Perguntas[docker](computer)

Descrição

Tenho um desktop Windows e um MacBook , ambos conectados à mesma rede local.

• Desktop (Windows) : Conectado via Ethernet
• MacBook : Conectado via Wi-Fi

No meu desktop (Windows) , configurei um servidor web local usando o Docker (executando na porta 9000, vinculado a 0.0.0.0).
O contêiner é iniciado com -p 9000:9000, então ele deve ser acessível de outros dispositivos na mesma rede.

Posso acessar sua interface web sem problemas ao usar o navegador do desktop.

No entanto, quando tento acessar a interface web do meu MacBook usando o Google Chrome , recebo um erro "Página não encontrada" .
Estranhamente, se eu executar o Chrome com o sudo, a página carrega corretamente.

Detalhes adicionais

• O desktop (Windows) e o MacBook estão na mesma sub-rede.
• O servidor web está escutando em 0.0.0.0:9000 , então ele deve ser acessível de outros dispositivos.
• A execução nc -zv <desktop-ip> 9000no MacBook mostra que a porta está aberta .
• Um script Python usando requests.get("http://<desktop-ip>:9000") falha quando executado normalmente , mas funciona bem quando executado comsudo .
• Meu MacBook tem apenas uma conta de usuário e tem privilégios de administrador .
• O firewall do macOS está desabilitado ( /usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstateconfirma isso).
• Executar sudo pfctl -d(desabilitar pfo firewall) não resolve o problema.

O que eu já sei

• Executar qualquer coisa com sudopermissões de acesso, então eu tenho uma solução alternativa .
• No entanto, estou realmente curioso sobre a causa raiz desse problema.
• Quando eu usava apenas desktops Windows , nunca encontrei esse problema.
  Parece ser específico do macOS , possivelmente devido ao seu modelo de segurança ou comportamento de rede.

Minhas perguntas

1. Por que o servidor web só carrega no Chrome quando ele é executado com sudo?
2. Por que uma chamada simples do Python requests.get()falha a menos que eu a execute com sudo?
3. O que pode estar restringindo o acesso à rede para processos normais de usuários no macOS?

Este não é um problema crítico para mim, já que tenho uma solução alternativa, mas eu realmente adoraria entender por que isso acontece . Qualquer informação seria muito apreciada — obrigado!

Sou relativamente novo no uso do Docker e do Docker Compose, e me deparei com um problema que não consigo descobrir como resolver. Qualquer ajuda seria muito apreciada!

Aqui está minha configuração:

Contêiner 1: Hosts NordVPN

Container 2: Executa qBittorrent

Configurei o arquivo docker-compose para que o Container 2 dependa do Container 1. Quando inicio os containers, tudo parece funcionar bem inicialmente. No entanto, quando tento baixar um torrent, o status é imediatamente marcado como "parado".

Aqui está o que confirmei até agora:

Both containers are getting the same public IP address.

Both containers can communicate with Google (tested with ping/curl).

qBittorrent works fine without going through the VPN.

Other torrent programs such as transmitting and deluge run with no issue.

Assim que roteirizo o qBittorrent pelo contêiner VPN, ele para de funcionar novamente.

Alguém já passou por esse problema antes ou tem sugestões sobre o que posso estar fazendo errado?

    services:
  # NordVPN service
  nordvpn:
    image: ghcr.io/bubuntux/nordlynx
    container_name: nordvpn
    cap_add:
      - NET_ADMIN
    environment:
      - PRIVATE_KEY= "insert key"
      - CONNECT=au
      - TECHNOLOGY=NordLynx
      - NET_LOCAL=192.168.0.0/24
    ports:
      - 6881:6881/tcp
      - 6881:6881/udp
      - 8080:8080/tcp
    sysctls:
      net.ipv6.conf.all.disable_ipv6: 1
    restart: unless-stopped
  qbittorrent:
    image: lscr.io/linuxserver/qbittorrent:latest
    container_name: qbittorrent
    environment:
      - PUID=1000
      - PGID=1000
      - TZ='Australia/Brisbane'
      - WEBUI_PORT=8080
      - TORRENTING_PORT=6881
    volumes:
      - ./config:/config
      - /home/andrew/downloads:/downloads
    depends_on:
      - nordvpn
    network_mode: container:nordvpn  # Use the VPN container's network

Agradecemos desde já a sua ajuda!

Tenho um ambiente Coolify com um docker compose com um servidor web PHP e um proxy nginx. O proxy nginx serve arquivos estáticos e atua como um proxy para o servidor PHP.

Tenho dois domínios configurados no Coolify assim https://app.example.org:80. https://static.example.org:80 Este é meu arquivo Docker Compose:

version: '3.8'

services:
  app:
    image: php:8.3-fpm-alpine
    container_name: php-app
    working_dir: /var/www/html
    volumes:
#      - ./:/var/www/html
      - ./config:/var/www/html/config
      - ./backup:/var/www/html/backup
      - ./userdata:/var/www/html/userdata
      - ./.logs:/var/www/html/.logs
    ports:
      - "9000:9000"
    environment:
      PHP_OPCACHE_ENABLE: "1"
      PHP_OPCACHE_MEMORY_CONSUMPTION: "128"
    build:
      context: .
      dockerfile: Dockerfile
    networks:
      - app-network

  webserver:
    image: nginx:alpine
    container_name: nginx-web
    volumes:
      - ./nginx/sites:/etc/nginx/sites
      - ./nginx/nginx.conf:/etc/nginx/nginx.conf
      - ./shared_assets:/var/www/html/shared_assets
      - ./instances:/var/www/html/instances
    environment:
      - ENVIRONMENT=production
    ports:
      - "89:80"
    depends_on:
      - app
    networks:
      - app-network

networks:
  app-network:

Para Nginx tenho dois sites configurados

server {
    listen 80;
    server_name static.example.org;

    root /var/www/html/shared_assets;
    index index.html index.htm;

    # Serve static files from the shared_assets folder
     location /assets/ {
            alias /var/www/html/shared_assets/assets/;  # Fix the alias path to match the actual filesystem location
            try_files $uri $uri/ =404;
        }
}

server {
    listen 80;
    server_name app.example.org;

    root /var/www/html/instances/app/public;
    index index.php;
    add_header Access-Control-Allow-Origin "*";

    location / {
        try_files $uri /index.php$is_args$args;
    }

    location ~ \.php$ {
        include fastcgi_params;
        fastcgi_pass app:9000;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }

    location ~ /\.ht {
        deny all;
    }
}

O serviço de arquivos estáticos funciona, mas o aplicativo me dá um tempo limite de gateway. Essa configuração funciona muito bem na minha máquina local.

Alguma ideia de qual pode ser o problema?

Consegui configurar o VaultWarden que só é acessível em uma LAN local com um certificado SSL que permite criptografar usando o Caddy. O Caddy, o VaultWarden e outros serviços são executados como contêineres Docker que são executados em um host Raspberry Pi.

