A320M-HD2 dockerd: time="2021-03-24T09:55:06.568093668-04:00" level=warning msg="Your kernel does not support cgroup blkio weight"
Mar 24 09:55:06 wrrnrtm-A320M-HD2 dockerd: time="2021-03-24T09:55:06.568100040-04:00" level=warning msg="Your kernel does not support cgroup blkio weight_device"
Mar 24 09:55:06 wrrnrtm-A320M-HD2 dockerd: time="2021-03-24T09:55:06.568236866-04:00" level=info msg="Loading containers: start."
Mar 24 09:55:07 wrrnrtm-A320M-HD2 dockerd: time="2021-03-24T09:55:07.227307787-04:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address"
Mar 24 09:55:07 wrrnrtm-A320M-HD2 dockerd: time="2021-03-24T09:55:07.501565370-04:00" level=info msg="Loading containers: done."
Mar 24 09:55:07 wrrnrtm-A320M-HD2 dockerd: time="2021-03-24T09:55:07.551553136-04:00" level=info msg="Docker daemon" commit=363e9a8 graphdriver(s)=overlay2 version=20.10.5
Mar 24 09:55:07 wrrnrtm-A320M-HD2 dockerd: time="2021-03-24T09:55:07.551881250-04:00" level=info msg="Daemon has completed initialization"
Mar 24 09:55:07 wrrnrtm-A320M-HD2 systemd[1] : Started Docker Application Container Engine.
Mar 24 09:55:07 wrrnrtm-A320M-HD2 dockerd: time="2021-03-24T09:55:07.578162675-04:00" level=info msg="API listen on /var/run/docker.sock"

I have no idea what I'm doing wrong. I'm using Xubuntu 18.04

When I try to publish container's ports to the host, docker fails to add iptables rules: $ sudo docker run --rm -p 8080:80 nginx docker: Error response from daemon: driver failed programming external connectivity on endpoint: iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 8080 -j DNAT --to-destination 172.17.0.2:80 ! -i docker0 iptables: No chain/target/match by that name. (exit status 1)). What confuses me is that the DOCKER chain seems to exist: $ sudo iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy DROP) target prot opt source destination DOCKER-USER all -- anywhere anywhere DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED DOCKER all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED DOCKER all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain DOCKER (2 references) target prot opt source destination Chain DOCKER-ISOLATION-STAGE-1 (1 references) target prot opt source destination DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere RETURN all -- anywhere anywhere Chain DOCKER-ISOLATION-STAGE-2 (2 references) target prot opt source destination DROP all -- anywhere anywhere DROP all -- anywhere anywhere RETURN all -- anywhere anywhere Chain DOCKER-USER (1 references) target prot opt source destination RETURN all -- anywhere anywhere ... and also here: $ sudo iptables -L -t nat Chain PREROUTING (policy ACCEPT) target prot opt source destination DOCKER all -- anywhere anywhere ADDRTYPE match dst-type LOCAL Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination DOCKER all -- anywhere !127.0.0.0/8 ADDRTYPE match dst-type LOCAL Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- 172.17.0.0/16 anywhere MASQUERADE all -- 172.18.0.0/16 anywhere Chain DOCKER (2 references) target prot opt source destination RETURN all -- anywhere anywhere RETURN all -- anywhere anywhere --- Maybe relevant:ip a shows that docker0 is down: $ ip a ... 74: docker0: mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:01:52:de:7d brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 valid_lft forever preferred_lft forever I tried to stop docker, remove the broken docker0 device, and restart docker again. Same error: sudo systemctl stop docker.service sudo ip link del docker0 sudo systemctl start docker.service ip a still shows that docker0 is down. Running `sudo docker run --rm -p 8080:80 nginx ` also runs in the identical error message as above. --- System information: $ docker --version Docker version 18.05.0-ce, build f150324782 $ uname -a Linux amd8-arch 4.16.7-1-ARCH #1 SMP PREEMPT Wed May 2 21:12:36 UTC 2018 x86_64 GNU/Linux I am using Arch Linux.

docker-ce now supports multiple architecture base images but looks for the tag arm64v8 instead of aarch64 (which is labelled as deprecated). Unfortunately my new ubuntu 18.04 host os uname reports aarch64. ` Linux nas 4.4.154-1122-rockchip-ayufan-g7859b9b904a9 #1 SMP Mon Oct 1 07:32:42 UTC 2018 aarch64 aarch64 aarch64 GNU/Linux ` So 1. Can one manually add/change the architecture tag in a already operational host? or 2. Will docker-ce pull the arm64v8 image even if the host os reports aarch64?

