Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SoGo not working after Update #1561

Closed
FloThinksPi opened this issue Jul 12, 2018 · 11 comments
Closed

SoGo not working after Update #1561

FloThinksPi opened this issue Jul 12, 2018 · 11 comments

Comments

@FloThinksPi
Copy link
Contributor

FloThinksPi commented Jul 12, 2018
edited

After a Update SoGo cant connect to the DB anymore

I am on commit 1522b83 now

SOGO Logs

2018-07-12 21:32:34,081 CRIT Set uid to user 0
2018-07-12 21:32:34,089 INFO supervisord started with pid 1
2018-07-12 21:32:35,099 INFO spawned: 'syslog-ng' with pid 8
2018-07-12 21:32:35,102 INFO spawned: 'cron' with pid 9
2018-07-12 21:32:35,110 INFO spawned: 'bootstrap-sogo' with pid 10
2018-07-12 21:32:35,149 INFO spawned: 'sogo-webres' with pid 11
Waiting for database to come up...
Jul 12 21:32:35 847b7c2c1259 syslog-ng[8]: syslog-ng starting up; version='3.8.1'
2018-07-12 21:32:36,299 INFO success: syslog-ng entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2018-07-12 21:32:36,299 INFO success: cron entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2018-07-12 21:32:36,299 INFO success: bootstrap-sogo entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2018-07-12 21:32:36,299 INFO success: sogo-webres entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
mysqld is alive
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Jul 12 21:33:01 847b7c2c1259 CRON[39]: pam_unix(cron:session): session opened for user sogo by (uid=0)
Jul 12 21:33:01 847b7c2c1259 CRON[40]: pam_unix(cron:session): session opened for user sogo by (uid=0)
Jul 12 21:33:01 847b7c2c1259 CRON[42]: (sogo) CMD (  /usr/sbin/sogo-ealarms-notify 2>/dev/null)
Jul 12 21:33:01 847b7c2c1259 CRON[43]: (sogo) CMD (  /usr/sbin/sogo-tool expire-sessions 60)
Jul 12 21:33:01 847b7c2c1259 CRON[40]: pam_unix(cron:session): session closed for user sogo
Waiting for database initialization...
Jul 12 21:33:01 847b7c2c1259 CRON[39]: (CRON) info (No MTA installed, discarding output)
Jul 12 21:33:01 847b7c2c1259 CRON[39]: pam_unix(cron:session): session closed for user sogo
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Jul 12 21:34:01 847b7c2c1259 CRON[88]: pam_unix(cron:session): session opened for user sogo by (uid=0)
Jul 12 21:34:01 847b7c2c1259 CRON[92]: (sogo) CMD (  /usr/sbin/sogo-ealarms-notify 2>/dev/null)
Jul 12 21:34:01 847b7c2c1259 CRON[87]: pam_unix(cron:session): session opened for user sogo by (uid=0)
Jul 12 21:34:01 847b7c2c1259 CRON[89]: (sogo) CMD (  /usr/sbin/sogo-tool expire-sessions 60)
Jul 12 21:34:02 847b7c2c1259 CRON[88]: pam_unix(cron:session): session closed for user sogo
Waiting for database initialization...
Jul 12 21:34:02 847b7c2c1259 CRON[87]: (CRON) info (No MTA installed, discarding output)
Jul 12 21:34:02 847b7c2c1259 CRON[87]: pam_unix(cron:session): session closed for user sogo
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Jul 12 21:35:01 847b7c2c1259 CRON[136]: pam_unix(cron:session): session opened for user sogo by (uid=0)
Jul 12 21:35:01 847b7c2c1259 CRON[137]: (sogo) CMD (  /usr/sbin/sogo-ealarms-notify 2>/dev/null)
Jul 12 21:35:01 847b7c2c1259 CRON[135]: pam_unix(cron:session): session opened for user sogo by (uid=0)
Jul 12 21:35:01 847b7c2c1259 CRON[140]: (sogo) CMD (  /usr/sbin/sogo-tool expire-sessions 60)