Configurei um domínio DNS Duck: test111.duckdns.orgque aponta para o endereço IP da minha LAN privada do Raspberry Pi.

Adicionei uma substituição de host nas configurações do meu resolvedor DNS do pfSense (essa foi uma etapa crucial para fazê-lo funcionar), assim:

Host: test111
Domain: duckdns.org
IP Address: <raspberry pi IP address>

Meu arquivo Docker Compose:

networks:
  docker-mongoose:
    driver: bridge
    ipam:
      driver: default
      config:
        - subnet: "172.16.117.0/27"

services:
  caddy:
    image: caddy:2
    networks:
      docker-mongoose:
        ipv4_address: 172.16.117.10
    container_name: caddy
    restart: always
    ports:
      - 80:80
      - 443:443
      - 443:443/udp # Needed for HTTP/3.
    volumes:
      - ./caddy:/usr/bin/caddy  
      - ./Caddyfile:/etc/caddy/Caddyfile:ro
      - ./caddy-config:/config
      - ./caddy-data:/data
    environment:
      DOMAIN: "test111.duckdns.org" 
      #EMAIL: ""
      DUCKDNS_TOKEN: "<duckdns token>>"
      LOG_FILE: "/data/access.logs

   unifi-network-application:
    container_name: unifi-network-application
    image: lscr.io/linuxserver/unifi-network-application:latest
    networks:
      docker-mongoose:
        ipv4_address: 172.16.117.9
    sysctls:
      - net.ipv6.conf.all.disable_ipv6=1s
    ports:
      - 8443:8443
      - 3478:3478/udp
      - 10001:10001/udp
      - 8080:8080
      - 1900:1900/udp #optional
      #- 8843:8843 #optional
      #- 8880:8880 #optional
      #- 6789:6789 #optional
      #- 5514:5514/udp #optional
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/London
      - MONGO_USER=user
      - MONGO_PASS=password
      - MONGO_HOST=unifi-db
      - MONGO_PORT=27017
      - MONGO_DBNAME=unifi-db
      - MEM_LIMIT=1024 #optional
      - MEM_STARTUP=1024 #optional
      #- MONGO_TLS= #optional
      #- MONGO_AUTHSOURCE= #optional
    volumes:
      - /home/user/docker/unifi-network-application/config:/config
    restart: unless-stopped

    unifi-db:
      etc....

  vaultwarden:
    image: vaultwarden/server:latest
    networks:
      docker-mongoose:
        ipv4_address: 172.16.117.8
    container_name: vaultwarden
    restart: always
    environment:
      DOMAIN: "https://test111.duckdns.org"
      SIGNUPS_ALLOWED: "false"
      INVITATIONS_ALLOWED: "false"
      SHOW_PASSWORD_HINT: "false"
      LOG_FILE: "/data/vaultwarden.log"
      LOG_LEVEL: "warn"
    volumes:
      - ./vw-data:/data # the path before the : can be changed
    #ports:
      #- 8888:80 # you can replace the 11001 with your preferred port

Meu Caddyfile:

{$DOMAIN} {
    log {
        level INFO
        output file {$LOG_FILE} {
            roll_size 10MB
            roll_keep 10
        }
    }

    # Use the ACME DNS-01 challenge to get a cert for the configured domain.
    tls {
        dns duckdns {$DUCKDNS_TOKEN}
    }

    # This setting may have compatibility issues with some browsers
    # (e.g., attachment downloading on Firefox). Try disabling this
    # if you encounter issues.
    encode zstd gzip

    # Proxy everything to Rocket
    reverse_proxy vaultwarden:80
}

Esta configuração funciona bem, eu posso acessar meu VaultWarden por SSL indo para https://test111.duckdns.orge ele usa um certificado Let's Encrypt. Eu usei este guia para conseguir isso.

No entanto, eu gostaria que ele fosse usado para que eu pudesse usar o Caddy para vários serviços docker. Por exemplo, para visitar o VaultWarden, eu poderia visitar https://vaultwarden.test111.duckdns.orgou https://service.test111.duckdns.orgetc.

Tentei alterar isso no Caddyfile usando curingas:

# Wildcard SSL for all subdomains under the domain defined in the {$DOMAIN} variable
*.{$DOMAIN} {
    tls {
        dns duckdns {$DUCKDNS_TOKEN}
    }

    # Logs configuration (optional, adjust as necessary)
    log {
        level INFO
        output file {$LOG_FILE} {
            roll_size 10MB
            roll_keep 10
        }
    }

    # Default reverse proxy to a generic service if no specific service matches
    reverse_proxy service_default:80
}

# Vaultwarden Service
vaultwarden.{$DOMAIN} {
    reverse_proxy vaultwarden:80
    log {
        level INFO
        output file {$LOG_FILE} {
            roll_size 10MB
            roll_keep 10
        }
    }
}


unifi.{$DOMAIN} {
    reverse_proxy unifi-network-application:8443
    log {
        level INFO
        output file {$LOG_FILE} {
            roll_size 10MB
            roll_keep 10
        }
    }
}

Também adicionei as substituições de host nas configurações do resolvedor DNS do pfSense para que os diferentes serviços apontem para meus endereços IP do Docker:

Host: unifi     
Domain: test111.duckdns.org     
IP Address: 172.16.117.9

Host: vaultwarden   
Domain: test111.duckdns.org     
IP Address: 172.16.117.8

E ele pode encontrá-los com nslookup :

nslookup vaultwarden.test111.duckdns.org
Server:     127.0.0.53
Address:    127.0.0.53#53

Non-authoritative answer:
Name:   vaultwarden.test111.duckdns.org
Address: 172.16.117.8

Entretanto, isso não funciona. Não consigo acessar meus serviços do Docker e recebo os seguintes erros no meu contêiner Caddy:

{"level":"info","ts":1731770427.407683,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}

{"level":"info","ts":1731770427.4159002,"msg":"adapted config to JSON","adapter":"caddyfile"}

{"level":"info","ts":1731770427.4204524,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}

{"level":"info","ts":1731770427.4216182,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0x383a900"}

{"level":"info","ts":1731770427.4221516,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}

{"level":"info","ts":1731770427.4224873,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}

{"level":"info","ts":1731770427.4248602,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}

{"level":"info","ts":1731770427.4254677,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 7168 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes for details."}

{"level":"info","ts":1731770427.4263346,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}

{"level":"info","ts":1731770427.4268074,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}

{"level":"info","ts":1731770427.4269671,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["vaultwarden.test111.duckdns.org","unifi.test111.duckdns.org","*.test111.duckdns.org"]}

{"level":"info","ts":1731770427.4284034,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}

{"level":"info","ts":1731770427.4289424,"msg":"serving initial configuration"}

{"level":"info","ts":1731770427.4288747,"logger":"tls.obtain","msg":"acquiring lock","identifier":"vaultwarden.test111.duckdns.org"}

