mirror
/
docker-documentation
kopia lustrzana https://github.com/linuxserver/docker-documentation
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność

Fix faq (#284) 

* Fix faq

* Fix anchors

* Cleanup

* Fix #strict-proxy-traefik
pull/286/head
quietsy 2025-01-20 10:23:27 +02:00 zatwierdzone przez GitHub
rodzic 63ee12ac5b
commit 9aa0a41bc3
Nie znaleziono w bazie danych klucza dla tego podpisu
ID klucza GPG: B5690EEEBB952194
3 zmienionych plików z 247 dodań i 190 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

410
docs/FAQ.md
Wyświetl plik

@ -1,291 +1,321 @@
# FAQ
---
hide:
- navigation
---
# Frequently Asked Questions
Here resides some Frequently Asked Questions.
??? faq "My host is incompatible with images based on Ubuntu Jammy"
## My host is incompatible with images based on Ubuntu Jammy {#jammy}
##### My host is incompatible with images based on Ubuntu Jammy { #jammy }
Some x86_64 hosts running older versions of the Docker engine are not compatible with some images based on Ubuntu Jammy.
=== "Description"
### Symptoms
Some x86_64 hosts running older versions of the Docker engine are not compatible with some images based on Ubuntu Jammy.
If your host is affected you may see errors in your containers such as:
=== "Symptoms"
```text
ERROR - Unable to determine java version; make sure Java is installed and callable
```
If your host is affected you may see errors in your containers such as:
Or
```text
ERROR - Unable to determine java version; make sure Java is installed and callable
```
```text
Failed to create CoreCLR, HRESULT: 0x80070008
```
Or
Or
```text
Failed to create CoreCLR, HRESULT: 0x80070008
```
```text
WARNING :: MAIN : webStart.py:initialize:249 : can't start new thread
```
Or
### Resolution
```text
WARNING :: MAIN : webStart.py:initialize:249 : can't start new thread
```
#### Long-Term Fix
=== "Resolution"
Upgrade your Docker engine to at least version `20.10.10`. [Refer to the official Docker docs for installation/update details.](https://docs.docker.com/engine/install)
<h4>Long-Term Fix</h4>
#### Short-Term Fix
Upgrade your Docker engine to at least version `20.10.10`. [Refer to the official Docker docs for installation/update details.](https://docs.docker.com/engine/install)
For Docker CLI, run your container with:
<h4>Short-Term Fix</h4>
`--security-opt seccomp=unconfined`
For Docker CLI, run your container with:
For Docker Compose, run your container with:
`--security-opt seccomp=unconfined`
```yaml
security_opt:
- seccomp=unconfined
```
For Docker Compose, run your container with:
## My host is incompatible with images based on rdesktop {#rdesktop}
```yaml
security_opt:
- seccomp=unconfined
```
Some x86_64 hosts have issues running rdesktop based images even with the latest Docker version due to syscalls that are unknown to Docker.
??? faq "My host is incompatible with images based on rdesktop"
### Symptoms
##### My host is incompatible with images based on rdesktop { #rdesktop }
If your host is affected you may see errors in your containers such as:
=== "Description"
```text
Failed to close file descriptor for child process (Operation not permitted)
```
Some x86_64 hosts have issues running rdesktop based images even with the latest Docker version due to syscalls that are unknown to Docker.
### Resolution
=== "Symptoms"
For Docker CLI, run your container with:
If your host is affected you may see errors in your containers such as:
`--security-opt seccomp=unconfined`
```text
Failed to close file descriptor for child process (Operation not permitted)
```
For Docker Compose, run your container with:
=== "Resolution"
```yaml
security_opt:
- seccomp=unconfined
```
For Docker CLI, run your container with:
## My host is incompatible with images based on Ubuntu Focal and Alpine 3.13 and later {#libseccomp}
`--security-opt seccomp=unconfined`
This only affects 32 bit installs of distros based on Debian Buster.
For Docker Compose, run your container with:
This is due to a bug in the libseccomp2 library (dependency of Docker itself), which is fixed. However, it's not pushed to all the repositories.
```yaml
security_opt:
- seccomp=unconfined
```
[A GitHub issue tracking this](https://github.com/moby/moby/issues/40734)
??? faq "My host is incompatible with images based on Ubuntu Focal and Alpine 3.13 and later"
You have a few options as noted below. Options 1 is short-term, while option 2 is considered the best option if you don't plan to reinstall the device (option 3).
##### My host is incompatible with images based on Ubuntu Focal and Alpine 3.13 and later { #libseccomp }
### Resolution
=== "Description"
If you decide to do option 1 or 2, you should just need to restart the container after confirming you have libseccomp2.4.4 installed.