Jul 12 21:35:01 847b7c2c1259 CRON[136]: pam_unix(cron:session): session closed for user sogo
Jul 12 21:35:01 847b7c2c1259 CRON[135]: (CRON) info (No MTA installed, discarding output)
Jul 12 21:35:01 847b7c2c1259 CRON[135]: pam_unix(cron:session): session closed for user sogo
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Jul 12 21:36:01 847b7c2c1259 CRON[184]: pam_unix(cron:session): session opened for user sogo by (uid=0)
Jul 12 21:36:01 847b7c2c1259 CRON[189]: (sogo) CMD (  /usr/sbin/sogo-ealarms-notify 2>/dev/null)
Jul 12 21:36:01 847b7c2c1259 CRON[183]: pam_unix(cron:session): session opened for user sogo by (uid=0)
Jul 12 21:36:01 847b7c2c1259 CRON[188]: (sogo) CMD (  /usr/sbin/sogo-tool expire-sessions 60)
Jul 12 21:36:02 847b7c2c1259 CRON[184]: pam_unix(cron:session): session closed for user sogo
Jul 12 21:36:02 847b7c2c1259 CRON[183]: (CRON) info (No MTA installed, discarding output)
Jul 12 21:36:02 847b7c2c1259 CRON[183]: pam_unix(cron:session): session closed for user sogo
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Jul 12 21:37:01 847b7c2c1259 CRON[233]: pam_unix(cron:session): session opened for user sogo by (uid=0)
Jul 12 21:37:01 847b7c2c1259 CRON[234]: (sogo) CMD (  /usr/sbin/sogo-ealarms-notify 2>/dev/null)
Jul 12 21:37:01 847b7c2c1259 CRON[232]: pam_unix(cron:session): session opened for user sogo by (uid=0)
Jul 12 21:37:01 847b7c2c1259 CRON[236]: (sogo) CMD (  /usr/sbin/sogo-tool expire-sessions 60)
Jul 12 21:37:01 847b7c2c1259 CRON[233]: pam_unix(cron:session): session closed for user sogo
Jul 12 21:37:01 847b7c2c1259 CRON[232]: (CRON) info (No MTA installed, discarding output)
Jul 12 21:37:01 847b7c2c1259 CRON[232]: pam_unix(cron:session): session closed for user sogo
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Jul 12 21:38:01 847b7c2c1259 CRON[279]: pam_unix(cron:session): session opened for user sogo by (uid=0)
Jul 12 21:38:01 847b7c2c1259 CRON[282]: (sogo) CMD (  /usr/sbin/sogo-tool expire-sessions 60)
Jul 12 21:38:01 847b7c2c1259 CRON[280]: pam_unix(cron:session): session opened for user sogo by (uid=0)
Jul 12 21:38:01 847b7c2c1259 CRON[284]: (sogo) CMD (  /usr/sbin/sogo-ealarms-notify 2>/dev/null)
Jul 12 21:38:01 847b7c2c1259 CRON[280]: pam_unix(cron:session): session closed for user sogo
Jul 12 21:38:01 847b7c2c1259 CRON[279]: (CRON) info (No MTA installed, discarding output)
Jul 12 21:38:01 847b7c2c1259 CRON[279]: pam_unix(cron:session): session closed for user sogo
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Jul 12 21:39:01 847b7c2c1259 CRON[328]: pam_unix(cron:session): session opened for user sogo by (uid=0)
Jul 12 21:39:01 847b7c2c1259 CRON[330]: (sogo) CMD (  /usr/sbin/sogo-ealarms-notify 2>/dev/null)
Jul 12 21:39:01 847b7c2c1259 CRON[327]: pam_unix(cron:session): session opened for user sogo by (uid=0)
Jul 12 21:39:01 847b7c2c1259 CRON[332]: (sogo) CMD (  /usr/sbin/sogo-tool expire-sessions 60)
Jul 12 21:39:02 847b7c2c1259 CRON[328]: pam_unix(cron:session): session closed for user sogo
Jul 12 21:39:02 847b7c2c1259 CRON[327]: (CRON) info (No MTA installed, discarding output)
Jul 12 21:39:02 847b7c2c1259 CRON[327]: pam_unix(cron:session): session closed for user sogo
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...
Waiting for database initialization...

