1

I run a small home server with several Docker containers, which I make accessible via an Nginx reverse proxy. The setup works well until I try to use user namespace remapping. I then only get an HTTP 502 error - I can't find anything in the logs, or maybe I'm looking in the wrong place.

As soon as I remove userns-remap and restart the Docker services, the entire system works fine again.

It's not the firewall, nor is it SELinux.

I would be very grateful for any help.

First, I edit the file /etc/docker/daemon.json to enable the :

{ "dns": ["192.168.100.10"], "metrics-addr": "127.0.0.1:9323", "experimental": true, "userns-remap": "myuser" }

Anschließend starte ich den Docker-Dienst neu: sudo systemctl restart docker.service.

Now I create the Portainer CE container:

docker volume create --name portainer_data --opt device=/home/myuser/.containers/volumes/portainer --opt o=bind --opt type=none docker network create --ipv4 --subnet 172.116.0.0/16 --gateway 172.116.0.1 portainer-network docker compose up -d

The contents of the compose.yaml file are as follows:

services: portainer-socket-proxy: image: lscr.io/linuxserver/socket-proxy:latest container_name: portainer-socket-proxy restart: unless-stopped networks: portainer-network: ipv4_address: '172.116.0.20' volumes: - /var/run/docker.sock:/var/run/docker.sock:ro environment: - LOG_LEVEL=info - EVENTS=1 - PING=1 - VERSION=1 - AUTH=0 - SECRETS=0 - POST=1 - BUILD=0 - COMMIT=0 - CONFIGS=0 - CONTAINERS=1 - DISTRIBUTION=0 - EXEC=0 - IMAGES=1 - INFO=1 - NETWORKS=1 - NODES=0 - PLUGINS=0 - SERVICES=1 - SESSION=0 - SWARM=0 - SYSTEM=0 - TASKS=1 - VOLUMES=1 portainer: ports: - 127.0.0.1:9001:8000 - 127.0.0.1:9002:9443 - 127.0.0.1:9000:9000 container_name: portainer restart: unless-stopped networks: portainer-network: ipv4_address: '172.116.0.10' volumes: - portainer_data:/data image: portainer/portainer-ce:lts command: -H tcp://portainer-socket-proxy:2375 --tlsskipverify depends_on: portainer-socket-proxy: condition: service_started networks: portainer-network: external: true volumes: portainer_data: external: true

Content of /etc/subuid:

myuser:1000:1 myuser:100000:65536

Content of /etc/subgid:

myuser:1000:1 myuser:100000:65536
Improve this question

1 Answer 1

Reset to default
0

The problem was that I already had a running Docker environment, which I wanted to move piece by piece to userns-remap. In doing so, I overlooked the fact that the previous Docker networks were blocking the newly created userns networks.

Once I removed the previous networks, the newly created networks worked perfectly and the services were accessible.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.