This only affects 32 bit installs of distros based on Debian Buster.
If 1 or 2 did not work, ensure your Docker install is at least version 20.10.0, [refer to the official Docker docs for installation.](https://docs.docker.com/engine/install/debian/)
This is due to a bug in the libseccomp2 library (dependency of Docker itself), which is fixed. However, it's not pushed to all the repositories.
#### Manual patch
[A GitHub issue tracking this](https://github.com/moby/moby/issues/40734)
Manually install an updated version of the library with dpkg.
You have a few options as noted below. Options 1 is short-term, while option 2 is considered the best option if you don't plan to reinstall the device (option 3).
```shell
wget http://ftp.us.debian.org/debian/pool/main/libs/libseccomp/libseccomp2_2.4.4-1~bpo10+1_armhf.deb
sudo dpkg -i libseccomp2_2.4.4-1~bpo10+1_armhf.deb
```
=== "Symptoms"
!!! info
This url may have been updated. Find the latest by browsing [here](http://ftp.us.debian.org/debian/pool/main/libs/libseccomp/).
- 502 errors in __Jellyfin__ as seen in [linuxserver/docker-jellyfin#71](https://github.com/linuxserver/docker-jellyfin/issues/71)
- `Error starting framework core` messages in the docker log for __Plex__. [linuxserver/docker-plex#247](https://github.com/linuxserver/docker-plex/issues/247)
- No WebUI for __Radarr__, even though the container is running. [linuxserver/docker-radarr#118](https://github.com/linuxserver/docker-radarr/issues/118)
- Images based on our Nginx base-image(Nextcloud, SWAG, Nginx, etc.) fails to generate a certificate, with a message similar to `error getting time:crypto/asn1/a_time.c:330`
- `docker exec <container-name> date` returns 1970
#### Automatic Patch
=== "Resolution"
Add the backports repo for DebianBuster. As seen [here](https://github.com/linuxserver/docker-jellyfin/issues/71#issuecomment-733621693).
If you decide to do option 1 or 2, you should just need to restart the container after confirming you have libseccomp2.4.4 installed.
```shell
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 04EE7237B7D453EC 648ACFD622F3D138
echo "deb http://deb.debian.org/debian buster-backports main" | sudo tee -a /etc/apt/sources.list.d/buster-backports.list
sudo apt update
sudo apt install -t buster-backports libseccomp2
```
If 1 or 2 did not work, ensure your Docker install is at least version 20.10.0, [refer to the official Docker docs for installation.](https://docs.docker.com/engine/install/debian/)
#### Move to a compatible OS
<h4>Manual patch</h4>
Reinstall/update your OS to a version that still gets updates.
Manually install an updated version of the library with dpkg.
- Any distro based on DebianStretch does not seem to have this package available
- DebianBuster based distros can get the package trough backports, as outlined in point 2.
```shell
wget http://ftp.us.debian.org/debian/pool/main/libs/libseccomp/libseccomp2_2.4.4-1~bpo10+1_armhf.deb
sudo dpkg -i libseccomp2_2.4.4-1~bpo10+1_armhf.deb
```
!!! info
RaspberryPI OS (formerly Raspbian) Can be upgraded to run with a 64bit kernel
!!! info
This url may have been updated. Find the latest by browsing [here](http://ftp.us.debian.org/debian/pool/main/libs/libseccomp/).
### Symptoms
<h4>Automatic Patch</h4>
- 502 errors in __Jellyfin__ as seen in [linuxserver/docker-jellyfin#71](https://github.com/linuxserver/docker-jellyfin/issues/71)
- `Error starting framework core` messages in the docker log for __Plex__. [linuxserver/docker-plex#247](https://github.com/linuxserver/docker-plex/issues/247)
- No WebUI for __Radarr__, even though the container is running. [linuxserver/docker-radarr#118](https://github.com/linuxserver/docker-radarr/issues/118)
- Images based on our Nginx base-image(Nextcloud, SWAG, Nginx, etc.) fails to generate a certificate, with a message similar to `error getting time:crypto/asn1/a_time.c:330`
- `docker exec <container-name> date` returns 1970
Add the backports repo for DebianBuster. As seen [here](https://github.com/linuxserver/docker-jellyfin/issues/71#issuecomment-733621693).
## My host filesystem is incompatible with my docker storage driver {#storage}
```shell
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 04EE7237B7D453EC 648ACFD622F3D138
echo "deb http://deb.debian.org/debian buster-backports main" | sudo tee -a /etc/apt/sources.list.d/buster-backports.list
sudo apt update
sudo apt install -t buster-backports libseccomp2
```
Some host file systems types are not compatible with the default storage driver of docker (overlay2)
<h4>Move to a compatible OS</h4>
### Symptoms
Reinstall/update your OS to a version that still gets updates.
If your host is affected you may see errors in your containers such as:
- Any distro based on DebianStretch does not seem to have this package available
- DebianBuster based distros can get the package trough backports, as outlined in point 2.
```text
ERROR Found no accessible config files
```
!!! info
RaspberryPI OS (formerly Raspbian) Can be upgraded to run with a 64bit kernel
or
??? faq "My host filesystem is incompatible with my docker storage driver"
```text
Directory not empty. This directory contains an empty ignorecommands sub-directory
```
##### My host filesystem is incompatible with my docker storage driver { #storage }
### Resolution
=== "Description"
As shown in [Docker docs](https://docs.docker.com/storage/storagedriver/select-storage-driver/#supported-backing-filesystems)
Some host file systems types are not compatible with the default storage driver of docker (overlay2)
A host filesystem of zfs requires a docker storage driver of zfs and a host file system of btrfs requires a docker storage driver of btrfs.
Correcting this oversight will resolve the issue. This is not something that a container change will resolve.
=== "Symptoms"
## What is lscr.io {#lscr}
If your host is affected you may see errors in your containers such as:
LSCR is a vanity url for our images, this is provided to us in collaboration with [scarf.sh](https://about.scarf.sh/). It is not a dedicated docker registry, rather a redirection service. As of writing it redirects to GitHub Container Registry (ghcr.io).
```text
ERROR Found no accessible config files
```
Aside from giving us the ability to redirect to another backend, if necessary, it also exposes telemetry about pulls, historically only available to the backend provider. We base some decisions on this data, as it gives us a somewhat realistic usage overview (relative to just looking at pulls on DockerHub).
or
We have some blog posts related to how we utilize Scarf:
```text
Directory not empty. This directory contains an empty ignorecommands sub-directory
```
- [End of an Arch](https://www.linuxserver.io/blog/end-of-an-arch)
- [Unravelling Some Stats](https://www.linuxserver.io/blog/unravelling-some-stats)
- [Wrap Up Warm For Winter](https://www.linuxserver.io/blog/wrap-up-warm-for-the-winter)
=== "Resolution"
### I cannot connect to lscr.io {#lscr-no-connect}
As shown in [Docker docs](https://docs.docker.com/storage/storagedriver/select-storage-driver/#supported-backing-filesystems)
Due to the nature of Scarf as a Docker gateway which gathers usage metrics, some overzealous privacy-focused blocklists will include its domains.
A host filesystem of zfs requires a docker storage driver of zfs and a host file system of btrfs requires a docker storage driver of btrfs.
Correcting this oversight will resolve the issue. This is not something that a container change will resolve.
If you want to help us in getting a better overview of how people use our containers, you should add `gateway.scarf.sh` to the allowlist in your blocklist solution.
??? faq "What is lscr.io"
Alternatively, you can use Docker Hub or GHCR directly to pull your images, although be aware that all public registries gather user metrics, so this doesn't provide you with any real benefit in that area.
##### What is lscr.io { #lscr }
If Scarf is on the blocklist, you will get an error message like this when trying to pull an image:
LSCR is a vanity url for our images, this is provided to us in collaboration with [scarf.sh](https://about.scarf.sh/). It is not a dedicated docker registry, rather a redirection service. As of writing it redirects to GitHub Container Registry (ghcr.io).
```text
Error response from daemon: Get "https://lscr.io/v2/": dial tcp: lookup lscr.io: no such host
```
Aside from giving us the ability to redirect to another backend, if necessary, it also exposes telemetry about pulls, historically only available to the backend provider. We base some decisions on this data, as it gives us a somewhat realistic usage overview (relative to just looking at pulls on DockerHub).
This is, however, a generic message. To rule out a service-interruption, you should also see if you can resolve the backend provider.
We have some blog posts related to how we utilize Scarf:
Using dig:
- [End of an Arch](https://www.linuxserver.io/blog/end-of-an-arch)
- [Unravelling Some Stats](https://www.linuxserver.io/blog/unravelling-some-stats)
- [Wrap Up Warm For Winter](https://www.linuxserver.io/blog/wrap-up-warm-for-the-winter)
```shell
dig ghcr.io +short
dig lscr.io +short
```
??? faq "I cannot connect to lscr.io"
Using nslookup:
##### I cannot connect to lscr.io { #lscr-no-connect }
```shell
nslookup ghcr.io
nslookup lscr.io
```