I was following the steps from this link- Kali In The Browser (noVNC) I have installed kalilinux/kali-rolling on docker and running the commands. When I execute the command x11vnc -display :0 -autoport -localhost -nopw -bg -xkb -ncache -ncache_cr -quiet -forever I am getting the following error. > 22/03/2022 11:10:08 *************************************** 22/03/2022 11:10:08 *** XOpenDisplay failed (:0)
*** x11vnc was unable to open the X DISPLAY: ":0", it cannot continue.
*** There may be "Xlib:" error messages above with details about the failure.

Some tips and guidelines:
** An X server (the one you wish to view) must be running before x11vnc is started: x11vnc does not start the X server. (however, see the -create option if that is what you really want).
** You must use -display , -OR- set and export your $DISPLAY environment variable to refer to the display of the desired X server.
- Usually the display is simply ":0" (in fact x11vnc uses this if you forget to specify it), but in some multi-user situations it could be ":1", ":2", or even ":137". Ask your administrator or a guru if you are having difficulty determining what your X DISPLAY is.

** Next, you need to have sufficient permissions (Xauthority) to connect to the X DISPLAY. Here are some Tips:
- Often, you just need to run x11vnc as the user logged into the X session.
So make sure to be that user when you type x11vnc.
- Being root is usually not enough because the incorrect MIT-MAGIC-COOKIE file may be accessed. The cookie file contains the secret key that allows x11vnc to connect to the desired X DISPLAY.
- You can explicitly indicate which MIT-MAGIC-COOKIE file should be used by the -auth option, e.g.: x11vnc -auth /home/someuser/.Xauthority -display :0 x11vnc -auth /tmp/.gdmzndVlR -display :0you must have read permission for the auth file. See also '-auth guess' and '-findauth' discussed below.

** If NO ONE is logged into an X session yet, but there is a greeter login program like "gdm", "kdm", "xdm", or "dtlogin" running, you will need to find and use the raw display manager MIT-MAGIC-COOKIE file. Some examples for various display managers:

gdm: -auth /var/gdm/:0.Xauth -auth /var/lib/gdm/:0.Xauth kdm: -auth /var/lib/kdm/A:0-crWk72 -auth /var/run/xauth/A:0-crWk72 xdm: -auth /var/lib/xdm/authdir/authfiles/A:0-XQvaJk dtlogin: -auth /var/dt/A:0-UgaaXa > Sometimes the command "ps wwwwaux | grep auth" can reveal the file location. Starting with x11vnc 0.9.9 you can have it try to guess by using: -auth guess (see also the x11vnc -findauth option.)
Only root will have read permission for the file, and so x11vnc must be run as root (or copy it). The random characters in the filenames will of course change and the directory the cookie file resides in is system dependent. See also: http://www.karlrunge.com/x11vnc/faq.html From this, I will get the answer - https://www.linuxquestions.org/questions/linux-software-2/x11vnc-at-startup-4175414461/ . But I can't understand what they saying

I'm running into this error while running even an official docker image such as OpenJDK or even hello-world: # docker run hello-world docker: Error response from daemon: failed to create shim: OCI runtime create failed: container_linux.go:380: starting container process caused: process_linux.go:402: getting the final child's pid from pipe caused: EOF: unknown. My OS is: # rpm --query centos-release centos-release-7-5.1804.4.el7.centos.x86_64 and my Docker version: # docker -v Docker version 20.10.14, build a224086 The error appears for no change or update. How can I investigate the reason of this problem?

