varnish
varnish copied to clipboard
wodby
weird: docker version not working in Fedora 41
I've hit a pretty weird Docker behavior: Docker image, which generally works in our setup (Ubuntu), does not work on Fedora 41
$ cat /etc/os-release
NAME="Fedora Linux"
VERSION="41 (Workstation Edition)"
RELEASE_TYPE=stable
...
$ docker --version
Docker version 28.5.0, build 887030f
docker image inspect wodby/varnish
[
{
"Id": "sha256:d1aa9ce3e058c33f52ea6588413410d73979c5a0f6eadce1aca4d2744df13125",
"RepoTags": [
"wodby/varnish:latest"
],
"RepoDigests": [
"wodby/varnish@sha256:e5784b6b4cb5861f537c3d1c39c347a06ebfe324eb63ffb011b1f9bc340d3235"
],
"Parent": "",
"Comment": "buildkit.dockerfile.v0",
"Created": "2025-10-10T02:34:52.142980627Z",
...
$ docker run -d --name my_varnish wodby/varnish
$ docker exec -it my_varnish bash
0e87f3da6ba8:/# ps aux
PID USER TIME COMMAND
1 root 0:43 varnishd -j unix,user=varnish -F -a :6081 -T :6082 -f /etc/varnish/default.vc
92 root 0:00 bash
98 root 0:00 ps aux
0e87f3da6ba8:/# netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
###
docker logs my_varnish
Generated Varnish secret: CkdaRj4qb4FTJyUd5alUxBhFbxDt6MkY1RgmxRE9cqmESVMfld0CjSlo96Hb6jrHPXCamkFLRh4qDvPPMiDm64MqIH8dT3hN895CjjQS06xoLeV32CxNSLppyI30YZnY
Varnish purge key is missing. Generating random: b6WWkNbwZ4uyo1WwuWnekok1KOEUyaU6wDgTzoRaPzxGT9Gf1Nzwat0uKiMSuvtF
as you can see it does not start.
Again: not an issue for us, we use Ubuntu, but it's the first time I hit a Docker image which is working in Ubuntu and does not work in Fedora
in a working container you would see ports listening
Here an example of a working varnish in a container (ubuntu 22.04 host)
5d1a222dbe1c:/# ps aux
PID USER TIME COMMAND
1 varnish 0:00 varnishd -j unix,user=varnish -F -a :6081 -T :6082 -f /etc/varnish/default.vc
102 varnish 0:00 {cache-main} varnishd -j unix,user=varnish -F -a :6081 -T :6082 -f /etc/varni
318 root 0:00 bash
324 root 0:00 ps aux
5d1a222dbe1c:/# netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:6081 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:6082 0.0.0.0:* LISTEN -
tcp 0 0 :::6081 :::* LISTEN -
tcp 0 0 :::6082 :::* LISTEN -
Could you pls post outputs of docker info for ubuntu and fedora and also docker inspect [container id] might help
this is in a Fedora, where it does not work:
~ ➜ docker info
Client: Docker Engine - Community
Version: 28.5.1
Context: default
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.29.1
Path: /usr/libexec/docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.40.2
Path: /usr/libexec/docker/cli-plugins/docker-compose
Server:
Containers: 24
Running: 0
Paused: 0
Stopped: 24
Images: 32
Server Version: 28.5.1
Storage Driver: overlay2
Backing Filesystem: btrfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: systemd
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
CDI spec directories:
/etc/cdi
/var/run/cdi
Swarm: inactive
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version: b98a3aace656320842a23f4a392a33f46af97866
runc version: v1.3.0-0-g4ca628d1
init version: de40ad0
Security Options:
seccomp
Profile: builtin
cgroupns
Kernel Version: 6.17.4-100.fc41.x86_64
Operating System: Fedora Linux 41 (Workstation Edition)
OSType: linux
Architecture: x86_64
CPUs: 12
Total Memory: 14.39GiB
Name: xxxx
ID: 91a1a567-9853-44f4-b9f6-5e4e59163d0f
Docker Root Dir: /var/lib/docker
Debug Mode: false
Experimental: false
Insecure Registries:
::1/128
127.0.0.0/8
Live Restore Enabled: false
while this is the inspect
~ ➜ docker run -d --name my_varnish wodby/varnish
