Docker container is not able to restart
The docker container of mat2-web seems unable to restart and dies with bind(): Permission denied [core/socket.c line 230]
, when running docker stop && docker start or docker restart or the server on which it is running reboots.
I assume the uWSGI has a problem on container restart.
[15:07:07] foobar:~ $ docker run -d -p8181:8080 --name mat2 --read-only --tmpfs /tmp --tmpfs /run/uwsgi --tmpfs=/app/upload --security-opt=no-new-privileges registry.0xacab.org/jvoisin/mat2-web
0b9aef0973621297d27269e09e7d1f8de16d8afc50b5d5526a0c38db618333be
[15:07:54] foobar:~ $ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0b9aef097362 registry.0xacab.org/jvoisin/mat2-web "sh -c 'nginx; uwsgi…" 3 seconds ago Up 2 seconds 0.0.0.0:8181->8080/tcp, :::8181->8080/tcp mat2
[15:07:56] foobar:~ $ docker logs mat2
[uWSGI] getting INI configuration from /etc/uwsgi/apps-enabled/mat2-web.ini
*** Starting uWSGI 2.0.18-debian (64bit) on [Mon Mar 14 14:07:54 2022] ***
compiled with version: 8.2.0 on 10 February 2019 02:42:46
os: Linux-5.4.0-104-generic #118-Ubuntu SMP Wed Mar 2 19:02:41 UTC 2022
nodename: 0b9aef097362
machine: x86_64
clock source: unix
pcre jit disabled
detected number of CPU cores: 4
current working directory: /var/www/mat2-web
detected binary path: /usr/bin/uwsgi-core
chdir() to /var/www/mat2-web/
your memory page size is 4096 bytes
*** WARNING: you have enabled harakiri without post buffering. Slow upload could be rejected on post-unbuffered webservers ***
detected max file descriptor number: 1048576
lock engine: pthread robust mutexes
thunder lock: disabled (you can enable it with --thunder-lock)
uwsgi socket 0 bound to UNIX address /run/uwsgi/uwsgi.sock fd 3
Python version: 3.7.3 (default, Jan 22 2021, 20:04:44) [GCC 8.3.0]
*** Python threads support is disabled. You can enable it with --enable-threads ***
Python main interpreter initialized at 0x56525cc0f020
your server socket listen backlog is limited to 100 connections
your mercy for graceful operations on workers is 60 seconds
mapped 145840 bytes (142 KB) for 1 cores
*** Operational MODE: single process ***
WSGI app 0 (mountpoint='') ready in 0 seconds on interpreter 0x56525cc0f020 pid: 11 (default app)
mountpoint already configured. skip.
*** uWSGI is running in multiple interpreter mode ***
spawned uWSGI master process (pid: 11)
spawned uWSGI worker 1 (pid: 16, cores: 1)
[15:08:01] foobar:~ $ docker stop mat2
mat2
[15:08:19] foobar:~ $ docker start mat2
mat2
[15:08:26] foobar:~ $ docker logs mat2
[uWSGI] getting INI configuration from /etc/uwsgi/apps-enabled/mat2-web.ini
*** Starting uWSGI 2.0.18-debian (64bit) on [Mon Mar 14 14:07:54 2022] ***
compiled with version: 8.2.0 on 10 February 2019 02:42:46
os: Linux-5.4.0-104-generic #118-Ubuntu SMP Wed Mar 2 19:02:41 UTC 2022
nodename: 0b9aef097362
machine: x86_64
clock source: unix
pcre jit disabled
detected number of CPU cores: 4
current working directory: /var/www/mat2-web
detected binary path: /usr/bin/uwsgi-core
chdir() to /var/www/mat2-web/
your memory page size is 4096 bytes
*** WARNING: you have enabled harakiri without post buffering. Slow upload could be rejected on post-unbuffered webservers ***
detected max file descriptor number: 1048576
lock engine: pthread robust mutexes
thunder lock: disabled (you can enable it with --thunder-lock)
uwsgi socket 0 bound to UNIX address /run/uwsgi/uwsgi.sock fd 3
Python version: 3.7.3 (default, Jan 22 2021, 20:04:44) [GCC 8.3.0]
*** Python threads support is disabled. You can enable it with --enable-threads ***
Python main interpreter initialized at 0x56525cc0f020
your server socket listen backlog is limited to 100 connections
your mercy for graceful operations on workers is 60 seconds
mapped 145840 bytes (142 KB) for 1 cores
*** Operational MODE: single process ***
WSGI app 0 (mountpoint='') ready in 0 seconds on interpreter 0x56525cc0f020 pid: 11 (default app)
mountpoint already configured. skip.