My experience with CentOS and RPM's is limited so I might be missing something obvious, but I can't seem to figure this out... I'm trying to install Sphinx into CentOS 6 in a Docker image using the instructions here: http://sphinxsearch.com/docs/current/installing-redhat.html (though, I'm trying to install from the source RPM instead of the binary) I run docker run -i -t centos:centos6 bash to get a CentOS image running and then here's what I get when trying to run the commands (slightly different than the instructions to give more information and skip prompts): [root@db60006ae258 /]# yum -y install postgresql-libs unixODBC Loaded plugins: fastestmirror Setting up Install Process base | 3.7 kB 00:00 base/primary_db | 4.6 MB 00:37 extras | 3.4 kB 00:00 extras/primary_db | 34 kB 00:00 updates | 3.4 kB 00:00 updates/primary_db | 3.3 MB 00:08 Resolving Dependencies --> Running transaction check ---> Package postgresql-libs.x86_64 0:8.4.20-4.el6_7 will be installed ---> Package unixODBC.x86_64 0:2.2.14-14.el6 will be installed --> Processing Dependency: libltdl.so.7()(64bit) for package: unixODBC-2.2.14-14.el6.x86_64 --> Running transaction check ---> Package libtool-ltdl.x86_64 0:2.2.6-15.5.el6 will be installed --> Finished Dependency Resolution Dependencies Resolved ========================================================================================================================================== Package Arch Version Repository Size ========================================================================================================================================== Installing: postgresql-libs x86_64 8.4.20-4.el6_7 updates 202 k unixODBC x86_64 2.2.14-14.el6 base 378 k Installing for dependencies: libtool-ltdl x86_64 2.2.6-15.5.el6 base 44 k Transaction Summary ========================================================================================================================================== Install 3 Package(s) Total download size: 624 k Installed size: 1.8 M Downloading Packages: (1/3): libtool-ltdl-2.2.6-15.5.el6.x86_64.rpm | 44 kB 00:00 (2/3): postgresql-libs-8.4.20-4.el6_7.x86_64.rpm | 202 kB 00:00 (3/3): unixODBC-2.2.14-14.el6.x86_64.rpm | 378 kB 00:01 ------------------------------------------------------------------------------------------------------------------------------------------ Total 234 kB/s | 624 kB 00:02 warning: rpmts_HdrFromFdno: Header V3 RSA/SHA1 Signature, key ID c105b9de: NOKEY Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 Importing GPG key 0xC105B9DE: Userid : CentOS-6 Key (CentOS 6 Official Signing Key) Package: centos-release-6-7.el6.centos.12.3.x86_64 (installed) From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : libtool-ltdl-2.2.6-15.5.el6.x86_64 1/3 Installing : unixODBC-2.2.14-14.el6.x86_64 2/3 Installing : postgresql-libs-8.4.20-4.el6_7.x86_64 3/3 Verifying : postgresql-libs-8.4.20-4.el6_7.x86_64 1/3 Verifying : unixODBC-2.2.14-14.el6.x86_64 2/3 Verifying : libtool-ltdl-2.2.6-15.5.el6.x86_64 3/3 Installed: postgresql-libs.x86_64 0:8.4.20-4.el6_7 unixODBC.x86_64 0:2.2.14-14.el6 Dependency Installed: libtool-ltdl.x86_64 0:2.2.6-15.5.el6 Complete! [root@db60006ae258 /]# rpm -Uhvv http://sphinxsearch.com/files/sphinx-2.2.10-1.rhel6.src.rpm Retrieving http://sphinxsearch.com/files/sphinx-2.2.10-1.rhel6.src.rpm D: ============== /var/tmp/rpm-tmp.Knfx7x D: loading keyring from pubkeys in /var/lib/rpm/pubkeys/*.key D: couldn't find any keys in /var/lib/rpm/pubkeys/*.key D: loading keyring from rpmdb D: opening db environment /var/lib/rpm cdb:mpool:joinenv D: opening db index /var/lib/rpm/Packages rdonly mode=0x0 D: locked db index /var/lib/rpm/Packages D: opening db index /var/lib/rpm/Name rdonly mode=0x0 D: read h# 155 Header sanity check: OK D: added key gpg-pubkey-c105b9de-4e0fd3a3 to keyring D: Using legacy gpg-pubkey(s) from rpmdb D: Expected size: 4201741 = lead(96)+sigs(180)+pad(4)+data(4201461) D: Actual size: 4201741 D: /var/tmp/rpm-tmp.Knfx7x: Header SHA1 digest: OK (f86024cbd050d0758ddb1aa0fc73c246deeb2f90) D: added source package D: found 1 source and 0 binary packages D: Expected size: 4201741 = lead(96)+sigs(180)+pad(4)+data(4201461) D: Actual size: 4201741 D: InstallSourcePackage at: psm.c:244: Header SHA1 digest: OK (f86024cbd050d0758ddb1aa0fc73c246deeb2f90) D: created directory(s) /root/rpmbuild mode 0755 D: created directory(s) /root/rpmbuild/SOURCES mode 0755 D: created directory(s) /root/rpmbuild/SPECS mode 0755 1:sphinx D: ========== Directories not explicitly included in package: D: 0 /root/rpmbuild/SOURCES/ D: 1 /root/rpmbuild/SPECS/ D: ========== warning: user builder does not exist - using root warning: group builder does not exist - using root D: fini 100644 1 ( 0, 0) 288 /root/rpmbuild/SOURCES/config.patch;56a3c57f unknown warning: user builder does not exist - using root warning: group builder does not exist - using root D: fini 100664 1 ( 0, 0) 129584 /root/rpmbuild/SOURCES/libstemmer_c.tgz;56a3c57f unknown warning: user builder does not exist - using root warning: group builder does not exist - using root D: fini 100664 1 ( 0, 0) 1064388 /root/rpmbuild/SOURCES/re2.tar.gz;56a3c57f unknown warning: user builder does not exist - using root warning: group builder does not exist - using root ########################################### [100%] D: fini 100644 1 ( 0, 0) 3109250 /root/rpmbuild/SOURCES/sphinx-2.2.10-release.tar.gz;56a3c57f unknown warning: user builder does not exist - using root warning: group builder does not exist - using root D: fini 100644 1 ( 0, 0) 2048 /root/rpmbuild/SOURCES/sphinx.init;56a3c57f unknown warning: user builder does not exist - using root warning: group builder does not exist - using root D: fini 100644 1 ( 0, 0) 9647 /root/rpmbuild/SPECS/sphinx_rel22.spec;56a3c57f unknown GZDIO: 527 reads, 4316100 total bytes in 0.021979 secs D: closed db index /var/lib/rpm/Name D: closed db index /var/lib/rpm/Packages D: closed db environment /var/lib/rpm [root@db60006ae258 /]# service searchd start bash: service: command not found [root@db60006ae258 /]# find / -name "searchd*" [root@db60006ae258 /]#