8c11b8a8df08694cae51fa6bd8ba4aa8114eca6f9d7f1cb6c6031d4fc94f4c3c
~ ➜ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8c11b8a8df08 wodby/varnish "/docker-entrypoint.…" 7 seconds ago Up 6 seconds 6081-6082/tcp my_varnish
~ ➜ docker exec -it my_varnish bash
8c11b8a8df08:/# ps aux
PID USER TIME COMMAND
1 root 1:24 varnishd -j unix,user=varnish -F -a :6081 -T :6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s main=malloc,64M -t 120 -p ban_lurker_age=60.000 -p ban_lurker_ba
92 root 0:00 bash
98 root 0:00 ps aux
8c11b8a8df08:/# netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
~ ➜ docker container inspect 8c11b8a8df08
[
{
"Id": "8c11b8a8df08694cae51fa6bd8ba4aa8114eca6f9d7f1cb6c6031d4fc94f4c3c",
"Created": "2025-10-27T14:22:21.326084788Z",
"Path": "/docker-entrypoint.sh",
"Args": [
"/etc/init.d/varnishd"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 127444,
"ExitCode": 0,
"Error": "",
"StartedAt": "2025-10-27T14:22:21.39165584Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:d1aa9ce3e058c33f52ea6588413410d73979c5a0f6eadce1aca4d2744df13125",
"ResolvConfPath": "/var/lib/docker/containers/8c11b8a8df08694cae51fa6bd8ba4aa8114eca6f9d7f1cb6c6031d4fc94f4c3c/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/8c11b8a8df08694cae51fa6bd8ba4aa8114eca6f9d7f1cb6c6031d4fc94f4c3c/hostname",
"HostsPath": "/var/lib/docker/containers/8c11b8a8df08694cae51fa6bd8ba4aa8114eca6f9d7f1cb6c6031d4fc94f4c3c/hosts",
"LogPath": "/var/lib/docker/containers/8c11b8a8df08694cae51fa6bd8ba4aa8114eca6f9d7f1cb6c6031d4fc94f4c3c/8c11b8a8df08694cae51fa6bd8ba4aa8114eca6f9d7f1cb6c6031d4fc94f4c3c-json.log",
"Name": "/my_varnish",
"RestartCount": 0,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "bridge",
"PortBindings": {},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"ConsoleSize": [
46,
191
],
"CapAdd": null,
"CapDrop": null,
"CgroupnsMode": "private",
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "private",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": [],
"BlkioDeviceReadBps": [],
"BlkioDeviceWriteBps": [],
"BlkioDeviceReadIOps": [],
"BlkioDeviceWriteIOps": [],
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DeviceRequests": null,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": null,
"PidsLimit": null,
"Ulimits": [],
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": [
"/proc/asound",
"/proc/acpi",
"/proc/interrupts",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware",
"/sys/devices/virtual/powercap"
],
"ReadonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
},
"GraphDriver": {
"Data": {
"ID": "8c11b8a8df08694cae51fa6bd8ba4aa8114eca6f9d7f1cb6c6031d4fc94f4c3c",
"LowerDir": "/var/lib/docker/overlay2/148f28f21a19ba889b839e84a2fcbcd1628ede4c4b6efb4e46917404aed01aa9-init/diff:/var/lib/docker/overlay2/c5664b75705ddde2cef2ff2b723710f634867fc8520b14df6a247a60f71fa855/diff:/var/lib/docker/overlay2/66421ccbeadbcca95d2fe559ccc337f43ef1c27cf4115767d4962dea2ae5d551/diff:/var/lib/docker/overlay2/2ee55cc01975a75139078c5b53b7744329b3a512ac46bde04ffe54bbb034077a/diff:/var/lib/docker/overlay2/a4eb4d61101928358d8540637de141336285706b5da277071b5f31ab8d604dca/diff:/var/lib/docker/overlay2/fe02cef92cd9f4fed542f468f9ac977e2630c1c5cfc003396138674b9931ab44/diff:/var/lib/docker/overlay2/5bff1323c5ee72265c4e630a0d85860d2ab7aaaffa0f51221341901976a01270/diff:/var/lib/docker/overlay2/b83a669283fd292ac7e541a07ee6f57998042437bfe5e7b8e601b8a19f0bd559/diff:/var/lib/docker/overlay2/c0a26fa5a82aa3281b79f906e052edfa5fda150b9c06b174a24aa03444f4842c/diff:/var/lib/docker/overlay2/a436ffb9d3c8143802a1083d3ac9845c858630ad13a055796903af0c10100594/diff",