{"level":"info","ts":1731770427.4296653,"logger":"tls.obtain","msg":"acquiring lock","identifier":"unifi.test111.duckdns.org"}

{"level":"info","ts":1731770427.429877,"logger":"tls.obtain","msg":"acquiring lock","identifier":"*.test111.duckdns.org"}

{"level":"info","ts":1731770427.4420304,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/data/caddy","instance":"a16163dc-5a65-4977-a1d2-99f3861efde9","try_again":1731856827.4420183,"try_again_in":86399.999995129}

{"level":"info","ts":1731770427.4445798,"logger":"tls","msg":"finished cleaning storage units"}

{"level":"info","ts":1731770427.44627,"logger":"tls.obtain","msg":"lock acquired","identifier":"*.test111.duckdns.org"}

{"level":"info","ts":1731770427.4462702,"logger":"tls.obtain","msg":"lock acquired","identifier":"vaultwarden.test111.duckdns.org"}

{"level":"info","ts":1731770427.446822,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"*.test111.duckdns.org"}

{"level":"info","ts":1731770427.4474423,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"vaultwarden.test111.duckdns.org"}

{"level":"info","ts":1731770427.4468448,"logger":"tls.obtain","msg":"lock acquired","identifier":"unifi.test111.duckdns.org"}

{"level":"info","ts":1731770427.4486356,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"unifi.test111.duckdns.org"}

{"level":"info","ts":1731770427.4698937,"logger":"tls","msg":"waiting on internal rate limiter","identifiers":["unifi.test111.duckdns.org"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}

{"level":"info","ts":1731770427.4699652,"logger":"tls","msg":"done waiting on internal rate limiter","identifiers":["unifi.test111.duckdns.org"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}

{"level":"info","ts":1731770427.4700146,"logger":"tls","msg":"using ACME account","account_id":"https://acme-v02.api.letsencrypt.org/acme/acct/1972895377","account_contact":[]}

{"level":"info","ts":1731770427.4704852,"logger":"tls","msg":"waiting on internal rate limiter","identifiers":["vaultwarden.test111.duckdns.org"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}

{"level":"info","ts":1731770427.4709487,"logger":"tls","msg":"done waiting on internal rate limiter","identifiers":["vaultwarden.test111.duckdns.org"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}

{"level":"info","ts":1731770427.472356,"logger":"tls","msg":"using ACME account","account_id":"https://acme-v02.api.letsencrypt.org/acme/acct/1972895377","account_contact":[]}

{"level":"info","ts":1731770427.4715934,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["*.test111.duckdns.org"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}

{"level":"info","ts":1731770427.4725082,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["*.test111.duckdns.org"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}

{"level":"info","ts":1731770427.4725654,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-v02.api.letsencrypt.org/acme/acct/1972895377","account_contact":[]}

{"level":"info","ts":1731770428.6145887,"logger":"tls.acme_client","msg":"trying to solve challenge","identifier":"vaultwarden.test111.duckdns.org","challenge_type":"tls-alpn-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}

{"level":"info","ts":1731770428.686017,"logger":"tls.acme_client","msg":"trying to solve challenge","identifier":"unifi.test111.duckdns.org","challenge_type":"tls-alpn-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}

{"level":"info","ts":1731770428.8439467,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"*.test111.duckdns.org","challenge_type":"dns-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}

{"level":"error","ts":1731770429.2492373,"logger":"tls.acme_client","msg":"challenge failed","identifier":"unifi.test111.duckdns.org","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:dns","title":"","detail":"no valid A records found for unifi.test111.duckdns.org; DNS problem: SERVFAIL looking up AAAA for unifi.test111.duckdns.org - the domain's nameservers may be malfunctioning","instance":"","subproblems":[]}}

{"level":"error","ts":1731770429.2495832,"logger":"tls.acme_client","msg":"validating authorization","identifier":"unifi.test111.duckdns.org","problem":{"type":"urn:ietf:params:acme:error:dns","title":"","detail":"no valid A records found for unifi.test111.duckdns.org; DNS problem: SERVFAIL looking up AAAA for unifi.test111.duckdns.org - the domain's nameservers may be malfunctioning","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1972895377/323713330197","attempt":1,"max_attempts":3}

{"level":"info","ts":1731770430.672126,"logger":"tls.acme_client","msg":"trying to solve challenge","identifier":"unifi.test111.duckdns.org","challenge_type":"http-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}

{"level":"error","ts":1731770431.3256845,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"*.test111.duckdns.org","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.test111.duckdns.org\" (usually OK if presenting also failed)"}

{"level":"error","ts":1731770431.5020833,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"*.test111.duckdns.org","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[*.test111.duckdns.org] solving challenges: presenting for challenge: could not determine zone for domain \"_acme-challenge.test111.duckdns.org\": unexpected response code 'SERVFAIL' for _acme-challenge.test111.duckdns.org. (order=https://acme-v02.api.letsencrypt.org/acme/order/1972895377/323713330907) (ca=https://acme-v02.api.letsencrypt.org/directory)"}

{"level":"error","ts":1731770431.5025475,"logger":"tls.obtain","msg":"will retry","error":"[*.test111.duckdns.org] Obtain: [*.test111.duckdns.org] solving challenges: presenting for challenge: could not determine zone for domain \"_acme-challenge.test111.duckdns.org\": unexpected response code 'SERVFAIL' for _acme-challenge.test111.duckdns.org. (order=https://acme-v02.api.letsencrypt.org/acme/order/1972895377/323713330907) (ca=https://acme-v02.api.letsencrypt.org/directory)","attempt":1,"retrying_in":60,"elapsed":4.05621756,"max_duration":2592000}

{"level":"error","ts":1731770438.8788044,"logger":"tls.acme_client","msg":"challenge failed","identifier":"vaultwarden.test111.duckdns.org","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:dns","title":"","detail":"DNS problem: SERVFAIL looking up A for vaultwarden.test111.duckdns.org - the domain's nameservers may be malfunctioning; no valid AAAA records found for vaultwarden.test111.duckdns.org","instance":"","subproblems":[]}}

{"level":"error","ts":1731770438.8789387,"logger":"tls.acme_client","msg":"validating authorization","identifier":"vaultwarden.test111.duckdns.org","problem":{"type":"urn:ietf:params:acme:error:dns","title":"","detail":"DNS problem: SERVFAIL looking up A for vaultwarden.test111.duckdns.org - the domain's nameservers may be malfunctioning; no valid AAAA records found for vaultwarden.test111.duckdns.org","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1972895377/323713330097","attempt":1,"max_attempts":3}

{"level":"info","ts":1731770440.2944498,"logger":"tls.acme_client","msg":"trying to solve challenge","identifier":"vaultwarden.test111.duckdns.org","challenge_type":"http-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}