When I'm doing a CURL call

https://example.com 

from a docker container, I got the error

: (92) HTTP/2 stream 0 was not closed cleanly: HTTP_1_1_REQUIRED (err 13)

. But when I'm running the same command from the host server (RHEL) where docker container is running, it is working fine. So, I have added --http1.1 to the command in docker container, then it is working fine. But when I run the same command with --http1.1 on host server, then I got error

: option --http1.1: is unknown

. 1. How the curl picks up the http version while making the call? Is there any setting that we can define to use a specific version by default? 2. Why --http1.1 is not working on server, but working in docker container? Curl version on server is 7.29.0. Curl version on docker container is 7.64.0

I launched Concourse CI worker with Boot2docker on OS X. Docker info: Client: Version: 1.11.0 API version: 1.23 Go version: go1.5.4 Git commit: 4dc5990 Built: Wed Apr 13 18:13:28 2016 OS/Arch: darwin/amd64 Server: Version: 1.11.0 API version: 1.23 Go version: go1.5.4 Git commit: 4dc5990 Built: Wed Apr 13 19:36:04 2016 OS/Arch: linux/amd64 When I tried to build docker image I had a problem. Build instruction: - put: docker-registry params: build: src-develop tag: version/version Build log: Sending build context to Docker daemon 80.9 kB Step 1 : FROM python:3.5 Pulling repository docker.io/library/python Error while pulling image: Get https://index.docker.io/v1/repositories/library/python/images : dial tcp: lookup index.docker.io on 127.0.0.11:53: read udp 127.0.0.1:59668->127.0.0.11:53: read: connection refused Does anyone have idea how to solve this problem?

*Please excuse the odd title. This is a strange one that I can't phrase in a single sentence.* My question: Why did the following happen? And, if possible, how can I change the IP that's used without changing the basic tech stack or how I connect? ----- What happened: I was just testing some code that is designed to behave differently based on which remote host it is talking to. The code identified my client IP as 185.125.190.39 which a reverse DNS lookup identified as aerodent.canonical.com. That was really odd because that's a *(well known)* public IP and definitely not one on my local machine. The the client was actually on the same physical box as the server. *This is not a coding error on my part...* I'm confident enough that the code I was testing is behaving correctly on this point. The IP was returned by python's inbuilt socket.getpeername() . The code was running inside docker which itself runs in a VM as part of docker desktop on MacOS. The container was started with a port forward (eg: docker run -p 8080:8080) and the client, run from the MacOS host machine, was just a simple curl http://localhost:8080) Now I know that the code was unlikely to see 127.0.0.1 or any form of localhost because the port forwarding meant that the connection was not coming to the container from it's own local host. The host machine is modeled as a remote. What really shocked me was the choice of alternate IP to use. It's neither in a link-local nor private CIDR range. Meaning there is a risk of collision with the outside world. So I'm left wondering why this IP, why did this happen? How can I change it to use a private IP in this context?

