[SOLVED] With my firewall running, several of my containers keep restarting
Here is my firewall configuration: table ip filter { set blacklist { type ipv4_addr flags interval elements = { 46.229.168.0/24 } }
chain input {
type filter hook input priority filter; policy drop;
ip saddr @blacklist drop
ct state invalid drop
iif "lo" accept
icmp type echo-request limit rate over 10/second burst 4 packets drop
ct state established,related accept
icmp type { destination-unreachable, echo-request, router-advertisement, router-solicitation, time-exceeded, parameter-problem } accept
ip protocol igmp accept
ip saddr { 8.8.8.0/24, 47.19.177.245-47.19.177.246 } tcp dport 22 ct state new accept
ip saddr { 47.19.177.245, 47.19.177.246 } tcp dport 497 ct state new accept
tcp dport 443 accept
}
chain FORWARD {
type filter hook forward priority filter; policy drop;
}
chain OUTPUT {
type filter hook output priority filter; policy accept;
}
}
FYI, it's best to wrap code in backticks to format a bit nicer. You can use 1 backtick for inline code (https://www.markdownguide.org/basic-syntax/#code) and 3 backticks for multiline code (https://www.markdownguide.org/extended-syntax/#syntax-highlighting.
some questions:
- how did you install Appwrite?
- what's the output of
docker ps -ashow? - what do the logs in the appwrite container show?
I installed it with an .env file with everything prepared.
Database not ready. Retrying connection (2)...
Database not ready. Retrying connection (3)...
Database not ready. Retrying connection (4)...
Database not ready. Retrying connection (5)...
Database not ready. Retrying connection (6)...
Database not ready. Retrying connection (7)...
Database not ready. Retrying connection (8)...
Database not ready. Retrying connection (9)...
Database not ready. Retrying connection (10)...
Fatal error: Uncaught Exception: Failed to connect to database: SQLSTATE[HY000] [2002] Operation timed out in /usr/src/code/app/http.php:77
Stack trace:
#0 {main}
thrown in /usr/src/code/app/http.php on line 77
[2023-06-12 21:13:42 #1.1] ERROR php_swoole_server_rshutdown() (ERRNO 503): Fatal error: Uncaught Exception: Failed to connect to database: SQLSTATE[HY000] [2002] Operation timed out in /usr/src/code/app/http.php:77
Stack trace:
#0 {main}
thrown in /usr/src/code/app/http.php on line 77
Can you explain with some more detail?
I setup a number of variables in .env like the password, email address, etc.
I'm not sure how the firewall can block access to the database. It's configured to allow connections on localhost
How did you get the compose file? What did you run to start Appwrite?
I just downloaded the current compose file for 1.3.7. what I had was for 1.3.4. I just launch docker and it automatically runs appwrite.
If I turn off the firewall and run docker, appwrite runs OK.
What did you set the DB host env var to?
Did you change the password after mariadb had already started?
And you're running Appwrite by running docker compose up -d?
Where did you get the compose file from?
_APP_DB_HOST=mariadb; /usr/bin/docker compose up -d --remove-orphans and https://appwrite.io/install/compose
ya that's all good and that is odd the firewall blocks the traffic. would you please share the output of docker inspect network appwrite_appwrite (assuming your docker compose file is in a folder named appwrite)?
attached
im really bad at firewall stuff but maybe your firewall configuration is missing the docker related rules? https://docs.docker.com/network/packet-filtering-firewalls/
I was also trying to see if there was anything related to 172.20.0.X but i can't tell
As that link mentions, docker sets up its own rules using IPtables. I am using nftables and apparently they still don't mix well. I converted my rules to iptables and that resolved the problem. Thanks for your help.
[SOLVED] With my firewall running, several of my containers keep restarting