Due to the nature of Scarf as a Docker gateway which gathers usage metrics, some overzealous privacy-focused blocklists will include its domains.
If you only got a response from ghcr, chances are that Scarf is on the blocklist.
If you want to help us in getting a better overview of how people use our containers, you should add `gateway.scarf.sh` to the allowlist in your blocklist solution.
## I want to reverse proxy an application which defaults to https with a self-signed certificate {#strict-proxy}
Alternatively, you can use Docker Hub or GHCR directly to pull your images, although be aware that all public registries gather user metrics, so this doesn't provide you with any real benefit in that area.
### Traefik {#strict-proxy-traefik}
If Scarf is on the blocklist, you will get an error message like this when trying to pull an image:
In this example, we will configure a serverTransport rule we can apply to a service, as well as telling Traefik to use https on the backend for the service.
```text
Error response from daemon: Get "https://lscr.io/v2/": dial tcp: lookup lscr.io: no such host
```
Create a [ServerTransport](https://doc.traefik.io/traefik/routing/services/#serverstransport_1) in your dynamic Traefik configuration; we are calling ours `ignorecert`.
This is, however, a generic message. To rule out a service-interruption, you should also see if you can resolve the backend provider.
```yml
http:
serversTransports:
ignorecert:
insecureSkipVerify: true
```
Using dig:
Then on our `foo` service we tell it to use this rule, as well as telling Traefik the backend is running on https.
```shell
dig ghcr.io +short
dig lscr.io +short
```
```yml
- traefik.http.services.foo.loadbalancer.serverstransport=ignorecert
- traefik.http.services.foo.loadbalancer.server.scheme=https
```
Using nslookup:
## Why does LinuxServer.io recommend to use docker-compose over Portainer? {#portainer}
```shell
nslookup ghcr.io
nslookup lscr.io
```
Portainer has many issues which make it hard for us to support, such as:
If you only got a response from ghcr, chances are that Scarf is on the blocklist.
- Advanced settings are hidden and some aren't available at all
- Incorrect order of source and target of mounts
- Inconsistent case-sensitivity
- No automatically created custom networks for inter-container communication
- Inconsistent compose implementations on different architectures
- Incorrectly applying environment variables on container upgrades
??? faq "I want to reverse proxy an application which defaults to https with a self-signed certificate"
## Inexplicable issues when running ubuntu {#snap}
##### I want to reverse proxy an application which defaults to https with a self-signed certificate { #strict-proxy }
Many users have been facing issues that are simply inexplicable. The logs show no problems, the compose is fine, eventually it turns out they've installed the SNAP version of docker which is the source of the issues.
=== "Traefik"
### Symptoms
In this example, we will configure a serverTransport rule we can apply to a service, as well as telling Traefik to use https on the backend for the service.
It's difficult to identify the symptoms, but if you are running ubuntu and believe you have done everything correctly, check for SNAP docker.
Create a [ServerTransport](https://doc.traefik.io/traefik/routing/services/#serverstransport_1) in your dynamic Traefik configuration; we are calling ours `ignorecert`.
### Resolution
```yml
http:
serversTransports:
ignorecert:
insecureSkipVerify: true
```
First the user must be on an appropriate version of ubuntu to face this issue (as far as I am aware)
Then on our `foo` service we tell it to use this rule, as well as telling Traefik the backend is running on https.
`lsb_release -a` would result in something similar to the below output
```bash
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.3 LTS
Release: 22.04
Codename: jammy
```
```yml
- traefik.http.services.foo.loadbalancer.serverstransport=ignorecert
- traefik.http.services.foo.loadbalancer.server.scheme=https
```
`snap list | grep docker` would result in something similar to the below output
```bash
docker 20.10.24 2904 latest/stable canonical** -
```
??? faq "Why does LinuxServer.io recommend to use docker-compose over Portainer?"
This means the snap version of docker is installed. Unfortunately, even if the user installed docker from the proper repo, this snap version will coexist AND be preferred. They will need to remove it, as shown below.
##### Why does LinuxServer.io recommend to use docker-compose over Portainer? { #portainer }
```bash
oliver@home-server:~/plexDockerImage$ sudo snap remove docker
[sudo] password for oliver:
2023-11-15T01:06:26Z INFO Waiting for "snap.docker.dockerd.service" to stop.
