Hi there,
I have the problem, that it takes up to one minute until container can communicate to the outer world, allthough it’s state is “running”. The site effect of this is, that containers which ned things from external in entrypoint.sh will crash, as the can’t download or communicate with their external resources.
Is there a way to troubleshoot a containers network initialization?
My Infrastructure:
Containerhost: QNAP with Intel i5 8400T and 64GB RAM with latest QTS and Container Station using Docker-Compose
Storage: nvme SSD Raid 1
Management Software: Portainer Business Edition
Container-Sample where I have this issue: traefik latest, reverse Proxy
docker-compose.yml
version: "3.3"
services:
traefik:
# dns:
# - "1.1.1.1"
# - "8.8.8.8"
image: traefik:latest
restart: always
container_name: traefik
environment:
CF_DNS_API_TOKEN: 'mytoken'
# TRAEFIK_CERTIFICATESRESOLVERS_MYRESOLVER_ACME_DNSCHALLENGE_DELAYBEFORECHECK: 120
command:
- --api.insecure=true # <== Enabling insecure api, NOT RECOMMENDED FOR PRODUCTION
- --api.dashboard=true # <== Enabling the dashboard to view services, middlewares, routers, etc.
- --api.debug=true # <== Enabling additional endpoints for debugging and profiling
- --log.level=TRACE # <== Setting the level of the logs from traefik
- --providers.docker=true # <== Enabling docker as the provider for traefik
- --providers.docker.exposedbydefault=false # <== Don't expose every container to traefik
- --providers.docker.network=web # <== Operate on the docker network named web
- --entrypoints.web.address=192.168.178.3:80
- --entrypoints.websecure.address=192.168.178.3:443
#DNS Challenge
- --certificatesresolvers.myresolver.acme.dnschallenge=true
- --certificatesresolvers.myresolver.acme.dnschallenge.provider=cloudflare
# ACME Base
- --certificatesresolvers.myresolver.acme.email=postmaster@mydomain.com
- --certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json
- --entrypoints.websecure.http.tls=true
- --entrypoints.websecure.http.tls.certresolver=myresolver
- --entrypoints.websecure.http.tls.domains[0].main=mydomain.com
- --entrypoints.websecure.http.tls.domains[0].sans=*.mydomain.com
- --serverstransport.insecureskipverify=true
volumes:
- /var/run/docker.sock:/var/run/docker.sock # <== Volume for docker admin
- /share/ContainerStation/persistent/traefik/dynamic.yaml:/dynamic.yaml # <== Volume for dynamic conf file, **ref: line 27
- /share/ContainerStation/persistent/traefik/config.yml:/config.yml
- /share/ContainerStation/persistent/traefik/letsencrypt:/letsencrypt
- /share/ContainerStation/persistent/traefik/certs:/certs:ro
- /share/ContainerStation/persistent/traefik/certs.yml:/certs.yml
- /share/ContainerStation/persistent/traefik/entrypoint.sh:/entrypoint.sh
networks:
web: # <== Placing traefik on the network named web, to access containers on this network
qnet-static-eth1-b03c93: # <== Static IP in server dmz
ipv4_address: 192.168.178.3
labels:
- "traefik.enable=true" # <== Enable traefik on itself to view dashboard and assign subdomain to$
- "traefik.http.routers.api.rule=Host(`monitor.mydomain.com`)" # <== Setting the domain for the d$
- "traefik.http.routers.api.service=api@internal" # <== Enabling the api to be a service to acce$
networks:
web:
external: true
qnet-static-eth1-b03c93:
external: true
many thanks in advance