Troubleshooting of docker errors: Difference between revisions
No edit summary |
|||
| (One intermediate revision by the same user not shown) | |||
| Line 56: | Line 56: | ||
docker tag <IMAGE ID> <ACCOUNT NAME>/<NAME>:<TAG> | docker tag <IMAGE ID> <ACCOUNT NAME>/<NAME>:<TAG> | ||
</pre> | </pre> | ||
=== .:/app bind mount allows container to write back to host === | |||
Error condition: The <code>.:/app</code> entry in {{kbd|key=docker-compose.yml}} defaults to read-write, meaning processes inside the container can write back to the entire project directory on the host — including <code>.env</code> files containing API keys. If the Streamlit app has a vulnerability that gets exploited, an attacker could use the container to modify arbitrary files on the host. | |||
Solution: In the <code>volumes</code> section of <code>docker-compose.yml</code>, append <code>:ro</code> (read-only) to the code directory, and keep only the <code>data</code> directory as read-write: | |||
<pre> | |||
volumes: | |||
- .:/app:ro # source code read-only | |||
- ./data:/app/data # data directory remains read-write | |||
- ./.env:/app/.env:ro | |||
</pre> | |||
If the Streamlit app needs to write temporary files outside of <code>/app</code>, grant write access to that specific subdirectory individually — do not remove the top-level <code>:ro</code>. | |||
=== docker group membership not taking effect — docker ps still shows permission denied === | |||
Error condition: After running {{kbd|key=sudo usermod -aG docker your-username}}, subsequent {{kbd|key=docker ps}} still shows the following error: | |||
<pre> | |||
permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock | |||
</pre> | |||
Cause: The current SSH session was established before <code>usermod</code> ran. Group membership changes do not apply to existing sessions. | |||
Solution: | |||
* Confirm the account has been added to the <code>docker</code> group: {{kbd|key=groups your-username}} — output should include <code>docker</code> | |||
* Fully log out of SSH and reconnect: {{kbd|key=exit}} | |||
* After reconnecting, verify with {{kbd|key=groups}} (should include <code>docker</code>) and {{kbd|key=docker ps}} (should list containers normally) | |||
Note: On certain Debian environments, <code>newgrp docker</code> may return <code>Invalid password</code> and refuse to execute even when no password is expected — this is known behaviour. A full SSH reconnect is the correct fix. | |||
== References == | == References == | ||
| Line 63: | Line 93: | ||
[[Category: Programming]] | [[Category: Programming]] | ||
[[Category: Docker]] | |||
Latest revision as of 18:57, 5 May 2026
Troubleshooting of docker errors
General Troubleshooting Steps of Docker Errors[edit]
Viewing Docker Logs[edit]
Enter the following command
tail /home/dockerd.log
Or the see the log of specific container ID
docker logs <Container ID> # OR enter the following command which the log was updated automatically docker logs -f --details <Container ID>
Useful Tools[edit]
Common Error Solutions[edit]
Error: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?[edit]
Error condition: After I inputted the command docker ps, I met the error message as follows:
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
Solution:
- On CentOS: sudo systemctl start docker[1]
Error response from daemon: dial unix docker.raw.sock: connect: connection refused (on Mac)[edit]
Error condition: After I inputted the command docker ps, I met the error message as follows:
Error response from daemon: dial unix docker.raw.sock: connect: connection refused
Solution: Make sure the docker is running. After docker was lunched, the result of command docker ps should be:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
Error response from docker desktop: credential when tried to docker push[edit]
Solution: Login the account of docker hub
Error response from docker desktop: denied: requested access to the resource is denied when tried to docker push[edit]
Solution: Add tag to the docker image you want to publish[2]
docker tag <IMAGE ID> <ACCOUNT NAME>/<NAME>:<TAG>
.:/app bind mount allows container to write back to host[edit]
Error condition: The .:/app entry in docker-compose.yml defaults to read-write, meaning processes inside the container can write back to the entire project directory on the host — including .env files containing API keys. If the Streamlit app has a vulnerability that gets exploited, an attacker could use the container to modify arbitrary files on the host.
Solution: In the volumes section of docker-compose.yml, append :ro (read-only) to the code directory, and keep only the data directory as read-write:
volumes: - .:/app:ro # source code read-only - ./data:/app/data # data directory remains read-write - ./.env:/app/.env:ro
If the Streamlit app needs to write temporary files outside of /app, grant write access to that specific subdirectory individually — do not remove the top-level :ro.
docker group membership not taking effect — docker ps still shows permission denied[edit]
Error condition: After running sudo usermod -aG docker your-username, subsequent docker ps still shows the following error:
permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock
Cause: The current SSH session was established before usermod ran. Group membership changes do not apply to existing sessions.
Solution:
- Confirm the account has been added to the
dockergroup: groups your-username — output should includedocker - Fully log out of SSH and reconnect: exit
- After reconnecting, verify with groups (should include
docker) and docker ps (should list containers normally)
Note: On certain Debian environments, newgrp docker may return Invalid password and refuse to execute even when no password is expected — this is known behaviour. A full SSH reconnect is the correct fix.
References[edit]
Troubleshooting of ...
- PHP, cUrl, Python, selenium, HTTP status code errors
- Database: SQL syntax debug, MySQL errors, MySQLTuner errors or PostgreSQL errors
- HTML/Javascript: Troubleshooting of javascript, XPath
- Software: Mediawiki, Docker, FTP problems, online conference software
- Test connectivity for the web service, Web Ping, Network problem, Web user behavior, Web scrape troubleshooting
Template