I have switched to docker rootless on my private web server (Raspberry Pi 5).
uname -a
Linux *** 6.6.74+rpt-rpi-2712 #1 SMP PREEMPT Debian 1:6.6.74-1+rpt1 (2025-01-27) aarch64 GNU/Linux
Since slirp4netns does not allow for outgoing ipv6 connections from my docker containers I have configured the docker daemon to use the pasta network driver. This is the configuration i use:
~/.config/systemd/user/docker.service.d/override.conf
[Service]
Environment="DOCKERD_ROOTLESS_ROOTLESSKIT_FLAGS=--ipv6 --copy-up=/etc --disable-host-loopback"
Environment="DOCKERD_ROOTLESS_ROOTLESSKIT_MTU=1500"
Environment="DOCKERD_ROOTLESS_ROOTLESSKIT_NET=pasta"
Environment="DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER=implicit"
~/.docker/daemon.json
{
"experimental": true,
"ipv6": true,
"fixed-cidr-v6": "fd00::/64",
"iptables": true,
"ip6tables": true,
"log-opts": {
"max-size": "10m",
"max-file": "5"
}
}
When I run
systemctl --user daemon-reload
systemctl --user restart docker
everything works just fine. However after some time (few hours) I cannot send requests to the exposed ports of my docker services anymore. The services are still up and running and the network seems to be intact as well. The same problem occurs when i restart the system; the docker containers start, but I cannot send requests to the exposed ports.
docker network inspect ipv6-net
[
{
"Name": "ipv6-net",
"Id": "92d13b9e08df21d1493c8b7657083ec3ce362b5107a8ef86afa4ec22935f78dc",
"Created": "2025-03-26T01:37:37.86753001+01:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv4": true,
"EnableIPv6": true,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.18.0.0/16",
"Gateway": "172.18.0.1"
},
{
"Subnet": "fd00::/64",
"Gateway": "fd00::1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"d07f99d1fea21a1195e4f2633881f796054c37448d543b4cd17d80a4adb12ff8": {
"Name": "nginx-proxy",
"EndpointID": "d2cece17781ed498f8e15e243401aaab992127b8513b3a707996c3f01f334f22",
"MacAddress": "7a:66:0b:1d:87:94",
"IPv4Address": "172.18.0.8/16",
"IPv6Address": "fd00::8/64"
},
...
},
"Options": {},
"Labels": {
"com.dockerpose.config-hash": "fba0d480ba32627263ee895579d3cff562bd71ccd258f4ebb77bad3afc248567",
"com.dockerposework": "ipv6-net",
"com.dockerpose.project": "nginx-proxy",
"com.dockerpose.version": "2.34.0"
}
}
]
The container nginx-proxy exposes port 80 and 443
docker-compose.yml
---
x-docker-socket:
- &docker-socket "/var/run/user/${UID}/docker.sock"
services:
nginx-proxy:
build: ./build
image: custom/nginx-proxy
container_name: nginx-proxy
restart: always
environment:
ENABLE_IPV6: "true"
DEFAULT_HOST: yyy.xxx
TRUST_DOWNSTREAM_PROXY: "true"
ports:
- "[::]:80:80"
- "[::]:443:443"
labels:
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
volumes:
- type: bind
source: ./data/certs
target: /etc/nginx/certs
read_only: true
- type: bind
source: ./data/vhost.d
target: /etc/nginx/vhost.d
read_only: false
- type: bind
source: ./data/html
target: /usr/share/nginx/html
read_only: false
- type: bind
source: ./data/logs
target: /var/log/nginx
read_only: false
- type: bind
source: *docker-socket
target: /tmp/docker.sock
read_only: true
networks:
- ipv6-net
...
networks:
ipv6-net:
name: ipv6-net
driver: bridge
enable_ipv6: true
Can you tell me how to debug this to find out what the actual problem is (docker, OS or pasta)? Any other advice? Thank you!