{"level":"error","ts":1731770450.1866465,"logger":"tls.acme_client","msg":"challenge failed","identifier":"unifi.test111.duckdns.org","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:dns","title":"","detail":"no valid A records found for unifi.test111.duckdns.org; no valid AAAA records found for unifi.test111.duckdns.org","instance":"","subproblems":[]}}

{"level":"error","ts":1731770450.1867352,"logger":"tls.acme_client","msg":"validating authorization","identifier":"unifi.test111.duckdns.org","problem":{"type":"urn:ietf:params:acme:error:dns","title":"","detail":"no valid A records found for unifi.test111.duckdns.org; no valid AAAA records found for unifi.test111.duckdns.org","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1972895377/323713337107","attempt":2,"max_attempts":3}

{"level":"error","ts":1731770450.1868649,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"unifi.test111.duckdns.org","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:dns - no valid A records found for unifi.test111.duckdns.org; no valid AAAA records found for unifi.test111.duckdns.org"}

{"level":"error","ts":1731770450.1870203,"logger":"tls.obtain","msg":"will retry","error":"[unifi.test111.duckdns.org] Obtain: [unifi.test111.duckdns.org] solving challenge: unifi.test111.duckdns.org: [unifi.test111.duckdns.org] authorization failed: HTTP 400 urn:ietf:params:acme:error:dns - no valid A records found for unifi.test111.duckdns.org; no valid AAAA records found for unifi.test111.duckdns.org (ca=https://acme-v02.api.letsencrypt.org/directory)","attempt":1,"retrying_in":60,"elapsed":22.738644345,"max_duration":2592000}

{"level":"error","ts":1731770460.5871239,"logger":"tls.acme_client","msg":"challenge failed","identifier":"vaultwarden.test111.duckdns.org","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:dns","title":"","detail":"DNS problem: SERVFAIL looking up A for vaultwarden.test111.duckdns.org - the domain's nameservers may be malfunctioning; DNS problem: SERVFAIL looking up AAAA for vaultwarden.test111.duckdns.org - the domain's nameservers may be malfunctioning","instance":"","subproblems":[]}}

{"level":"error","ts":1731770460.5872557,"logger":"tls.acme_client","msg":"validating authorization","identifier":"vaultwarden.test111.duckdns.org","problem":{"type":"urn:ietf:params:acme:error:dns","title":"","detail":"DNS problem: SERVFAIL looking up A for vaultwarden.test111.duckdns.org - the domain's nameservers may be malfunctioning; DNS problem: SERVFAIL looking up AAAA for vaultwarden.test111.duckdns.org - the domain's nameservers may be malfunctioning","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1972895377/323713378127","attempt":2,"max_attempts":3}

{"level":"error","ts":1731770460.5873518,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"vaultwarden.test111.duckdns.org","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:dns - DNS problem: SERVFAIL looking up A for vaultwarden.test111.duckdns.org - the domain's nameservers may be malfunctioning; DNS problem: SERVFAIL looking up AAAA for vaultwarden.test111.duckdns.org - the domain's nameservers may be malfunctioning"}

{"level":"error","ts":1731770460.5875442,"logger":"tls.obtain","msg":"will retry","error":"[vaultwarden.test111.duckdns.org] Obtain: [vaultwarden.test111.duckdns.org] solving challenge: vaultwarden.test111.duckdns.org: [vaultwarden.test111.duckdns.org] authorization failed: HTTP 400 urn:ietf:params:acme:error:dns - DNS problem: SERVFAIL looking up A for vaultwarden.test111.duckdns.org - the domain's nameservers may be malfunctioning; DNS problem: SERVFAIL looking up AAAA for vaultwarden.test111.duckdns.org - the domain's nameservers may be malfunctioning (ca=https://acme-v02.api.letsencrypt.org/directory)","attempt":1,"retrying_in":60,"elapsed":33.140588664,"max_duration":2592000}

Estou essencialmente tentando conseguir isso , mas com Caddy e duck dns. Mas não tenho certeza se isso é possível ou se estou configurando o Caddy incorretamente.

Depois de atualizar o GitLab-ee, Docker, Omnibus de 17.2.9 para 17.3.6 e finalmente para 17.5.1, quando estou em um arquivo no meu repositório no GitLab e clico em Editar -> Abrir no Web IDE ( vscode_web_ide), sou encaminhado para a página de erro 500.

Esse comportamento não estava presente no 17.2.9 ou em versões anteriores que eu tinha instalado. Postei esse problema como um problema com o GitLab, mas não estou obtendo uma resposta.

Como posso consertar isso?

Registros:

==> /var/log/gitlab/gitlab-exporter/current <==
2024-10-29_05:50:26.69914 ::1 - - [29/Oct/2024:05:50:26 UTC] "GET /sidekiq HTTP/1.1" 200 579
2024-10-29_05:50:26.69917 - -> /sidekiq