I'am trying to connect web- application, deployed from one container, to rabbitmq, deployed at another container. By relying on this Connecting to RabbitMQ container with docker-compose , I created the following docker-compose: version: '3' services: webapp: container_name: chat build: context: . depends_on: - broker ports: - "8080:8080" broker: container_name: rabbit_chat image: rabbitmq command: rabbitmq-server expose: - 5672 - 15672 healthcheck: test: ["CMD", "curl", "-f", "http://broker:5672 "] interval: 30s timeout: 10s retries: 5 webapp is a service of web-application, at which I prescribe following rabbitmq-properties: host = broker port = 15672 login = guest password = guest I selected 'broker' as a host, as in documentation recommended to connect containers by default-net, using the name of service in docker-compose. And this does not work.Also I tried to use "localhost" as host for connection. Additionally, inspecting container "rabbit_chat" I see in output: "Log": [ { "Start": "2020-04-11T14:54:25.0988242Z", "End": "2020-04-11T14:54:25.2920557Z", "ExitCode": -1, "Output": "OCI runtime exec failed: exec failed: container_linux.go:346: starting container process caused \"exec: \\\"curl\\\": executable file not found in $PATH\": unknown" }

I need to extend the aws cli docker image with some custom scripts I have created a docker file and am copying the script files into a directory when using the docker file in my gitlab job I get the following error: Dockerfile:

FROM amazon/aws-cli:latest
ADD scripts /usr/local/bin/aws-scripts/
RUN chmod -R 755 /usr/local/bin/aws-scripts
CMD [ "/usr/local/bin/aws-scripts/aws-version.sh" ]

Pipeline error:

Using docker image sha256:00fa868560bb812a79ed5d3895ab3aaa6a3f4a7f0b376415a7538f5bea8db4e9 for registry.gitlab.com/yumbrands/phdt/lambda-canary-scripts with digest registry.gitlab.com/yumbrands/phdt/lambda-canary-scripts@sha256:270e337dc3f149e52ec5d4c70537409f98973d80fa3ef8c567de4ba70ea0694d ...
usage: aws [options]   [ ...] [parameters]
To see help text, you can run:
  aws help
  aws  help
  aws   help
aws: error: argument command: Invalid choice, valid choices are:
accessanalyzer                           | account                                 
acm                                      | acm-pca                                 
aiops                                    | amp

I have tried to change the content of the aws-version file to the following but both instances fail:

aws --version

And:

aws --help

I have a server that runs multiple docker containers. I can access my server via SSH, and have set up my ssh_config to allow me to ssh into certain containers that I regularly access: Host some_container HostName my.server.com RemoteCommand docker compose -f /docker-compose.yml exec some_container fish RequestTTY force However, I now need to use a particular piece of software that uses ssh, and access my containers with it. This software sets the ssh command argument. Using the above configuration, this causes ssh to error out with Cannot execute command-line and remote command, due to the presence of RemoteCommand. I do NOT want to have to run an sshd server inside the container. I have attempted to replace RemoteCommand with ProxyCommand, but this reusults in me connecting to my server and the docker command being ignored: ProxyCommand ssh %h -W %h:%p \ -o "RequestTTY=force" \ -o "SessionType=default" \ -o "RemoteCommand=docker compose -f /docker-compose.yml exec some_container fish" (note that this is all one line in my ssh_config - I have split it up here to make it easier to read). Is there any way to ssh into my docker container without running sshd in the container or using RemoteCommand?

I have a minimalistic pod that holds a small python program. I've added the source to $HOME/.profile but it does not autorun. How can I autosource it when I log in?

docker run -ti  / /bin/sh
# rc --v
/bin/sh: 2: rc: not found

#  tail -1 ~/.profile
. /venvs/base/bin/activate

# . ~/.profile
(base) # rc --v
20250701161141.660|INFO|/venvs/base/lib/python3.13/site-packages/rc/rc-info.py:73|version=0.18.3, build time: 2025-05-04 15:03:46.064232

I added /venvs/base/bin to /etc/environment, but its not there after docker run login:

# echo $PATH                         
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
# cat /etc/environment
PATH="/venvs/base/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"