</code></pre><p>Or</p><pre><codeclass=language-shell>Failed to create CoreCLR, HRESULT: 0x80070008
</code></pre><p>Or</p><pre><codeclass=language-shell>WARNING :: MAIN : webStart.py:initialize:249 : can't start new thread
</code></pre><h3id=resolution>Resolution</h3><h4id=option-1-long-term-fix>Option 1 (Long-Term Fix)</h4><p>Upgrade your Docker engine install to at least version <code>20.10.10</code>. <ahref=https://docs.docker.com/engine/install>Refer to the official Docker docs for installation/update details.</a></p><h4id=option-2-short-term-fix>Option 2 (Short-Term Fix)</h4><p>For Docker CLI, run your container with:</p><p><code>--security-opt seccomp=unconfined</code></p><p>For Docker Compose, run your container with:</p><pre><codeclass=language-yaml> security_opt:
- seccomp=unconfined
</code></pre><h2id=my-host-is-incompatible-with-images-based-on-rdesktop-rdesktop>My host is incompatible with images based on rdesktop {#rdesktop}</h2><p>Some x86_64 hosts have issues running rdesktop based images even with the latest docker version due to syscalls that are unknown to docker. </p><h3id=symptoms_1>Symptoms</h3><p>If your host is affected you may see errors in your containers such as:</p><pre><codeclass=language-shell>Failed to close file descriptor for child process (Operation not permitted)
</code></pre><h3id=resolution_1>Resolution</h3><p>For Docker CLI, run your container with:</p><p><code>--security-opt seccomp=unconfined</code></p><p>For Docker Compose, run your container with:</p><pre><codeclass=language-yaml> security_opt:
- seccomp=unconfined
</code></pre><h2id=my-host-is-incompatible-with-images-based-on-ubuntu-focal-and-alpine-313-and-later-libseccomp>My host is incompatible with images based on Ubuntu Focal and Alpine 3.13 and later {#libseccomp}</h2><p>This only affects 32 bit installs of distros based on Debian Buster.</p><p>This is due to a bug in the libseccomp2 library (dependency of Docker itself), which is fixed. However it's not pushed to all the repositories.</p><p><ahref=https://github.com/moby/moby/issues/40734>A GitHub issue tracking this</a></p><p>You have a few options as noted below. Options 1 is short-term, while option 2 is considered the best option if you don't plan to reinstall the device (option 3).</p><h3id=resolution_2>Resolution</h3><p>If you decide to do option 1 or 2, you should just need to restart the container after confirming you have libseccomp2.4.4 installed.</p><p>If 1 or 2 did not work, ensure your Docker install is at least version 20.10.0, <ahref=https://docs.docker.com/engine/install/debian/>refer to the official Docker docs for installation.</a></p><h4id=option-1>Option 1</h4><p>Manually install an updated version of the library with dpkg.</p><pre><codeclass=language-bash>wget http://ftp.us.debian.org/debian/pool/main/libs/libseccomp/libseccomp2_2.4.4-1~bpo10+1_armhf.deb
</code></pre><p>{% hint style="info" %} This url may have been updated. Find the latest by browsing <ahref=http://ftp.us.debian.org/debian/pool/main/libs/libseccomp/>here</a>. {% endhint %}</p><h4id=option-2>Option 2</h4><p>Add the backports repo for DebianBuster. As seen <ahref=https://github.com/linuxserver/docker-jellyfin/issues/71#issuecomment-733621693>here</a>.</p><pre><codeclass=language-bash>sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 04EE7237B7D453EC 648ACFD622F3D138
echo "deb http://deb.debian.org/debian buster-backports main" | sudo tee -a /etc/apt/sources.list.d/buster-backports.list
sudo apt update
sudo apt install -t buster-backports libseccomp2
</code></pre><h4id=option-3>Option 3</h4><p>Reinstall/update your OS to a version that still gets updates.</p><ul><li>Any distro based on DebianStretch does not seem to have this package available</li><li>DebianBuster based distros can get the package trough backports, as outlined in point 2.</li></ul><p>{% hint style="info" %} RaspberryPI OS (formerly Raspbian) Can be upgraded to run with a 64bit kernel {% endhint %}</p><h3id=symptoms_2>Symptoms</h3><ul><li>502 errors in <strong>Jellyfin</strong> as seen in <ahref=https://github.com/linuxserver/docker-jellyfin/issues/71>linuxserver/docker-jellyfin#71</a></li><li><code>Error starting framework core</code> messages in the docker log for <strong>Plex</strong>. <ahref=https://github.com/linuxserver/docker-plex/issues/247>linuxserver/docker-plex#247</a></li><li>No WebUI for <strong>Radarr</strong>, even though the container is running. <ahref=https://github.com/linuxserver/docker-radarr/issues/118>linuxserver/docker-radarr#118</a></li><li>Images based on our Nginx base-image(Nextcloud, SWAG, Nginx, etc.) fails to generate a certificate, with a message similar to <code>error getting time:crypto/asn1/a_time.c:330</code></li><li><code>docker exec <container-name> date</code> returns 1970</li></ul><h2id=i-want-to-reverse-proxy-a-application-which-defaults-to-https-with-a-selfsigned-certificate-strict-proxy>I want to reverse proxy a application which defaults to https with a selfsigned certificate {#strict-proxy}</h2><h3id=traefik-strict-proxy-traefik>Traefik {#strict-proxy-traefik}</h3><p>In this example we will configure a serverTransport rule we can apply to a service, as well as telling Traefik to use https on the backend for the service.</p><p>Create a <ahref=https://doc.traefik.io/traefik/routing/services/#serverstransport_1>ServerTransport</a> in your dynamic Traefik configuration, we are calling ours <code>ignorecert</code>.</p><pre><codeclass=language-yml> http:
serversTransports:
ignorecert:
insecureSkipVerify: true
</code></pre><p>Then on our <code>foo</code> service we tell it to use this rule, as well as telling Traefik the backend is running on https.</p><pre><codeclass=language-yml> - traefik.http.services.foo.loadbalancer.serverstransport=ignorecert
