Podman network permissions causing recv() fail #2221
-
What happened?Hey all, I am trying to migrate from docker to podman which has caused an issue which I cannot figure out how to solve. Any help would be great. I resorted to copying the sample compose file to make sure my config is not incorrect (even though it works fine with docker), and luckily the error is reproducible. I have noticed that if a db container is not set up this issue is not present. Also, is the CAP_NET_RAW capability required or should I remove that? Thanks for your time. How to reproduce?podman-compose.yaml: x-bw-env: &bw-env
# We use an anchor to avoid repeating the same settings for both services
API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24" # Make sure to set the correct IP range so the scheduler can send the configuration to the instance
services:
bunkerweb:
# This is the name that will be used to identify the instance in the Scheduler
image: docker.io/bunkerity/bunkerweb:1.6.1
environment:
<<: *bw-env # We use the anchor to avoid repeating the same settings for all services
restart: "unless-stopped"
cap-add:
- CAP_NET_RAW
networks:
- bw-universe
- bw-services
- bw-plugins
bw-scheduler:
image: docker.io/bunkerity/bunkerweb-scheduler:1.6.1
cap-add:
- CAP_NET_RAW
environment:
<<: *bw-env
BUNKERWEB_INSTANCES: "bunkerweb" # Make sure to set the correct instance name
DATABASE_URI: "mariadb+pymysql://bunkerweb:changeme@bw-db:3306/db" # Remember to set a stronger password for the database
SERVER_NAME: ""
MULTISITE: "yes"
USE_CROWDSEC: "yes"
CROWDSEC_API: "http://crowdsec:8080" # This is the address of the CrowdSec container API in the same network
CROWDSEC_APPSEC_URL: "http://crowdsec:7422" # Comment if you don't want to use the AppSec Component
CROWDSEC_API_KEY: "s3cr3tb0unc3rk3y" # Remember to set a stronger key for the bouncer
volumes:
- bw-storage:/data # This is used to persist the cache and other data like the backups
restart: "unless-stopped"
networks:
- bw-universe
- bw-db
bw-db:
image: docker.io/mariadb:11
environment:
MYSQL_RANDOM_ROOT_PASSWORD: "yes"
MYSQL_DATABASE: "db"
MYSQL_USER: "bunkerweb"
MYSQL_PASSWORD: "changeme" # Remember to set a stronger password for the database
volumes:
- bw-data:/var/lib/mysql
restart: "unless-stopped"
networks:
- bw-db
volumes:
bw-data:
bw-storage:
bw-logs:
cs-data:
networks:
bw-universe:
name: bw-universe
ipam:
driver: default
config:
- subnet: 10.20.30.0/24 # Make sure to set the correct IP range so the scheduler can send the configuration to the instance
bw-services:
name: bw-services
bw-db:
name: bw-db
bw-plugins:
ipam:
driver: default
config:
- subnet: 10.10.10.0/24Configuration file(s) (yaml or .env)Relevant log output[error] 140#140: recv() failed (111: Connection refused) while resolving, resolver: 127.0.0.11:53BunkerWeb version1.6.1 What integration are you using?Rootless Podman Linux distribution (if applicable)No response Removed private data
Code of Conduct
|
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
Hi @Defy3738, podman is really different from Docker. You'll have to change the DNS resolvers to your own. ( |
Beta Was this translation helpful? Give feedback.
-
|
I had tried dropping in an interactive shell to just double check DNS is configured properly, which I thought it was when I install and run the dig command on a site. I did not realize that the DNS_RESOLVERS must be set also. That fixed the issue for me so thanks @TheophileDiot and have a nice day. |
Beta Was this translation helpful? Give feedback.
Hi @Defy3738, podman is really different from Docker. You'll have to change the DNS resolvers to your own. (
DNS_RESOLVERS)