Question 39364 in Ubuntu Question posted in
The official Ubuntu documentation can be found here.

Connection refused when using "curl" to whoami with traefik in Docker, anyone know how to solve it?

Update

when I run the command to the rejected service sudo docker ps --no-trunced SERVICE_NAME, I got the following:

network sandbox join failed: subnet sandbox join failed for "10.0.2.0/24": error creating vxlan interface: operation not supported.

I checked from the web that this is a kernel problem but my kernel version is already at 5.15, which for the case of arm64 its the latest, are there any alternatives?

I am pretty new to docker, recently I would like to setup a traefik container to proxy all containers within the docker so that TLS can be used.

I followed the tutorial on Basic Traefik configuration tutorial

And here is my Docker compose file:

version: "3.7"

services:
  traefik:
    image: traefik:v2.6
    command:
      # Entrypoints configuration
      - --entrypoints.web.address=:80
      # Docker provider configuration
      - --providers.docker=true
      # Makes sure that services have to explicitly direct Traefik to expose them
      - --providers.docker.exposedbydefault=false
      # Default docker network to use for connections to all containers
      - --providers.docker.network=bridge
      # Logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO.
      - --log.level=info
    ports:
      - 80:80
    networks:
      - bridge
    restart: unless-stopped

  # https://github.com/traefik/whoami
  whoami:
    image: traefik/whoami:v1.7.1
    labels:
      # Explicitly instruct Traefik to expose this service
      - traefik.enable=true
      # Router configuration
      ## Listen to the `web` entrypoint
      - traefik.http.routers.whoami_route.entrypoints=web
      ## Rule based on the Host of the request
      - traefik.http.routers.whoami_route.rule=Host(`whoami.MY_DOMAIN.com`)
      - traefik.http.routers.whoami_route.service=whoami_service
      # Service configuration
      ## 80 is the port that the whoami container is listening to
      - traefik.http.services.whoami_service.loadbalancer.server.port=80
    networks:
      - bridge

networks:
  bridge:
    external:
      name: bridge

Initially I used a network with driver: overlay which seems to be a requirement of swarm, but it didn’t work so I reverted back to bridge.

I didn’t follow the tutorial to use a socket proxy to reduce the complexity, and the user guide from traefik lab doesn’t use a socket proxy either so I suppose its ok.

After deploying the stack on Portainer 2.14.2, which is a success, I typed the following command on the terminal: curl http://whoami.MY_DOMAIN.com in which this domain is already registered, the result is: curl: (7) Failed to connect to whoami.MY_DOMAIN.com port 80 after 8 ms: Connection refused.

And the portainer interface also shown:
enter image description here

The logs are not available for some unknown reason, from the portainer interface it seems whoami is running, but traefik seems to be offline, or rejecting all connections.

Does anyone know why and how can I solve this? Thank you very much in advance!

One more thing, the underlying system:

OS: Ubuntu 22.04.1 LTS (GNU/Linux 5.15.0-1013-raspi aarch64)
Device: Raspberry Pi 4B
CPU architecture: Aarch64
RAM: 4GB
Tags:

3

Answers


  1. Chosen as BEST ANSWER
    0

    For the problem I have mentioned which the services of the stack is rejected or unable to start:

    network sandbox join failed: subnet sandbox join failed for "10.0.2.0/24": error creating vxlan interface: operation not supported

    I am able to get it working after applying the following fix:

    1. Check if vxlan driver exists in the kernel with modprobe vxlan
    2. If vxlan does not exist, which is the common case for Ubuntu on Raspberry Pi, details on Mail archive
    3. From this mail archive they suggest that a package named linux-modules-extra-raspi contains all missing modules for Ubuntu on Raspberry Pi.
    4. Install this package using sudo aptitude install linux-modules-extra-raspi -y
    5. Insert the driver vxlan by modprobe vxlan (I don't know whether this step is needed, please correct me if its not correct)

  2. 0

    Traefik needs access to the docker daemon (running on host) in order to monitor containers going up or stopping.

    In the tutorial you (partially) followed that link is achieved by providing the traefik container with a link to the socket proxy. Since you left that part out, there is now no way for Traefik to talk to docker.

    From the tutorial:

    --providers.docker.endpoint=tcp://socket_proxy:2375

Instead of connecting directly to unix:///var/run/docker.sock we are going to use the socket_proxy container to be able to query the Docker endpoint as a security precaution.

    If you don’t like the proxy solution (which is actually not bad), you can use the less secure option of mapping the host /var/run/docker.sock to the same path inside the container.

    volumes:
  - "/var/run/docker.sock:/var/run/docker.sock"

    You can also see an example of this in the official documentation

    Login or Signup to reply.
  3. 0

    Installing Linux kernel extra modules for version 5.15.0 on ARMv8 SMP on the host solved the network sandbox join failed error for me (RPi3B, Ubuntu Server 22.04):

    sudo apt install linux-modules-extra-raspi

    Inspired by this

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search