docker removed
oliver@home-server:~/plexDockerImage$
```
Portainer has many issues which make it hard for us to support, such as:
!!! info
Unless automatic snapshots are disabled, a snapshot of all data for the snap is saved upon removal, which is then available for future restoration with snap restore. The --purge option disables automatically creating snapshots.
- Advanced settings are hidden and some aren't available at all
- Incorrect order of source and target of mounts
- Inconsistent case-sensitivity
- No automatically created custom networks for inter-container communication
- Inconsistent compose implementations on different architectures
- Incorrectly applying environment variables on container upgrades
Following this, confirm nothing related to snap still shows.
```bash
~$ sudo whereis docker
docker: /usr/libexec/docker
```
above is what we might want to see, below is how it would look if both official AND snap are installed. Seeing the snap stuff removed but the official there is OK.
```bash
~$ sudo whereis docker
??? faq "Inexplicable issues when running ubuntu"
docker: /usr/bin/docker /etc/docker /usr/libexec/docker /snap/bin/docker.machine /snap/bin/docker.help /snap/bin/docker.compose /snap/bin/docker /usr/share/man/man1/docker.1.gz
```
As you can see in the second one, multiple versions can coexist which is a big tshoot problem.
##### Inexplicable issues when running ubuntu { #snap }
Once this is complete, if the expected version isn't present, simply follow [docker install on ubuntu](https://docs.docker.com/engine/install/ubuntu/)
=== "Description"
When they finish, running `docker` commands may result in `-bash: /snap/bin/docker: No such file or directory` if this is the case, this is simply a shell patch issue, they can launch a new shell or simply input `hash -r` which should resolve the problem. Version info at the time of this writing should be
```bash
~ # docker --version && docker compose version
Docker version 24.0.7, build afdd53b
Docker Compose version v2.21.0
```
Many users have been facing issues that are simply inexplicable. The logs show no problems, the compose is fine, eventually it turns out they've installed the SNAP version of docker which is the source of the issues.
=== "Symptoms"
It's difficult to identify the symptoms, but if you are running ubuntu and believe you have done everything correctly, check for SNAP docker.
=== "Resolution"
First the user must be on an appropriate version of ubuntu to face this issue (as far as I am aware)
`lsb_release -a` would result in something similar to the below output
```bash
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.3 LTS
Release: 22.04
Codename: jammy
```
`snap list | grep docker` would result in something similar to the below output
```bash
docker 20.10.24 2904 latest/stable canonical** -
```
This means the snap version of docker is installed. Unfortunately, even if the user installed docker from the proper repo, this snap version will coexist AND be preferred. They will need to remove it, as shown below.
```bash
oliver@home-server:~/plexDockerImage$ sudo snap remove docker
[sudo] password for oliver:
2023-11-15T01:06:26Z INFO Waiting for "snap.docker.dockerd.service" to stop.
docker removed
oliver@home-server:~/plexDockerImage$
```
!!! info
Unless automatic snapshots are disabled, a snapshot of all data for the snap is saved upon removal, which is then available for future restoration with snap restore. The --purge option disables automatically creating snapshots.
Following this, confirm nothing related to snap still shows.
```bash
~$ sudo whereis docker
docker: /usr/libexec/docker
```
above is what we might want to see, below is how it would look if both official AND snap are installed. Seeing the snap stuff removed but the official there is OK.
```bash
~$ sudo whereis docker
docker: /usr/bin/docker /etc/docker /usr/libexec/docker /snap/bin/docker.machine /snap/bin/docker.help /snap/bin/docker.compose /snap/bin/docker /usr/share/man/man1/docker.1.gz
```
As you can see in the second one, multiple versions can coexist which is a big tshoot problem.
Once this is complete, if the expected version isn't present, simply follow [docker install on ubuntu](https://docs.docker.com/engine/install/ubuntu/)
When they finish, running `docker` commands may result in `-bash: /snap/bin/docker: No such file or directory` if this is the case, this is simply a shell patch issue, they can launch a new shell or simply input `hash -r` which should resolve the problem. Version info at the time of this writing should be
```bash
~ # docker --version && docker compose version
Docker version 24.0.7, build afdd53b
Docker Compose version v2.21.0
```

