14,974
edits
Troubleshooting of docker errors: Difference between revisions
Jump to navigation
Jump to search
→Common Error Solutions
No edit summary |
|||
| (4 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
Troubleshooting of docker errors | Troubleshooting of docker errors | ||
== Error response from daemon: dial unix docker.raw.sock: connect: connection refused (on Mac) == | == General Troubleshooting Steps of Docker Errors == | ||
=== Viewing Docker Logs === | |||
Enter the following command | |||
<pre> | |||
tail /home/dockerd.log | |||
</pre> | |||
Or the see the log of specific container ID | |||
<pre> | |||
docker logs <Container ID> | |||
# OR enter the following command which the log was updated automatically | |||
docker logs -f --details <Container ID> | |||
</pre> | |||
=== Useful Tools === | |||
* [https://hadolint.github.io/hadolint/ Dockerfile Linter] | |||
== Common Error Solutions == | |||
=== Error: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running? === | |||
Error condition: After I inputted the command {{kbd | key = docker ps}}, I met the error message as follows: | |||
<pre> | |||
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running? | |||
</pre> | |||
Solution: | |||
* On CentOS: {{kbd | key = sudo systemctl start docker}}<ref>[https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-centos-7 How To Install and Use Docker on CentOS 7 | DigitalOcean]</ref> | |||
=== Error response from daemon: dial unix docker.raw.sock: connect: connection refused (on Mac) === | |||
Error condition: After I inputted the command {{kbd | key = docker ps}}, I met the error message as follows: | Error condition: After I inputted the command {{kbd | key = docker ps}}, I met the error message as follows: | ||
| Line 13: | Line 45: | ||
</pre> | </pre> | ||
== Error response from docker desktop: credential when tried to docker push == | === Error response from docker desktop: credential when tried to docker push === | ||
Solution: Login the account of docker hub | Solution: Login the account of docker hub | ||
== Error response from docker desktop: denied: requested access to the resource is denied when tried to docker push == | === Error response from docker desktop: denied: requested access to the resource is denied when tried to docker push === | ||
Solution: Add tag to the docker image you want to publish<ref>[https://stackoverflow.com/questions/43858398/docker-push-error-denied-requested-access-to-the-resource-is-denied docker push error "denied: requested access to the resource is denied" - Stack Overflow]</ref> | Solution: Add tag to the docker image you want to publish<ref>[https://stackoverflow.com/questions/43858398/docker-push-error-denied-requested-access-to-the-resource-is-denied docker push error "denied: requested access to the resource is denied" - Stack Overflow]</ref> | ||
| Line 24: | Line 56: | ||
docker tag <IMAGE ID> <ACCOUNT NAME>/<NAME>:<TAG> | docker tag <IMAGE ID> <ACCOUNT NAME>/<NAME>:<TAG> | ||
</pre> | </pre> | ||
=== .:/app bind mount allows container to write back to host === | |||
Error condition: The <code>.:/app</code> entry in {{kbd|key=docker-compose.yml}} defaults to read-write, meaning processes inside the container can write back to the entire project directory on the host — including <code>.env</code> files containing API keys. If the Streamlit app has a vulnerability that gets exploited, an attacker could use the container to modify arbitrary files on the host. | |||
Solution: In the <code>volumes</code> section of <code>docker-compose.yml</code>, append <code>:ro</code> (read-only) to the code directory, and keep only the <code>data</code> directory as read-write: | |||
<pre> | |||
volumes: | |||
- .:/app:ro # source code read-only | |||
- ./data:/app/data # data directory remains read-write | |||
- ./.env:/app/.env:ro | |||
</pre> | |||
If the Streamlit app needs to write temporary files outside of <code>/app</code>, grant write access to that specific subdirectory individually — do not remove the top-level <code>:ro</code>. | |||
=== docker group membership not taking effect — docker ps still shows permission denied === | |||
Error condition: After running {{kbd|key=sudo usermod -aG docker your-username}}, subsequent {{kbd|key=docker ps}} still shows the following error: | |||
<pre> | |||
permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock | |||
</pre> | |||
Cause: The current SSH session was established before <code>usermod</code> ran. Group membership changes do not apply to existing sessions. | |||
Solution: | |||
* Confirm the account has been added to the <code>docker</code> group: {{kbd|key=groups your-username}} — output should include <code>docker</code> | |||
* Fully log out of SSH and reconnect: {{kbd|key=exit}} | |||
* After reconnecting, verify with {{kbd|key=groups}} (should include <code>docker</code>) and {{kbd|key=docker ps}} (should list containers normally) | |||
Note: On certain Debian environments, <code>newgrp docker</code> may return <code>Invalid password</code> and refuse to execute even when no password is expected — this is known behaviour. A full SSH reconnect is the correct fix. | |||
== References == | == References == | ||
| Line 30: | Line 92: | ||
{{Template:Troubleshooting}} | {{Template:Troubleshooting}} | ||
[[Category:Programming]] | [[Category: Programming]] | ||
[[Category: Docker]] | |||