$ sudo mkdir /opt/mastodon/Ĭreate directories related to database operations. Create application definition #Ĭreate application directory. Alternatively, you could alter firewalld configuration to use iptables. May 02 02:20:48 dockerd: time="T02:20:48.342171039Z" level=info msg="API listen on /run/docker.sock"Ĭhain FORWARD (policy ACCEPT 0 packets, 0 bytes)Įverything is as expected as we are using firewalld/nftables. May 02 02:20:48 systemd: Started Docker Application Container Engine. $ sudo usermod -a -G docker $USERĪlter docker configuration to log messages to journald. Pkts bytes target prot opt in out source destinationĬhain FORWARD (policy DROP 0 packets, 0 bytes)Ġ 0 ACCEPT all - docker0 !docker0 0.0.0.0/0 0.0.0.0/0Ġ 0 ACCEPT all - docker0 docker0 0.0.0.0/0 0.0.0.0/0Ġ 0 DOCKER-USER all - * * 0.0.0.0/0 0.0.0.0/0Ĭhain OUTPUT (policy ACCEPT 0 packets, 0 bytes)Ĭhain DOCKER-ISOLATION-STAGE-1 (0 references)Ġ 0 RETURN all - * * 0.0.0.0/0 0.0.0.0/0Ĭhain DOCKER-ISOLATION-STAGE-2 (0 references)Įnsure that you are part of the docker group. Main PID: 2452 (code=exited, status=1/FAILURE)Ĭhain INPUT (policy ACCEPT 0 packets, 0 bytes) Process: 2452 ExecStart=/usr/bin/dockerd -H fd:// -containerd=/run/containerd/containerd.sock (code=exited, status=1/FAILURE) Loaded: loaded (/lib/systemd/system/rvice enabled vendor preset: enabled)Īctive: failed (Result: exit-code) since Mon 02:14:40 UTC 6s ago X rvice - Docker Application Container Engine It will try to start, but it doesn’t play well with recent firewalld using nftables. $ sudo apt install docker.io docker-compose Sysctl: setting key "vm.max_map_count": No such file or directory Sysctl: setting key ".promote_secondaries": Invalid argument Sysctl: setting key "vm.mmap_min_addr": Operation not permitted ![]() Sysctl: setting key "_scope": No such file or directory Sysctl: setting key "kernel.sysrq": No such file or directory Sysctl: setting key "fs.protected_symlinks": No such file or directory Sysctl: setting key "fs.protected_hardlinks": No such file or directory Sysctl: setting key "kernel.kptr_restrict": No such file or directory Increase it to avoid running out of map areas. The default limit of the mmap counts is definitely too low for Elasticsearch service. $ sudo firewall-cmd -runtime-to-permanentĭefine server hostname. ![]() $ sudo firewall-cmd -zone=public -add-masquerade $ sudo firewall-cmd -list-all -zone=trustedĪdd masquerade, as application will contact instances. $ sudo firewall-cmd -add-interface=docker0 -zone trustedĭisplay and verify trusted zone. $ sudo firewall-cmd -list-all -zone=publicĮnsure that docker interface is in a trusted zone. $ sudo firewall-cmd -add-service http -add-service https -zone publicĭisplay and verify public zone. $ sudo firewall-cmd -list-services -zone=publicĮnable http and https services. $ sudo firewall-cmd -get-active-zonesĭisplay and verify allowed services. $ sudo firewall-cmd -add-interface enp0s8 -zone publicĭisplay and verify used zones. May 02 02:20:04 ubuntu-jammy systemd: Started firewalld - dynamic firewall daemon.Īdd an external interfaces to the public zone. May 02 02:20:04 ubuntu-jammy systemd: Starting firewalld - dynamic firewall daemon. `-12924 /usr/bin/python3 /usr/sbin/firewalld -nofork -nopid Loaded: loaded (/lib/systemd/system/rvice enabled vendor preset: enabled)Īctive: active (running) since Mon 02:20:04 UTC 11s ago ![]() * rvice - firewalld - dynamic firewall daemon Service will be enabled and started automatically. Install a dynamically managed firewall with support for network zones. ![]() This article is based on the official docker compose which can be found the in mastodon project repository. Take advantage of Docker to install Mastodon.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |