Lighttpd doesn't start on fresh container with --net=host

[savef]

Hiya,

This is a...

• Request for a new or modified feature
• Issue trying to run the docker image
• Issue trying to build / test / develop the docker image

Description

I have been trying to use docker-compose to launch a container, and it gets stuck in a loop of trying and failing to bind Lighttpd. Here is my config yaml file:

version: "3"
services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    network_mode: host
    environment:
      TZ: 'Europe/London'
      WEBPASSWORD: 'helloW0rld' # temporary
    volumes:
       - './etc-pihole/:/etc/pihole/'
       - './etc-dnsmasq.d/:/etc/dnsmasq.d/'
    dns:
      - 127.0.0.1
      - 1.1.1.1
    # Recommended but not required (DHCP needs NET_ADMIN)
    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    cap_add:
      - NET_ADMIN
    restart: unless-stopped

I also tried changing WEB_PORT to 1080, the port variable is being pulled through but the same error loop massage appears:

pihole    | Starting lighttpd
pihole    | 2019-03-02 14:19:05: (network.c.464) can't bind to port: 127.0.0.1 1080 Address already in use
pihole    | Stopping lighttpd
pihole    | lighttpd: no process found
pihole    | Starting lighttpd
pihole    | 2019-03-02 14:19:06: (network.c.464) can't bind to port: 127.0.0.1 1080 Address already in use
pihole    | Stopping lighttpd
pihole    | lighttpd: no process found

Nothing is running on these ports on the host, as confirmed by netstat:

Here's the full `docker-compose up` output: [https://pastebin.com/XX8kf36h](https://pastebin.com/XX8kf36h)

~/containers/pi-hole$ sudo netstat -ltpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1174/sshd
tcp6       0      0 :::22                   :::*                    LISTEN      1174/sshd

Debug steps I have tried

• I have tried destroying my container instance, pulling the newest image version, and re-creating a new container - no effect
• I have tried running the nearly stock docker run example in the readme (removing any customizations I added) - this works correctly, even with --net=host
• I have tried running without my volume data mounts to eliminate volumes as the cause - no effect
• I have searched this repository for existing issues and pull requests that look similar - nothing found

Your Environment

• Docker Host Operating System and OS Version: Ubuntu Server 18.04.2 LTS
• Docker Version: Docker version 18.09.3, build 774a1f4
• Docker Compose Version: docker-compose version 1.17.1, build unknown
• Hardware architecture: x86_64

[etrombly]

I had the same issue, had to set the ServerIP environment variable.

[savef]

Hi, thank you @etrombly! This solved my problem.

Given the README states "ServerIP no longer a required enviroment variable", I assume this is a bug so I think this issue should stay open.

[diginc]

Clarified in the readme a little bit but it could have a little more clarity and examples could be updated and automation in startup to detect "IS host network AND NOT ServerIP THEN Add warning" would be the best.

[Jamesits]

@diginc Why not get the server IP automatically in the container if the env variable is not set? You can do this easily without any extra dependencies.

awk '/32 host/ { print f } {f=$2}' /proc/net/fib_trie | head -n 1

[pondix]

Definitely add more info in the docs about this :) it took a while to find this issue..

[erasmus74]

Same issue. My setup was with docker -> portainer -> pihole and it just never told me why I don't get a bind. Thanks, this should be easier to find, took a day.

[pralor-bot]

This issue has been mentioned on Pi-hole Userspace. There might be relevant details there:

https://discourse.pi-hole.net/t/pi-hole-mit-hue-sonos-iobroker-und-alexa/31042/11

[fallenreaper]

Has this been resolved? I was running a sample as follows and i am getting the issue. I was thinking that the network wasnt assigning the container the IP address?

Raspberry Pi 4 on network with Docker and docker Compose, i would run the following file information with docker-compose up and notice the issue.

version: "3"

# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    #ports:
    #  - "53:53/tcp"
    #  - "53:53/udp"
    #  - "67:67/udp"
    #  - "80:80/tcp"
    #  - "443:443/tcp"
    network_mode: 'host'
    environment:
      TZ: 'America/New_York'
      ServerIP: '192.168.10.200'
      VIRTUAL_HOST: 'pi.hole'
      # WEBPASSWORD: 'set a secure password here or it will be random'
    # Volumes store your data between container upgrades
    volumes:
      - './etc-pihole/:/home/pi/Documents/pihole/etc/'
      - './etc-dnsmasq.d/:/home/pi/Documents/pihole/dnsmasq/'
    # Recommended but not required (DHCP needs NET_ADMIN)
    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    cap_add:
      - NET_ADMIN
    restart: unless-stopped

So what I was thinking the container was not being assigned the IP Address correctly? I was thinking that if i set the network_mode, I didnt need to expose IP addresses since it is being its own container and not being exposed through the host machine any longer?

[dschaper]

Host mode means the container is the host. So the IP address of the host is the IP address of the container.

[fallenreaper]

@dschaper I thought that network mode host meant it was attached to the Host's Network as its own standalone endpoint? Maybe I am mistaken? I was having it work earlier by having all references to HOST machine, but i didnt want to chew up ports etc, and thought it better to make my pihole container sit on the network as its own entity. https://docs.docker.com/network/host/

[dschaper]

https://docs.docker.com/network/host/

If you use the host network mode for a container, that container’s network stack is not isolated from the Docker host (the container shares the host’s networking namespace), and the container does not get its own IP-address allocated

[dschaper]

If you want it as it's own IP address then you'll need to look at macvlan networking mode.

[fallenreaper]

@dschaper ahhh yeah, i reread it again, but slower. ill take a look into macvlan. Is this something simple to do with this usecase? I didnt see documentation regarding it.

[dschaper]

It's the networking mode that a lot of Pi-hole users choose. There is the caveat that it makes the container unreachable by the host (directly) as it's seen as a foreign network and host but there are workarounds for that.

A web search for pi-hole docker macvlan should provide a wealth of information.

[fallenreaper]

@dschaper I ended up doing the following. Thank you.

Here is what I ended up doing:

version: "3"
services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    hostname: pi
    domainname: hole
    ports:
      - 53/tcp
      - 53/udp
      - 67/udp
      - 80/tcp
      - 443/tcp
    environment:
      TZ: 'America/New_York'
      ServerIP: '192.168.10.200'
      VIRTUAL_HOST: pi.hole 
    volumes:
      - './etc-pihole/:/home/pi/Documents/pihole/etc/'
      - './etc-dnsmasq.d/:/home/pi/Documents/pihole/dnsmasq/'
    cap_add:
      - NET_ADMIN
    restart: unless-stopped
    dns:
      - 127.0.0.1
      - 8.8.8.8 
    networks:
      lan:
        ipv4_address: 192.168.10.200
networks:
  lan:
    driver: macvlan
    driver_opts:
      parent: eth0
    ipam:
      config:
        - subnet: 192.168.10.0/24

[github-actions]

This issue is stale because it has been open 30 days with no activity. Please comment or update this issue or it will be closed in 5 days.

[Jamesits]

nope

[pralor-bot]

This issue has been mentioned on Pi-hole Userspace. There might be relevant details there:

https://discourse.pi-hole.net/t/pihole-nicht-erreichbar-wenn-network-mode-angegeben-docker/52783/1