==> /var/log/gitlab/gitlab-rails/production.log <==
OpenSSL::Cipher::CipherError ():
encryptor (3.0.0) lib/encryptor.rb:98:in final' encryptor (3.0.0) lib/encryptor.rb:98:in crypt'
encryptor (3.0.0) lib/encryptor.rb:49:in decrypt' vendor/gems/attr_encrypted/lib/attr_encrypted.rb:244:in attr_decrypt'
vendor/gems/attr_encrypted/lib/attr_encrypted.rb:333:in attr_decrypt' vendor/gems/attr_encrypted/lib/attr_encrypted.rb:163:in block (2 levels) in attr_encrypted'
activemodel (7.0.8.4) lib/active_model/validator.rb:150:in block in validate' activemodel (7.0.8.4) lib/active_model/validator.rb:149:in each'
activemodel (7.0.8.4) lib/active_model/validator.rb:149:in validate' activesupport (7.0.8.4) lib/active_support/callbacks.rb:423:in block in make_lambda'
activesupport (7.0.8.4) lib/active_support/callbacks.rb:199:in block (2 levels) in halting' activesupport (7.0.8.4) lib/active_support/callbacks.rb:687:in block (2 levels) in default_terminator'
activesupport (7.0.8.4) lib/active_support/callbacks.rb:686:in catch' activesupport (7.0.8.4) lib/active_support/callbacks.rb:686:in block in default_terminator'
activesupport (7.0.8.4) lib/active_support/callbacks.rb:200:in block in halting' activesupport (7.0.8.4) lib/active_support/callbacks.rb:595:in block in invoke_before'
activesupport (7.0.8.4) lib/active_support/callbacks.rb:595:in each' activesupport (7.0.8.4) lib/active_support/callbacks.rb:595:in invoke_before'
activesupport (7.0.8.4) lib/active_support/callbacks.rb:106:in run_callbacks' activesupport (7.0.8.4) lib/active_support/callbacks.rb:929:in _run_validate_callbacks'
activemodel (7.0.8.4) lib/active_model/validations.rb:406:in run_validations!' activemodel (7.0.8.4) lib/active_model/validations/callbacks.rb:115:in block in run_validations!'
activesupport (7.0.8.4) lib/active_support/callbacks.rb:107:in run_callbacks' activesupport (7.0.8.4) lib/active_support/callbacks.rb:929:in _run_validation_callbacks'
activemodel (7.0.8.4) lib/active_model/validations/callbacks.rb:115:in run_validations!' activemodel (7.0.8.4) lib/active_model/validations.rb:337:in valid?'
activerecord (7.0.8.4) lib/active_record/validations.rb:68:in valid?' activerecord (7.0.8.4) lib/active_record/validations.rb:84:in perform_validations'
activerecord (7.0.8.4) lib/active_record/validations.rb:53:in save!' activerecord (7.0.8.4) lib/active_record/transactions.rb:302:in block in save!'
activerecord (7.0.8.4) lib/active_record/transactions.rb:354:in block in with_transaction_returning_status' activerecord (7.0.8.4) lib/active_record/connection_adapters/abstract/database_statements.rb:314:in transaction'
lib/gitlab/database/load_balancing/connection_proxy.rb:127:in public_send' lib/gitlab/database/load_balancing/connection_proxy.rb:127:in block in write_using_load_balancer'
lib/gitlab/database/load_balancing/load_balancer.rb:141:in block in read_write' lib/gitlab/database/load_balancing/load_balancer.rb:228:in retry_with_backoff'
lib/gitlab/database/load_balancing/load_balancer.rb:130:in read_write' lib/gitlab/database/load_balancing/connection_proxy.rb:126:in write_using_load_balancer'
lib/gitlab/database/load_balancing/connection_proxy.rb:78:in transaction' activerecord (7.0.8.4) lib/active_record/transactions.rb:350:in with_transaction_returning_status'
activerecord (7.0.8.4) lib/active_record/transactions.rb:302:in save!' activerecord (7.0.8.4) lib/active_record/suppressor.rb:54:in save!'
activerecord (7.0.8.4) lib/active_record/persistence.rb:782:in block in update!' activerecord (7.0.8.4) lib/active_record/transactions.rb:354:in block in with_transaction_returning_status'
activerecord (7.0.8.4) lib/active_record/connection_adapters/abstract/database_statements.rb:314:in transaction' lib/gitlab/database/load_balancing/connection_proxy.rb:127:in public_send'
lib/gitlab/database/load_balancing/connection_proxy.rb:127:in block in write_using_load_balancer' lib/gitlab/database/load_balancing/load_balancer.rb:141:in block in read_write'
lib/gitlab/database/load_balancing/load_balancer.rb:228:in retry_with_backoff' lib/gitlab/database/load_balancing/load_balancer.rb:130:in read_write'
lib/gitlab/database/load_balancing/connection_proxy.rb:126:in write_using_load_balancer' lib/gitlab/database/load_balancing/connection_proxy.rb:78:in transaction'
activerecord (7.0.8.4) lib/active_record/transactions.rb:350:in with_transaction_returning_status' activerecord (7.0.8.4) lib/active_record/persistence.rb:780:in update!'
lib/web_ide/default_oauth_application.rb:51:in block in ensure_oauth_application!' app/models/concerns/cross_database_modification.rb:91:in block in transaction'
activerecord (7.0.8.4) lib/active_record/connection_adapters/abstract/transaction.rb:319:in block in within_new_transaction' activesupport (7.0.8.4) lib/active_support/concurrency/load_interlock_aware_monitor.rb:25:in handle_interrupt'
activesupport (7.0.8.4) lib/active_support/concurrency/load_interlock_aware_monitor.rb:25:in block in synchronize' activesupport (7.0.8.4) lib/active_support/concurrency/load_interlock_aware_monitor.rb:21:in handle_interrupt'
activesupport (7.0.8.4) lib/active_support/concurrency/load_interlock_aware_monitor.rb:21:in synchronize' activerecord (7.0.8.4) lib/active_record/connection_adapters/abstract/transaction.rb:317:in within_new_transaction'
activerecord (7.0.8.4) lib/active_record/connection_adapters/abstract/database_statements.rb:316:in transaction' lib/gitlab/database/load_balancing/connection_proxy.rb:127:in public_send'
lib/gitlab/database/load_balancing/connection_proxy.rb:127:in block in write_using_load_balancer' lib/gitlab/database/load_balancing/load_balancer.rb:141:in block in read_write'
lib/gitlab/database/load_balancing/load_balancer.rb:228:in retry_with_backoff' lib/gitlab/database/load_balancing/load_balancer.rb:130:in read_write'
lib/gitlab/database/load_balancing/connection_proxy.rb:126:in write_using_load_balancer' lib/gitlab/database/load_balancing/connection_proxy.rb:78:in transaction'
activerecord (7.0.8.4) lib/active_record/transactions.rb:209:in transaction' lib/gitlab/database.rb:383:in block in transaction'
activesupport (7.0.8.4) lib/active_support/notifications.rb:206:in block in instrument' activesupport (7.0.8.4) lib/active_support/notifications/instrumenter.rb:24:in instrument'
activesupport (7.0.8.4) lib/active_support/notifications.rb:206:in instrument' lib/gitlab/database.rb:382:in transaction'
app/models/concerns/cross_database_modification.rb:82:in transaction' activerecord (7.0.8.4) lib/active_record/transactions.rb:290:in transaction'
lib/web_ide/default_oauth_application.rb:39:in ensure_oauth_application!' app/controllers/ide_controller.rb:48:in ensure_web_ide_oauth_application!'
activesupport (7.0.8.4) lib/active_support/callbacks.rb:400:in block in make_lambda' activesupport (7.0.8.4) lib/active_support/callbacks.rb:180:in block (2 levels) in halting_and_conditional'
actionpack (7.0.8.4) lib/abstract_controller/callbacks.rb:34:in block (2 levels) in <module:Callbacks>' activesupport (7.0.8.4) lib/active_support/callbacks.rb:181:in block in halting_and_conditional'
activesupport (7.0.8.4) lib/active_support/callbacks.rb:595:in block in invoke_before' activesupport (7.0.8.4) lib/active_support/callbacks.rb:595:in each'
activesupport (7.0.8.4) lib/active_support/callbacks.rb:595:in invoke_before' activesupport (7.0.8.4) lib/active_support/callbacks.rb:116:in block in run_callbacks'
lib/gitlab/ip_address_state.rb:11:in with' ee/app/controllers/ee/application_controller.rb:45:in set_current_ip_address'
activesupport (7.0.8.4) lib/active_support/callbacks.rb:127:in block in run_callbacks' app/controllers/application_controller.rb:484:in set_current_admin'
activesupport (7.0.8.4) lib/active_support/callbacks.rb:127:in block in run_callbacks' lib/gitlab/session.rb:11:in with_session'
app/controllers/application_controller.rb:475:in set_session_storage' activesupport (7.0.8.4) lib/active_support/callbacks.rb:127:in block in run_callbacks'
lib/gitlab/i18n.rb:114:in with_locale' lib/gitlab/i18n.rb:120:in with_user_locale'
app/controllers/application_controller.rb:466:in set_locale' activesupport (7.0.8.4) lib/active_support/callbacks.rb:127:in block in run_callbacks'
marginalia (1.11.1) lib/marginalia.rb:109:in record_query_comment' activesupport (7.0.8.4) lib/active_support/callbacks.rb:127:in block in run_callbacks'
app/controllers/application_controller.rb:459:in set_current_context' activesupport (7.0.8.4) lib/active_support/callbacks.rb:127:in block in run_callbacks'
