still issues with "db" logging

[rui-nar]

Hi
I provided additional details on issue #3 which is still exists for me.
Rui

[markdumay]

Hi Rui, the script seems to have worked correctly on your NAS. The file /var/packages/Docker/etc/dockerd.json is also correct. It looks like the stopped container portainer is still bound to the now obsolete logging driver db. You can check the configured logging driver for portainer with the following command. Most likely it returns db, which is no longer available.

docker inspect -f '{{.HostConfig.LogConfig.Type}}' portainer

Your best bet is to re-run the portainer container. E.g. execute docker rm portainer to remove the (stopped) container entirely, and then simply start a new portainer container with docker run [...] or similar.

[rui-nar]

Thanks for the quick answer.

I'll try to re-update, remove and reinstall portainer.

I'll let you know how it goes.

[rui-nar]

hey
I did as you suggested, I removed the container and recreated it with
docker run -d -p 8000:8000 -p 9000:9000 --name=portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v /volume1/docker/portainer:/data portainer/portainer-ce
but I can't seem to connect to it with 'http://192.168.0.50:9000`

I then did the sudo iptables -P FORWARD ACCEPT but still it doesn't work ... any idea on what I could try next ?
THe container is running (I can see it with docker stats and even in the UI of DSM Docker).

HELP !! :(

[rui-nar]

@siddjellali Peux etre que tu m'aider ? (maybe you can help)

[siddjellali]

From my side, i run this command :
You have to create the network t2_proxy, first.

docker network create -d overlay t2_proxy
docker stack deploy --compose-file=/volume1/docker/portainer-ce.yml portainer #swarm

docker compose file :

#################################
version: '3.7'
services:
portainer:
container_name: portainer
image: portainer/portainer-ce
restart: unless-stopped
command: -H unix:///var/run/docker.sock
networks:
- t2_proxy
ports:
- 8000:8000
- 9000:9000
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- /volume/docker/portainer:/data
labels:
- "traefik.enable=true"
## HTTP Routers
- "traefik.http.routers.portainer-rtr.entrypoints=http,https"
- "traefik.http.routers.portainer-rtr.rule=HostHeader(portainer.zzzzz.local)"
## HTTP Services
- "traefik.http.routers.portainer-rtr.service=portainer-svc"
- "traefik.http.services.portainer-svc.loadbalancer.server.port=9000"
- "traefik.http.routers.portainer-rtr.tls=true"
- "traefik.http.routers.portainer-rtr.tls.certresolver=dns-cloudflare"

networks:
t2_proxy:
external: true

########################################

$ docker --version
Docker version 19.03.13, build 4484c46
$ docker-compose --version
docker-compose version 1.27.4, build 40524192

Works perfectly + traefik for certificate :)

[rui-nar]

hey @siddjellali
I ran:
docker network create -d overlay t2_proxy
docker stack deploy --compose-file=/volume1/docker/portainer-ce.yml portainer

with

version: '3.7'
services:
    portainer:
        image: portainer/portainer-ce
        restart: unless-stopped
        command: -H unix:///var/run/docker.sock
        networks:
            - t2_proxy
        ports:
            - 8000:8000
            - 9000:9000
        volumes:
            - /var/run/docker.sock:/var/run/docker.sock:ro
            - /etc/localtime:/etc/localtime:ro
            - /etc/timezone:/etc/timezone:ro
            - /volume1/docker/portainer:/data

networks:
    t2_proxy:
        external: true

########################################

and yet I still cannot reach portainer at NAS_IP:9000

[siddjellali]

Did you try this #28 (comment) ?
Do you install the last package of @rui-nar (with the update about iptable) ?

[rui-nar]

hi @siddjellali
while through the issue you mentioned I noticed that @markdumay suggested running docker with --network host.
I tried that and it worked, for all my containers. I can now launch all my containers. Yaaayy

However, I started weird behaviours in my Synology NAS and in the /var/log/messages I'm getting a whole lot of:
DiskStation synoscgi_SYNO.Core.Network.Bridge_1_list[29013]: net_get_bridge_info.c:56 Failed to get key[PRIMARY] in file[/etc/sysconfig/network-scripts/ifcfg-br-a7a92adb195c
ie, it broke my NAS. I stopped the Docker package and everything got back to normal.

So, to summarise. the update to docker broke something in my network set-up (maybe the sudo iptables -P FORWARD ACCEPT ?)

PS: I ran the sudo iptables command manually already

[rui-nar]

After some more analysis it was all linked to the t2_proxy network I had created. AFter removing that I no longer have the weird behaviors.

I still have something to srot: on my reverse proxy, where I had localhost it doesn't work anymore, I have to manually put the IP of my NAS for the redirect to work. Weird, no ?

[markdumay]

@rui-nar glad to hear you were able to pinpoint the root-cause of your issues. Docker networking can be a real pain. Synology's customization also doesn't help.

[siddjellali]

@rui-nar glad to hear that too :)

[rui-nar]

so, not at all fixed ... :(
BUT
now I know the problem and I had it all wrong. One of the containers I have is haugene/transmission-openvpn (which comes with a VPN server to fulle traffic for transmission client). By setting this container to network host, it is funneling ALL my synology traffic through the VPN so all my reverse proxy redirect don't work.

I am trying to run this container in bridge but I can't seem to get it to work (ven with the iptables modification). I'll need to look further.
I'll try as well to create a new network as suggested before and see if that works.

At least I got everything back to "normal" with a modified docker version that allows me to modify environment variables.

[rui-nar]

Hey @markdumay
I think you can close this issue.

I have been able to understand the problems but as the bridge mode is not currently working with this set-up, for my own usage, I'll have to revert back to the "official" synology version ...

I'll keep monitoring your repository in case you eventually are able to solve the issues with bridge

I appreciate the time you spent helping me debug.
Cheers

[markdumay]

@rui-nar sure, no problem - let me know if you have any new insights! On my NAS, the IP forwarding rule seems to be working for now, but I'll keep an eye on it.

[rui-nar]

is it working for you with bridge ? or deployed with --network host ?

[markdumay]

I did some more research. The command sudo iptables -P FORWARD ACCEPT works for the default bridge network. The following command spins up portainer correctly on my NAS.

docker run -d -p 8000:8000 -p 9000:9000 --name=portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ce

However, attaching it to a user-defined bridge network doesn't work correctly yet.

docker network create my-net
docker run -d -p 8000:8000 -p 9000:9000 --name=portainer --network my-net --restart=always -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ce

Docker provides extensive documentation about bridge networking. Especially the section Enable forwarding from Docker containers to the outside world seems relevant.

1. Configure the Linux kernel to allow IP forwarding.
   sysctl net.ipv4.conf.all.forwarding=1
2. Change the policy for the iptables FORWARD policy from DROP to ACCEPT.
   sudo iptables -P FORWARD ACCEPT

Step 2 has been addressed in the latest version of the script (release v1.2.0). The first step didn't do anything for me on my NAS.

I've opened issue #35 to continue the investigation / conversation. Feel free to contribute!