Troubleshooting of docker errors: Difference between revisions

Troubleshooting of docker errors

General Troubleshooting Steps of Docker Errors[edit]

Viewing Docker Logs[edit]

Enter the following command

tail /home/dockerd.log

Or the see the log of specific container ID

docker logs <Container ID>

# OR enter the following command which the log was updated automatically
docker logs -f --details <Container ID>

Useful Tools[edit]

• Dockerfile Linter

Common Error Solutions[edit]

Error: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?[edit]

Error condition: After I inputted the command docker ps, I met the error message as follows:

Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running? 

Solution:

• On CentOS: sudo systemctl start docker^[1]

Error response from daemon: dial unix docker.raw.sock: connect: connection refused (on Mac)[edit]

Error condition: After I inputted the command docker ps, I met the error message as follows:

Error response from daemon: dial unix docker.raw.sock: connect: connection refused

Solution: Make sure the docker is running. After docker was lunched, the result of command docker ps should be:

CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES

Error response from docker desktop: credential when tried to docker push[edit]

Solution: Login the account of docker hub

Error response from docker desktop: denied: requested access to the resource is denied when tried to docker push[edit]

Solution: Add tag to the docker image you want to publish^[2]

docker tag <IMAGE ID> <ACCOUNT NAME>/<NAME>:<TAG>

.:/app bind mount allows container to write back to host[edit]

Error condition: The .:/app entry in docker-compose.yml defaults to read-write, meaning processes inside the container can write back to the entire project directory on the host — including .env files containing API keys. If the Streamlit app has a vulnerability that gets exploited, an attacker could use the container to modify arbitrary files on the host.

Solution: In the volumes section of docker-compose.yml, append :ro (read-only) to the code directory, and keep only the data directory as read-write:

volumes:
  - .:/app:ro              # source code read-only
  - ./data:/app/data       # data directory remains read-write
  - ./.env:/app/.env:ro

If the Streamlit app needs to write temporary files outside of /app, grant write access to that specific subdirectory individually — do not remove the top-level :ro.

docker group membership not taking effect — docker ps still shows permission denied[edit]

Error condition: After running sudo usermod -aG docker your-username, subsequent docker ps still shows the following error:

permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock

Cause: The current SSH session was established before usermod ran. Group membership changes do not apply to existing sessions.

Solution:

• Confirm the account has been added to the docker group: groups your-username — output should include docker
• Fully log out of SSH and reconnect: exit
• After reconnecting, verify with groups (should include docker) and docker ps (should list containers normally)

Note: On certain Debian environments, newgrp docker may return Invalid password and refuse to execute even when no password is expected — this is known behaviour. A full SSH reconnect is the correct fix.

Error: This image might run with root as the default user. Make sure it is safe here.[edit]

This image might run with root as the default user. Make sure it is safe here

References[edit]