sentry-rails (5.19.0) lib/sentry/rails/controller_transaction.rb:30:in block in sentry_around_action' sentry-ruby (5.19.0) lib/sentry/hub.rb:102:in with_child_span'
sentry-ruby (5.19.0) lib/sentry-ruby.rb:498:in with_child_span' sentry-rails (5.19.0) lib/sentry/rails/controller_transaction.rb:16:in sentry_around_action'
activesupport (7.0.8.4) lib/active_support/callbacks.rb:127:in block in run_callbacks' activesupport (7.0.8.4) lib/active_support/callbacks.rb:138:in run_callbacks'
actionpack (7.0.8.4) lib/abstract_controller/callbacks.rb:233:in process_action' actionpack (7.0.8.4) lib/action_controller/metal/rescue.rb:23:in process_action'
actionpack (7.0.8.4) lib/action_controller/metal/instrumentation.rb:67:in block in process_action' activesupport (7.0.8.4) lib/active_support/notifications.rb:206:in block in instrument'
activesupport (7.0.8.4) lib/active_support/notifications/instrumenter.rb:24:in instrument' activesupport (7.0.8.4) lib/active_support/notifications.rb:206:in instrument'
actionpack (7.0.8.4) lib/action_controller/metal/instrumentation.rb:66:in process_action' actionpack (7.0.8.4) lib/action_controller/metal/params_wrapper.rb:259:in process_action'
activerecord (7.0.8.4) lib/active_record/railties/controller_runtime.rb:27:in process_action' actionpack (7.0.8.4) lib/abstract_controller/base.rb:151:in process'
actionview (7.0.8.4) lib/action_view/rendering.rb:39:in process' actionpack (7.0.8.4) lib/action_controller/metal.rb:188:in dispatch'
actionpack (7.0.8.4) lib/action_controller/metal.rb:249:in block in dispatch' lib/gitlab/middleware/action_controller_static_context.rb:23:in call'
actionpack (7.0.8.4) lib/action_controller/metal.rb:249:in dispatch' actionpack (7.0.8.4) lib/action_dispatch/routing/route_set.rb:49:in dispatch'
actionpack (7.0.8.4) lib/action_dispatch/routing/route_set.rb:32:in serve' actionpack (7.0.8.4) lib/action_dispatch/journey/router.rb:50:in block in serve'
actionpack (7.0.8.4) lib/action_dispatch/journey/router.rb:32:in each' actionpack (7.0.8.4) lib/action_dispatch/journey/router.rb:32:in serve'
actionpack (7.0.8.4) lib/action_dispatch/routing/route_set.rb:852:in call' gitlab-experiment (0.9.1) lib/gitlab/experiment/middleware.rb:19:in call'
flipper (0.26.2) lib/flipper/middleware/memoizer.rb:72:in memoized_call' flipper (0.26.2) lib/flipper/middleware/memoizer.rb:37:in call'
lib/gitlab/metrics/elasticsearch_rack_middleware.rb:16:in call' lib/gitlab/middleware/sidekiq_shard_awareness_validation.rb:20:in block in call'
lib/gitlab/sidekiq_sharding/validator.rb:42:in enabled' lib/gitlab/middleware/sidekiq_shard_awareness_validation.rb:20:in call'
lib/gitlab/middleware/memory_report.rb:13:in call' lib/gitlab/middleware/speedscope.rb:13:in call'
lib/gitlab/database/load_balancing/rack_middleware.rb:23:in call' lib/gitlab/middleware/rails_queue_duration.rb:33:in call'
lib/gitlab/etag_caching/middleware.rb:21:in call' lib/gitlab/metrics/rack_middleware.rb:16:in block in call'
lib/gitlab/metrics/web_transaction.rb:46:in run' lib/gitlab/metrics/rack_middleware.rb:16:in call'
lib/gitlab/middleware/go.rb:21:in call' lib/gitlab/middleware/query_analyzer.rb:11:in block in call'
lib/gitlab/database/query_analyzer.rb:83:in within' lib/gitlab/middleware/query_analyzer.rb:11:in call'
lib/ci/job_token/middleware.rb:11:in call' batch-loader (2.0.5) lib/batch_loader/middleware.rb:11:in call'
rack-attack (6.7.0) lib/rack/attack.rb:103:in call' apollo_upload_server (2.1.6) lib/apollo_upload_server/middleware.rb:19:in call'
lib/gitlab/middleware/multipart.rb:173:in call' rack-attack (6.7.0) lib/rack/attack.rb:127:in call'
warden (1.2.9) lib/warden/manager.rb:36:in block in call' warden (1.2.9) lib/warden/manager.rb:34:in catch'
warden (1.2.9) lib/warden/manager.rb:34:in call' rack-cors (2.0.2) lib/rack/cors.rb:102:in call'
rack (2.2.9) lib/rack/tempfile_reaper.rb:15:in call' rack (2.2.9) lib/rack/etag.rb:27:in call'
rack (2.2.9) lib/rack/conditional_get.rb:27:in call' rack (2.2.9) lib/rack/head.rb:12:in call'
actionpack (7.0.8.4) lib/action_dispatch/http/permissions_policy.rb:38:in call' actionpack (7.0.8.4) lib/action_dispatch/http/content_security_policy.rb:36:in call'
lib/gitlab/middleware/read_only/controller.rb:50:in call' lib/gitlab/middleware/read_only.rb:18:in call'
lib/gitlab/middleware/unauthenticated_session_expiry.rb:18:in call' rack (2.2.9) lib/rack/session/abstract/id.rb:266:in context'
rack (2.2.9) lib/rack/session/abstract/id.rb:260:in call' actionpack (7.0.8.4) lib/action_dispatch/middleware/cookies.rb:704:in call'
lib/gitlab/middleware/strip_cookies.rb:29:in call' lib/gitlab/middleware/same_site_cookies.rb:27:in call'
actionpack (7.0.8.4) lib/action_dispatch/middleware/callbacks.rb:27:in block in call' activesupport (7.0.8.4) lib/active_support/callbacks.rb:99:in run_callbacks'
actionpack (7.0.8.4) lib/action_dispatch/middleware/callbacks.rb:26:in call' sentry-rails (5.19.0) lib/sentry/rails/rescued_exception_interceptor.rb:12:in call'
actionpack (7.0.8.4) lib/action_dispatch/middleware/debug_exceptions.rb:28:in call' lib/gitlab/middleware/path_traversal_check.rb:35:in call'
lib/gitlab/middleware/handle_malformed_strings.rb:21:in call' sentry-ruby (5.19.0) lib/sentry/rack/capture_exceptions.rb:30:in block (2 levels) in call'
sentry-ruby (5.19.0) lib/sentry/hub.rb:258:in with_session_tracking' sentry-ruby (5.19.0) lib/sentry-ruby.rb:411:in with_session_tracking'
sentry-ruby (5.19.0) lib/sentry/rack/capture_exceptions.rb:21:in block in call' sentry-ruby (5.19.0) lib/sentry/hub.rb:59:in with_scope'
sentry-ruby (5.19.0) lib/sentry-ruby.rb:391:in with_scope' sentry-ruby (5.19.0) lib/sentry/rack/capture_exceptions.rb:20:in call'
actionpack (7.0.8.4) lib/action_dispatch/middleware/show_exceptions.rb:29:in call' lib/gitlab/middleware/basic_health_check.rb:25:in call'
lograge (0.11.2) lib/lograge/rails_ext/rack/logger.rb:15:in call_app' railties (7.0.8.4) lib/rails/rack/logger.rb:25:in block in call'
activesupport (7.0.8.4) lib/active_support/tagged_logging.rb:99:in block in tagged' activesupport (7.0.8.4) lib/active_support/tagged_logging.rb:37:in tagged'
activesupport (7.0.8.4) lib/active_support/tagged_logging.rb:99:in tagged' railties (7.0.8.4) lib/rails/rack/logger.rb:25:in call'
actionpack (7.0.8.4) lib/action_dispatch/middleware/remote_ip.rb:93:in call' lib/gitlab/middleware/handle_ip_spoof_attack_error.rb:25:in call'
lib/gitlab/middleware/request_context.rb:15:in call' lib/gitlab/middleware/webhook_recursion_detection.rb:15:in call'
request_store (1.5.1) lib/request_store/middleware.rb:19:in call' rack (2.2.9) lib/rack/method_override.rb:24:in call'
rack (2.2.9) lib/rack/runtime.rb:22:in call' rack-timeout (0.7.0) lib/rack/timeout/core.rb:154:in block in call'
rack-timeout (0.7.0) lib/rack/timeout/support/timeout.rb:19:in timeout' rack-timeout (0.7.0) lib/rack/timeout/core.rb:153:in call'
config/initializers/fix_local_cache_middleware.rb:11:in call' lib/gitlab/middleware/compressed_json.rb:44:in call'
actionpack (7.0.8.4) lib/action_dispatch/middleware/executor.rb:14:in call' lib/gitlab/middleware/rack_multipart_tempfile_factory.rb:19:in call'
rack (2.2.9) lib/rack/sendfile.rb:110:in call' lib/gitlab/middleware/sidekiq_web_static.rb:20:in call'
lib/gitlab/metrics/requests_rack_middleware.rb:79:in call' gitlab-labkit (0.36.1) lib/labkit/middleware/rack.rb:22:in block in call'
gitlab-labkit (0.36.1) lib/labkit/context.rb:35:in with_context' gitlab-labkit (0.36.1) lib/labkit/middleware/rack.rb:21:in call'
actionpack (7.0.8.4) lib/action_dispatch/middleware/request_id.rb:26:in call' actionpack (7.0.8.4) lib/action_dispatch/middleware/host_authorization.rb:131:in call'
railties (7.0.8.4) lib/rails/engine.rb:530:in call' railties (7.0.8.4) lib/rails/railtie.rb:226:in public_send'
railties (7.0.8.4) lib/rails/railtie.rb:226:in method_missing' lib/gitlab/middleware/release_env.rb:13:in call'
rack (2.2.9) lib/rack/urlmap.rb:74:in block in call' rack (2.2.9) lib/rack/urlmap.rb:58:in each'
rack (2.2.9) lib/rack/urlmap.rb:58:in call' puma (6.4.3) lib/puma/configuration.rb:272:in call'
puma (6.4.3) lib/puma/request.rb:100:in block in handle_request' puma (6.4.3) lib/puma/thread_pool.rb:378:in with_force_shutdown'
puma (6.4.3) lib/puma/request.rb:99:in handle_request' puma (6.4.3) lib/puma/server.rb:464:in process_client'
puma (6.4.3) lib/puma/server.rb:245:in block in run' puma (6.4.3) lib/puma/thread_pool.rb:155:in block in spawn_thread'

