Docker is no connection until docker.socket restarts

alexanderzhirov · 06-10-2022, 06:50 AM

I made an assembly based on Thinstation. Added package docker. I run the distribution, everything loads without problems. Docker starts after downloading the distribution. I download nginx:alpine and run it with port 80 forwarding. The container starts, there are no problems:

Code:

ts_0800273e9027:~# docker run --restart always --name mynginx -p 80:80 -d nginx:alpine
4fc242d58285: Loading layer [==================================================>]  5.855MB/5.855MB
4721bfafc708: Loading layer [==================================================>]  19.05MB/19.05MB
45b275e8a06d: Loading layer [==================================================>]  3.072kB/3.072kB
a43749efe4ec: Loading layer [==================================================>]  4.096kB/4.096kB
d6dd885da0bb: Loading layer [==================================================>]  3.584kB/3.584kB
c0e7c94aefd8: Loading layer [==================================================>]  7.168kB/7.168kB
Loaded image: nginx:alpine
a22e21817fbd4040e6cbf0d590180117ee88cecb1259080e7af4016b0931b5ce
ts_0800273e9027:~# docker container ls
CONTAINER ID   IMAGE          COMMAND                  CREATED          STATUS         PORTS                               NAMES
a22e21817fbd   nginx:alpine   "/docker-entrypoint.…"   10 seconds ago   Up 9 seconds   0.0.0.0:80->80/tcp, :::80->80/tcp   mynginx
ts_0800273e9027:~# netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      3678/docker-proxy
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      2321/dropbear
tcp        0      0 :::80                   :::*                    LISTEN      3685/docker-proxy
tcp        0      0 :::22                   :::*                    LISTEN      2321/dropbear

The problem is that I can't connect even locally to the lifted container at the localhost address. Telnet also does not connect to port 80. The remote connection doesn't work either.
If I restart docker.socket - access to the container from the outside is provided, I open the page in the browser.
I have rebuild the assembly with the ability to debug (/usr/bin/docker d --debug -H fd://).
I attach the FULL docker download docker.log.
After downloading the distribution, I rebooted docker.socket and unloaded the log with debugging information. In the log I saw the difference between automatic loading of Docker when downloading the distribution and after restarting the docker.socket service. There you can see that after restarting docker.socket, new iptables rules are prescribed, which were not prescribed at the initial boot. After that, the service became available from the outside. Here is a comparison of the two logs.
I can't understand why RESTARTING the service causes adding new iptables rules. Why doesn't this work on initial boot?
I also provide an infographic of the distribution download.
I also attach the full distribution startup log.