Yesterday I discovered that a container was still running on my machine (macOS Monterey). I searched StackOverflow for answers to my issue but anything I tried didn’t work.

I did a docker ps and then a docker stop <container-ID> but the web app was still running in port 0.0.0.0:80.

I don’t remember when I run this container but it was during the development of a Dash Plotly app.

After the above failed I tried:

docker system prune --all --force --volumes

which removed all containers and images from my system (it did work because the image indeed disappeared from my Docker Desktop list).

I then restarted my computer but the web app was still there.

I then run the command:

sudo lsof -i -P -n | grep 80

which gave me the output:

assistant  480       cconsta1   25u  IPv4 0x7f28d5520c917253      0t0    UDP *:*
Google     730       cconsta1   80u  IPv6 0x7f28d5520a8477c3      0t0    UDP *:5353
Google     730       cconsta1   89u  IPv6 0x7f28d5520a8480f3      0t0    UDP *:5353
Slack\x20 4259       cconsta1   23u  IPv4 0x7f28d54d343d66cb      0t0    TCP 192.168.10.1:51807->3.65.102.105:443 (ESTABLISHED)
Slack\x20 4259       cconsta1   26u  IPv4 0x7f28d54d339966cb      0t0    TCP 192.168.10.1:51809->3.65.102.105:443 (ESTABLISHED)
httpd     4418           root    4u  IPv6 0x7f28d53edaecb713      0t0    TCP *:80 (LISTEN)
httpd     4422           _www    4u  IPv6 0x7f28d53edaecb713      0t0    TCP *:80 (LISTEN)
httpd     4431           _www    4u  IPv6 0x7f28d53edaecb713      0t0    TCP *:80 (LISTEN)
httpd     4433           _www    4u  IPv6 0x7f28d53edaecb713      0t0    TCP *:80 (LISTEN)
httpd     4434           _www    4u  IPv6 0x7f28d53edaecb713      0t0    TCP *:80 (LISTEN)

I tried to kill these processes to see if something will work out, sudo kill -9 <PID> but that didn’t work either.

Finally, I cleared my browser’s cache and checked whether the web app runs in private mode but it still works.

I don’t remember which Dockerfile I used to run this container but this one is the closest:

FROM python:3.10

# EXPOSE 8050

WORKDIR /app

COPY . .
COPY models /app/models/

RUN pip install -r requirements.txt

EXPOSE 8050

CMD ["gunicorn", "-b", "0.0.0.0:8050", "--reload", "app:server"]

The image was probably built using:

docker build -f Dockerfile -t app:latest .

and run using:

docker run -p 80:8050 app:latest 

This is the requirements.txt file:

numpy 
pandas 
plotly 
dash 
gunicorn  
dash-bootstrap-components
scikit-learn 
xgboost

The app.py file looks like this:

import time
import dash
import dash_bootstrap_components as dbc
import pickle
import numpy as np
import plotly.graph_objs as go
from dash import Input, Output, State, dcc, html
# import tensorflow as tf
# from tensorflow import keras
# from keras.models import load_model
#import xgboost
import re


app = dash.Dash(external_stylesheets=[
                dbc.themes.COSMO])


# Include the server option to become able to deploy online
server = app.server

# Code for the app


if __name__ == "__main__":
    app.run_server(debug=True, host="0.0.0.0",port="8050", use_reloader=True)
    #app.run_server(debug=True)

The command docker --version returns:

Docker version 20.10.24, build 297e128

Edit: I think that the image was actually run using the restart always command:

docker run --restart always -p 80:8050 app:latest

I am not sure how all of this adds up. Prune should not be able to delete running containers, or images, volumes and networks referenced by running containers.

Next time you have this experience, execute watch -d -n0.5 docker ps -a (prefix with sudo if needed) in a terminal to see whether the container exists and if it does what state it is in (exited/up).

The output of docker context ls could be interesting to verify which context is actually set to be used by the docker cli command. Unless you added contexts yourself, this shouldn’t be an issue - it is often for Docker Desktop for Linux users.

Rancher Desktop creates its own context too on macOS. There could be other ways too that I don’t know about, so checking the contexts would definitely be a good idea.

Thank you @rimelek and @meyay for your replies. After a lot of searching around, I first figured out that the service causing the problem was httpd using this:

sudo lsof -i :80

I noticed that trying to kill the process using

sudo kill -9 <process_id>

didn’t do anything, while using sudo pkill httpd was stopping the web service on localhost for a few seconds but it was then coming back. It turned out that httpd was the Apache Server and I was able to stop it using:

sudo apachectl stop

To prevent it from restarting, I edited the file /etc/apache2/httpd.conf, and specifically I commented out (using #) this line:

#LoadModule mpm_prefork_module

Before doing all these I uninstalled and reinstalled Docker but that didn’t do anything.

Just to be sure, if you uninstall or stop Docker Desktop, then httpd server is still running?

Docker Desktop runs the Docker Engine in a utility vm, so if Docker Desktop is stopped, the utility vm is stopped, and it is impossible a container would continue running.

Just to be sure, if you uninstall or stop Docker Desktop, then httpd server is still running?

Yes, that is correct. I stopped Docker Desktop, uninstalled it and httpd was still up nad running. Since this is a service that was running on my laptop for a long time before I noticed it, I suspect that maybe it was not a docker container after all. But I’m not sure.

Since you could manage it using pkill and apachectl and it has a config file on the host it was definitely not a container. Unless of course someone created an app that runs a process on the host as “httpd” which runs a VM and a container in the VM and also creates the same config files that a native process on the host would use. It is very very unlikely and if it happens, it sounds like a virus.

Update:

On macOS “brew list” shows you the installed applications and “brew services” shows the services. If apache2 is installed, you could uninstall it with “brew uninstall apache2”
If you just change configuration files on the host, I guess Apache HTTPD still tries to start constantly but can’t because of the missing module.

I run brew list but apache2 is not listed and brew services returns:

Warning: No services available to control with `brew services`

brew uninstall apache2 returns:

Error: No such keg: /usr/local/Cellar/apache2

I suspect that what set it up was Web Server for Chrome which I installed to help me with some Virtual Reality classes for three.js I am taking. The service running on my localhost:80 was a simple website saying “It Works!” which is definitely something I write when I test new services

So hopefully it’s not a virus!

I didn’t know about “Web Server for Chrome”, but that explains it. I would still uninstall the chrome extension if you don’t need it anymore instead of removing required modules, but at least you know what it is and don’t hav to worry about it