19
docs/stylesheets/extra.css 100644
Wyświetl plik

@ -0,0 +1,19 @@
.md-typeset .admonition.faq,
.md-typeset details.faq {
border-color: rgb(77, 77, 77);
}
.md-typeset details.faq > h5 {
visibility: hidden;
height: 0;
margin-top: 0;
margin-bottom: 0;
}
.md-typeset .faq > .admonition-title,
.md-typeset .faq > summary {
background-color: transparent;
padding-left: 12px;
}
.md-typeset .faq > .admonition-title::before,
.md-typeset .faq > summary::before {
visibility: hidden;
}

8
mkdocs.yml
Wyświetl plik

@ -53,10 +53,18 @@ extra:
link: https://mastodon.linuxserver.io/@linuxserver
- icon: fontawesome/brands/bluesky
link: https://bsky.app/profile/linuxserver.io
extra_css:
- stylesheets/extra.css
extra_javascript:
- https://unpkg.com/tablesort@5.3.0/dist/tablesort.min.js
- javascripts/tablesort.js
markdown_extensions:
- pymdownx.tabbed:
combine_header_slug: true
alternate_style: true
slugify: !!python/object/apply:pymdownx.slugs.slugify
kwds:
case: lower
- admonition
- pymdownx.details
- pymdownx.escapeall