*** uWSGI is running in multiple interpreter mode ***
spawned uWSGI master process (pid: 11)
spawned uWSGI worker 1 (pid: 16, cores: 1)
[uWSGI] getting INI configuration from /etc/uwsgi/apps-enabled/mat2-web.ini
*** Starting uWSGI 2.0.18-debian (64bit) on [Mon Mar 14 14:08:24 2022] ***
compiled with version: 8.2.0 on 10 February 2019 02:42:46
os: Linux-5.4.0-104-generic #118-Ubuntu SMP Wed Mar 2 19:02:41 UTC 2022
nodename: 0b9aef097362
machine: x86_64
clock source: unix
pcre jit disabled
detected number of CPU cores: 4
current working directory: /var/www/mat2-web
detected binary path: /usr/bin/uwsgi-core
chdir() to /var/www/mat2-web/
your memory page size is 4096 bytes
*** WARNING: you have enabled harakiri without post buffering. Slow upload could be rejected on post-unbuffered webservers ***
detected max file descriptor number: 1048576
lock engine: pthread robust mutexes
thunder lock: disabled (you can enable it with --thunder-lock)
bind(): Permission denied [core/socket.c line 230]
A "workaround" is to remove the container and re-run it.
[15:16:26] foobar:~ $ docker rm mat2
mat2
[15:16:32] foobar:~ $ docker run -d -p8181:8080 --name mat2 --read-only --tmpfs /tmp --tmpfs /run/uwsgi --tmpfs=/app/upload --security-opt=no-new-privileges registry.0xacab.org/jvoisin/mat2-web
60aefb0e906f7ccb75059ce768238a37cef6ea606348d40e26d68d624871924e
[15:16:41] foobar:~ $ docker logs mat2
[uWSGI] getting INI configuration from /etc/uwsgi/apps-enabled/mat2-web.ini
*** Starting uWSGI 2.0.18-debian (64bit) on [Mon Mar 14 14:16:38 2022] ***
compiled with version: 8.2.0 on 10 February 2019 02:42:46
os: Linux-5.4.0-104-generic #118-Ubuntu SMP Wed Mar 2 19:02:41 UTC 2022
nodename: 60aefb0e906f
machine: x86_64
clock source: unix
pcre jit disabled
detected number of CPU cores: 4
current working directory: /var/www/mat2-web
detected binary path: /usr/bin/uwsgi-core
chdir() to /var/www/mat2-web/
your memory page size is 4096 bytes
*** WARNING: you have enabled harakiri without post buffering. Slow upload could be rejected on post-unbuffered webservers ***
detected max file descriptor number: 1048576
lock engine: pthread robust mutexes
thunder lock: disabled (you can enable it with --thunder-lock)
uwsgi socket 0 bound to UNIX address /run/uwsgi/uwsgi.sock fd 3
Python version: 3.7.3 (default, Jan 22 2021, 20:04:44) [GCC 8.3.0]
*** Python threads support is disabled. You can enable it with --enable-threads ***
Python main interpreter initialized at 0x55f9452c1020
your server socket listen backlog is limited to 100 connections
your mercy for graceful operations on workers is 60 seconds
mapped 145840 bytes (142 KB) for 1 cores
*** Operational MODE: single process ***
WSGI app 0 (mountpoint='') ready in 0 seconds on interpreter 0x55f9452c1020 pid: 12 (default app)
mountpoint already configured. skip.
*** uWSGI is running in multiple interpreter mode ***
spawned uWSGI master process (pid: 12)
spawned uWSGI worker 1 (pid: 16, cores: 1)
Thank you for your software and also for your help!
Edited by shadow