==> /var/log/gitlab/gitlab-workhorse/current <==
{"backend_id":"rails","content_type":"text/html; charset=utf-8","correlation_id":"01JBBD6MCDVN5E5M60A619DCB9","duration_ms":649,"host":"gitlab.REDACTED.net:8443","level":"info","method":"GET","msg":"access","proto":"HTTP/1.1","referrer":"https://gitlab.REDACTED.net:8443/REDACTED/documentation/-/blob/main/.gitlab-ci.yml?ref_type=heads","remote_addr":"REDACTED_IP:0","remote_ip":"REDACTED_IP","route":"^/-/","route_id":"dash","status":500,"system":"http","time":"2024-10-29T05:50:26Z","ttfb_ms":649,"uri":"/-/ide/project/REDACTED/documentation/edit/main/-/.gitlab-ci.yml","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Edg/130.0.0.0","written_bytes":1624}
==> /var/log/gitlab/nginx/gitlab_access.log <==
REDACTED_IP - - [29/Oct/2024:05:50:26 +0000] "GET /-/ide/project/REDACTED/documentation/edit/main/-/.gitlab-ci.yml HTTP/2.0" 500 1624 "https://gitlab.REDACTED.net:8443/REDACTED/documentation/-/blob/main/.gitlab-ci.yml" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Edg/130.0.0.0" -