I have switched to docker rootless on my private web server (Raspberry Pi 5).
uname -a
Linux *** 6.6.74+rpt-rpi-2712 #1 SMP PREEMPT Debian 1:6.6.74-1+rpt1 (2025-01-27) aarch64 GNU/Linux
Since slirp4netns does not allow for outgoing ipv6 connections from my docker containers I have configured the docker daemon to use the pasta network driver. This is the configuration i use:
~/.config/systemd/user/docker.service.d/override.conf
[Service]
Environment="DOCKERD_ROOTLESS_ROOTLESSKIT_FLAGS=--ipv6 --copy-up=/etc --disable-host-loopback"
Environment="DOCKERD_ROOTLESS_ROOTLESSKIT_MTU=1500"
Environment="DOCKERD_ROOTLESS_ROOTLESSKIT_NET=pasta"
Environment="DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER=implicit"
~/.docker/daemon.json
{
"experimental": true,
"ipv6": true,
"fixed-cidr-v6": "fd00::/64",
"iptables": true,
"ip6tables": true,
"log-opts": {
"max-size": "10m",
"max-file": "5"
}
}
When I run
systemctl --user daemon-reload
systemctl --user restart docker
everything works just fine. However after some time (few hours) I cannot send requests to the exposed ports of my docker services anymore. The services are still up and running and the network seems to be intact as well. The same problem occurs when i restart the system; the docker containers start, but I cannot send requests to the exposed ports.
docker network inspect ipv6-net
[
{
"Name": "ipv6-net",
"Id": "92d13b9e08df21d1493c8b7657083ec3ce362b5107a8ef86afa4ec22935f78dc",
"Created": "2025-03-26T01:37:37.86753001+01:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv4": true,
"EnableIPv6": true,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.18.0.0/16",
"Gateway": "172.18.0.1"
},
{
"Subnet": "fd00::/64",
"Gateway": "fd00::1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"d07f99d1fea21a1195e4f2633881f796054c37448d543b4cd17d80a4adb12ff8": {
"Name": "nginx-proxy",
"EndpointID": "d2cece17781ed498f8e15e243401aaab992127b8513b3a707996c3f01f334f22",
"MacAddress": "7a:66:0b:1d:87:94",
"IPv4Address": "172.18.0.8/16",
"IPv6Address": "fd00::8/64"
},
...
},
"Options": {},
"Labels": {
"com.dockerpose.config-hash": "fba0d480ba32627263ee895579d3cff562bd71ccd258f4ebb77bad3afc248567",
"com.dockerposework": "ipv6-net",
"com.dockerpose.project": "nginx-proxy",
"com.dockerpose.version": "2.34.0"
}
}
]
The container nginx-proxy exposes port 80 and 443
docker-compose.yml
---
x-docker-socket:
- &docker-socket "/var/run/user/${UID}/docker.sock"
services:
nginx-proxy:
build: ./build
image: custom/nginx-proxy
container_name: nginx-proxy
restart: always
environment:
ENABLE_IPV6: "true"
DEFAULT_HOST: yyy.xxx
TRUST_DOWNSTREAM_PROXY: "true"
ports:
- "[::]:80:80"
- "[::]:443:443"
labels:
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
volumes:
- type: bind
source: ./data/certs
target: /etc/nginx/certs
read_only: true
- type: bind
source: ./data/vhost.d
target: /etc/nginx/vhost.d
read_only: false
- type: bind
source: ./data/html
target: /usr/share/nginx/html
read_only: false
- type: bind
source: ./data/logs
target: /var/log/nginx
read_only: false
- type: bind
source: *docker-socket
target: /tmp/docker.sock
read_only: true
networks:
- ipv6-net
...
networks:
ipv6-net:
name: ipv6-net
driver: bridge
enable_ipv6: true
Can you tell me how to debug this to find out what the actual problem is (docker, OS or pasta)? Any other advice? Thank you!
Share Improve this question asked Mar 27 at 1:29 code_namecode_name 1252 silver badges11 bronze badges1 Answer
Reset to default 0I reached out to the friendly dev team on libera.chat #passt .
The issue is related to the current version of passt in the debian repository and has been reported.
sudo apt show passt
Package: passt
Version: 0.0\~git20230309.7c7625d-1
As the recommended in the github issue, upgrading to version 20241121.g238c69f-1.el9 should resolve it.