Issue
When trying to run a docker container on an Ubuntu host that has to bind ports in order to function, it works with the bridge-networks (also referred to as default-network), but not with the host-network, i.e. where the stack contains network_mode: host. Using the host-network, the required ports are not bound by any program.
.
OS Version/build
Ubuntu 22.04.1 LTS on Intel NUC10i5FNK
.
App version
Client: Docker Engine - Community
Cloud integration: v1.0.29
Version: 20.10.20
API version: 1.41
Go version: go1.18.7
Git commit: 9fdeb9c
Built: Tue Oct 18 18:20:18 2022
OS/Arch: linux/amd64
Context: desktop-linux
Experimental: true
Server: Docker Desktop 4.13.0 (89412)
Engine:
Version: 20.10.20
API version: 1.41 (minimum version 1.12)
Go version: go1.18.7
Git commit: 03df974
Built: Tue Oct 18 18:18:35 2022
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.8
GitCommit: 9cd3357b7fd7218e4aec3eae239db1f68a5a6ec6
runc:
Version: 1.1.4
GitCommit: v1.1.4-0-g5fd4c4d
docker-init:
Version: 0.19.0
GitCommit: de40ad0
.
Steps to reproduce
(these are the steps I did, in order to ensure that it isnāt an issue with just my setup; most of them may not be required)
- Install Ubuntu 22.04.1 LTS
- Install Docker Engine according to docs.docker[dot]com/engine/install/ubuntu/
- Install Docker Desktop according to docs.docker[dot]com/desktop/install/ubuntu/
- Install Portainer according to docs.portainer[dot]io/start/install/server/docker/linux
(4.1. if you intend to run a pihole-container, prepare Ubuntu according to github[dot]com/pi-hole/docker-pi-hole#installing-on-ubuntu-or-fedora) - Try to run a stack with a container, that requires binding ports, for example pihole-unbound.
The default-network works and the required ports are bound by docker:
default-network
version: '3.0'
volumes:
etc_pihole-unbound:
etc_pihole_dnsmasq-unbound:
services:
pihole:
container_name: pihole
image: cbcrowe/pihole-unbound:latest
hostname: ${HOSTNAME}
domainname: ${DOMAIN_NAME}
ports:
- 53:53/tcp
- 53:53/udp
- 443:443/tcp
- ${PIHOLE_WEBPORT:-80}:80/tcp #Allows use of different port to access pihole web interface when other docker containers use port 80
# - 5335:5335/tcp # Uncomment to enable unbound access on local server
# - 22/tcp # Uncomment to enable SSH
environment:
- FTLCONF_LOCAL_IPV4=${FTLCONF_LOCAL_IPV4}
- TZ=${TZ:-UTC}
- WEBPASSWORD=${WEBPASSWORD}
- WEBTHEME=${WEBTHEME:-default-dark}
- REV_SERVER=${REV_SERVER:-false}
- REV_SERVER_TARGET=${REV_SERVER_TARGET}
- REV_SERVER_DOMAIN=${REV_SERVER_DOMAIN}
- REV_SERVER_CIDR=${REV_SERVER_CIDR}
- PIHOLE_DNS_=127.0.0.1#5335
- DNSSEC="true"
- DNSMASQ_LISTENING=single
volumes:
- etc_pihole-unbound:/etc/pihole:rw
- etc_pihole_dnsmasq-unbound:/etc/dnsmasq.d:rw
restart: unless-stopped
.
The host-network fails and the required ports are not bound by any program:
network_mode: host
version: '3.0'
volumes:
etc_pihole-unbound:
etc_pihole_dnsmasq-unbound:
services:
pihole:
container_name: pihole
image: cbcrowe/pihole-unbound:latest
hostname: ${HOSTNAME}
domainname: ${DOMAIN_NAME}
environment:
- FTLCONF_LOCAL_IPV4=${FTLCONF_LOCAL_IPV4}
- TZ=${TZ:-UTC}
- WEBPASSWORD=${WEBPASSWORD}
- WEBTHEME=${WEBTHEME:-default-dark}
- REV_SERVER=${REV_SERVER:-false}
- REV_SERVER_TARGET=${REV_SERVER_TARGET}
- REV_SERVER_DOMAIN=${REV_SERVER_DOMAIN}
- REV_SERVER_CIDR=${REV_SERVER_CIDR}
- PIHOLE_DNS_=127.0.0.1#5335
- DNSSEC="true"
- DNSMASQ_LISTENING=single
volumes:
- etc_pihole-unbound:/etc/pihole:rw
- etc_pihole_dnsmasq-unbound:/etc/dnsmasq.d:rw
restart: unless-stopped
network_mode: host