==> /var/log/gitlab/gitlab-workhorse/current <==
{"correlation_id":"01JBBD6N1KZTCQV207EN7SJB92","encoding":"","file":"/opt/gitlab/embedded/service/gitlab-rails/public/-/error-illustrations/error-500-lg.svg","level":"info","method":"GET","msg":"Send static file","time":"2024-10-29T05:50:26Z","uri":"/-/error-illustrations/error-500-lg.svg"}
{"backend_id":"rails","content_type":"image/svg+xml","correlation_id":"01JBBD6N1KZTCQV207EN7SJB92","duration_ms":0,"host":"gitlab.REDACTED.net:8443","level":"info","method":"GET","msg":"access","proto":"HTTP/1.1","referrer":"https://gitlab.REDACTED.net:8443/-/ide/project/REDACTED/documentation/edit/main/-/.gitlab-ci.yml","remote_addr":"REDACTED_IP:0","remote_ip":"REDACTED_IP","route":"^/-/","route_id":"dash","status":200,"system":"http","time":"2024-10-29T05:50:26Z","ttfb_ms":0,"uri":"/-/error-illustrations/error-500-lg.svg","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Edg/130.0.0.0","written_bytes":6506}

==> /var/log/gitlab/nginx/gitlab_access.log <==
REDACTED_IP - - [29/Oct/2024:05:50:26 +0000] "GET /-/error-illustrations/error-500-lg.svg HTTP/2.0" 200 6506 "https://gitlab.REDACTED.net:8443/-/ide/project/REDACTED/documentation/edit/main/-/.gitlab-ci.yml" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Edg/130.0.0.0" -

==> /var/log/gitlab/gitlab-exporter/current <==
2024-10-29_05:50:26.97736 ::1 - - [29/Oct/2024:05:50:26 UTC] "GET /database HTTP/1.1" 200 2230
2024-10-29_05:50:26.97739 - -> /database

==> /var/log/gitlab/gitlab-workhorse/current <==
{"backend_id":"rails","content_type":"text/html","correlation_id":"01JBBD6N2BDGFBZE6KE7H99K00","duration_ms":135,"host":"gitlab.REDACTED.net:8443","level":"info","method":"GET","msg":"access","proto":"HTTP/1.1","referrer":"https://gitlab.REDACTED.net:8443/-/ide/project/REDACTED/documentation/edit/main/-/.gitlab-ci.yml","remote_addr":"REDACTED_IP:0","remote_ip":"REDACTED_IP","route":"","route_id":"default","status":301,"system":"http","time":"2024-10-29T05:50:27Z","ttfb_ms":135,"uri":"/favicon.ico","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Edg/130.0.0.0","written_bytes":192}

==> /var/log/gitlab/nginx/gitlab_access.log <==
REDACTED_IP - - [29/Oct/2024:05:50:27 +0000] "GET /favicon.ico HTTP/2.0" 301 192 "https://gitlab.REDACTED.net:8443/-/ide/project/REDACTED/documentation/edit/main/-/.gitlab-ci.yml" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Edg/130.0.0.0" -
Rails Console:
irb(main):001:0> Feature.all.each { |feature| puts "#{feature.name}: #{feature.enabled?}" }
vscode_web_ide: true
ci_job_artifacts_backlog_work: true

=>
[#<Flipper::Feature:792080 name="vscode_web_ide", state=:on, enabled_gate_names=[:boolean], adapter=:memoizable>,
#<Flipper::Feature:792100 name="ci_job_artifacts_backlog_work", state=:on, enabled_gate_names=[:boolean], adapter=:memoizable>,
irb(main):002:0> Feature.enabled?(:vscode_web_ide)
=> true

• SO: Win 10 Entreprise 22H2 build 19045

• Hipervisor: VMware® Workstation 17 Pro

É possível instalar o WSL em um cliente Windows sem instalar o recurso Hyper-v?

Meu problema é que eu uso o VMWare Workstation Pro, para meus laboratórios. E que agora eu gostaria de usar o Docker desktop na minha máquina para hospedar meus contêineres.

Mas infelizmente o docker deskop reclama que não instalo o Hyper-V, mas isso é normal porque não é possível ter 2 hypervisors tipo 1 no mesmo host.

Você tem alguma ideia para eu incomodar meus contêineres locais? Talvez sem o docker desktop, mas vou precisar de alguma luz :-)

Posso estar um pouco confuso, mas o que eu quero fazer é ter um healthceck que rode fora do contêiner, por exemplo, no host. Não tenho certeza do porquê o docker em si não consegue fazer o curling no contêiner, para decidir se ele está saudável.

  healthcheck:
    test: ["CMD-SHELL", "curl -s http://localhost:9200/_cluster/health | grep '\"status\":\"green\"'"]
    interval: 10s
    retries: 10
    start_period: 30s
    timeout: 5s

Mas a caixa não tem curl nela, e eu li que adicionar curl nunca é uma boa ideia; então, como posso executar essa verificação sem curl na caixa? Posso de alguma forma fazê-la ser executada a partir do aplicativo docker ou de outro contêiner que pode definir a integridade dessa caixa no docker?

Habilitei namespaces de usuário no Docker, em uma tentativa (pensei) de transformar qualquer usuário usado por qualquer um dos contêineres em um específico.

Este usuário foi criado pelo docker e as entradas em subuid e subgid foram criadas:

dockremap:362144:65536

Embora dockremaptenha o id 116,

Eu esperaria agora poder vincular qualquer arquivo do host ao contêiner e que, desde que o arquivo pertença dockremapao host ou que as permissões estejam abertas o suficiente, o contêiner seja capaz de lê-lo. O mesmo com os diretórios.

Em vez disso, tive que tornar o proprietário dos arquivos/pastas por algum usuário a partir de 362144então (o que não se traduz em nada no host, então ls, ps, etc. apenas mostra o ID numérico).

Espera-se que isso funcione assim? Porque estou fazendo errado ou, do ponto de vista administrativo, é um pesadelo.

Atualmente tenho o seguinte driver de log configurado em /etc/docker/daemon.json:

{
    "log-driver": "journald",
    "log-opts": {
        "tag": "{{.Name}}"
    },
    "userland-proxy": false
}

Funciona, os logs são enviados para systemd-journald.

Testei o envio de logs de alguns contêineres via GELF e também funciona muito bem:

    logging:
      driver: "gelf"
      options: 
        gelf-address: "udp://192.168.10.2:12201"
        tag: "caddy"

Até agora tudo bem.

Eu queria então fazer uma mudança global e fazer com que todos os logs de todos os contêineres fossem para o receptáculo de log (via GELF), então substituí meu /etc/docker/daemon.jsonpor

{
    "log-driver": "gelf",
    "log-opts": {
        "gelf-address": "udp://192.168.10.2:12201",
        "tag": "{{.Name}}"
    },
    "userland-proxy": false
}

Após reiniciar dockerdnão há alterações: os logs vão para systemd-journalde os que configurei no docker-compose.ymlnível são enviados via GELF.

Em outras palavras, alterar /etc/docker/daemon.jsone reiniciar dockerdnão teve efeitos. Eu perdi alguma coisa?

dockerdé iniciado como

root@srv /e/docker# systemctl status docker.service
● docker.service - Docker Application Container Engine
     Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; preset: disabled)
     Active: active (running) since Thu 2024-04-18 14:13:13 CEST; 21h ago
TriggeredBy: ● docker.socket
       Docs: https://docs.docker.com
   Main PID: 869846 (dockerd)
      Tasks: 51
     Memory: 212.3M (peak: 269.1M)
        CPU: 6min 819ms
     CGroup: /system.slice/docker.service
             └─869846 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

Tentando criar um novo usuário foo com

adduser --disabled-password --gecos "" smarthome

Tento su para esse usuário su foo, o que não funciona (whoami ainda é root).

Acho que está faltando o ENTER (senha vazia).

Como posso mudar para o novo usuário?