"MergedDir": "/var/lib/docker/overlay2/148f28f21a19ba889b839e84a2fcbcd1628ede4c4b6efb4e46917404aed01aa9/merged",
"UpperDir": "/var/lib/docker/overlay2/148f28f21a19ba889b839e84a2fcbcd1628ede4c4b6efb4e46917404aed01aa9/diff",
"WorkDir": "/var/lib/docker/overlay2/148f28f21a19ba889b839e84a2fcbcd1628ede4c4b6efb4e46917404aed01aa9/work"
},
"Name": "overlay2"
},
"Mounts": [
{
"Type": "volume",
"Name": "4214d4d449ce5eee44fbdff39f378535e29a7fa890dad7c7ecd2e6f89c8541c7",
"Source": "/var/lib/docker/volumes/4214d4d449ce5eee44fbdff39f378535e29a7fa890dad7c7ecd2e6f89c8541c7/_data",
"Destination": "/var/lib/varnish",
"Driver": "local",
"Mode": "",
"RW": true,
"Propagation": ""
}
],
"Config": {
"Hostname": "8c11b8a8df08",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"6081/tcp": {},
"6082/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"VARNISH_VER=6.0.16"
],
"Cmd": [
"/etc/init.d/varnishd"
],
"Image": "wodby/varnish",
"Volumes": {
"/var/lib/varnish": {}
},
"WorkingDir": "/",
"Entrypoint": [
"/docker-entrypoint.sh"
],
"OnBuild": null,
"Labels": {}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "2df75ba4ff359f2e06f2b05ec744af2d873956d131cbaf512e3d6711ec2bf41c",
"SandboxKey": "/var/run/docker/netns/2df75ba4ff35",
"Ports": {
"6081/tcp": null,
"6082/tcp": null
},
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "ea5eb2bfbdbe8db370b257ebd80e47e8e12090a150a04e8a4b54ffc847d34fe9",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "4a:b8:f8:3e:27:d2",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"MacAddress": "4a:b8:f8:3e:27:d2",
"DriverOpts": null,
"GwPriority": 0,
"NetworkID": "8b3345a49902f31530bbd17d42402587442a7fc6f2507be7fa119924e896c5f1",
"EndpointID": "ea5eb2bfbdbe8db370b257ebd80e47e8e12090a150a04e8a4b54ffc847d34fe9",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"DNSNames": null
}
}
}
}
]
Maybe this is due to SELinux (CAP_NET_BIND_SERVICE), does it work if you run the container as root?
Hi, it is sure not SELinux (I did not have it enabled)
But, the news is that now it works:
I still have the same Fedora 41
What changed is, for sure, your my_varnish wodby/varnish image, but I also see docker version is different:
docker --version
Docker version 29.1.1, build 0aedba5
while you can see above I've hit the issue with Docker version 28.5.0
I've just made the same test with
wodby/varnish:6.0-4.21.6 wodby/varnish:6-4.21.5
and I confirm they work, so I guess the issue was related to the Docker version
thank you for your feeds, I think we can close this issue
I reproduced this problem on DigitalOcean Kubernetes (v1.34) with containerd. Thought maybe the problem with running as root + using jail, so I changed it to run as varnish user but it didn't help. Also, there was a problem with a missing xz library (which is why make checks failed) but that also wasn't it.
I tried with kubernetes v1.33 and it worked, wtf...
not sure whether this is the problem with containerd, kernel or maybe with OS
where it doesn't work:
Kernel Version: 6.12.48+deb13-amd64
OS Image: Debian GNU/Linux 13 (trixie)
Operating System: linux
Architecture: amd64
Container Runtime Version: containerd://1.7.28
Kubelet Version: v1.34.1
works here:
Kernel Version: 6.1.0-39-amd64
OS Image: Debian GNU/Linux 12 (bookworm)
Operating System: linux
Architecture: amd64
Container Runtime Version: containerd://1.6.33
Kubelet Version: v1.33.6
I see your fedora setup where it also doesn't work uses containerd 1.7.28, so I guess this is the problem in runc 1.3.0.