Mariadb Logs

2018-07-12 21:32:35 140399262984064 [Note] mysqld (mysqld 10.2.16-MariaDB-10.2.16+maria~jessie) starting as process 1 ...
2018-07-12 21:32:35 140399262984064 [Warning] InnoDB: Using innodb_file_format is deprecated and the parameter may be removed in future releases. See https://mariadb.com/kb/en/library/xtradbinnodb-file-format/
2018-07-12 21:32:35 140399262984064 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
2018-07-12 21:32:35 140399262984064 [Note] InnoDB: Uses event mutexes
2018-07-12 21:32:35 140399262984064 [Note] InnoDB: Compressed tables use zlib 1.2.8
2018-07-12 21:32:35 140399262984064 [Note] InnoDB: Using Linux native AIO
2018-07-12 21:32:35 140399262984064 [Note] InnoDB: Number of pools: 1
2018-07-12 21:32:35 140399262984064 [Note] InnoDB: Using SSE2 crc32 instructions
2018-07-12 21:32:35 140399262984064 [Note] InnoDB: Initializing buffer pool, total size = 256M, instances = 1, chunk size = 128M
2018-07-12 21:32:35 140399262984064 [Note] InnoDB: Completed initialization of buffer pool
2018-07-12 21:32:35 140398540773120 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority().
2018-07-12 21:32:35 140399262984064 [Note] InnoDB: Highest supported file format is Barracuda.
2018-07-12 21:32:35 140399262984064 [Note] InnoDB: 128 out of 128 rollback segments are active.
2018-07-12 21:32:35 140399262984064 [Note] InnoDB: Creating shared tablespace for temporary tables
2018-07-12 21:32:35 140399262984064 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ...
2018-07-12 21:32:35 140399262984064 [Note] InnoDB: File './ibtmp1' size is now 12 MB.
2018-07-12 21:32:35 140399262984064 [Note] InnoDB: Waiting for purge to start
2018-07-12 21:32:35 140399262984064 [Note] InnoDB: 5.7.22 started; log sequence number 2508452
2018-07-12 21:32:35 140398303368960 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool
2018-07-12 21:32:35 140399262984064 [Note] Server socket created on IP: '::'.
2018-07-12 21:32:35 140399262984064 [Warning] 'proxies_priv' entry '@% root@063a0d62d251' ignored in --skip-name-resolve mode.
2018-07-12 21:32:35 140398993635072 [Note] Event Scheduler: scheduler thread started with id 6
2018-07-12 21:32:35 140399262984064 [Note] mysqld: ready for connections.
Version: '10.2.16-MariaDB-10.2.16+maria~jessie'  socket: '/var/run/mysqld/mysqld.sock'  port: 3306  mariadb.org binary distribution
2018-07-12 21:32:35 140398303368960 [Note] InnoDB: Buffer pool(s) load completed at 180712 21:32:35

Anyone has an idea ?
@andryyy
Copy link
Contributor

andryyy commented Jul 12, 2018

It waits for a table that would be created by opening the mailcow UI.

@FloThinksPi
Copy link
Contributor Author

Hm ok, but when opening the mailcow UI there is only a white screen. No UI There. Also no logs are written that yould give a hint on whats going on here 😕

@andryyy
Copy link
Contributor

andryyy commented Jul 12, 2018

That's bad. How did you update mailcow? Probably a merge conflict. Can you mail me AnyDesk access to info@servercow.de?

@FloThinksPi
Copy link
Contributor Author

I used the update bash script.

@andryyy
Copy link
Contributor

andryyy commented Jul 12, 2018

Can you mail me or post the output of git diff origin/master data/web?

@FloThinksPi
Copy link
Contributor Author

Git an empty diff. Nothing Changed

The only diff i have is added stuff because SELinux was conflicting.

[root@ce01 mailcow-dockerized]# git diff origin/master .
diff --git a/docker-compose.yml b/docker-compose.yml
index 50e80f3..9b6616a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -177,8 +177,8 @@ services:
         - ./data/conf/dovecot:/usr/local/etc/dovecot
         - ./data/assets/ssl:/etc/ssl/mail/:ro
         - ./data/conf/sogo/:/etc/sogo/
-        - vmail-vol-1:/var/vmail
-        - crypt-vol-1:/mail_crypt/
+        - vmail-vol-1:/var/vmail:Z
+        - crypt-vol-1:/mail_crypt/:Z
         - rspamd-sock:/rspamd-sock
       environment:
         - LOG_LINES=${LOG_LINES:-9999}

Concerning the AnyDesk , you only need the ID right ?

@andryyy
Copy link
Contributor

andryyy commented Jul 12, 2018

Yes, just the id.

@FloThinksPi
Copy link
Contributor Author

@andryyy Thanks for the aid 👍 , issue is likely related to own firewall configs.

@FloThinksPi
Copy link
Contributor Author

@andryyy It wasnt the FW, it was the umask. I Use a Umask of 0027 and that broke the update.

@FloThinksPi FloThinksPi mentioned this issue Jul 13, 2018
Merged
@andryyy
Copy link
Contributor

andryyy commented Jul 13, 2018
edited

You have custom rulesets that did override Dockers iptables rules, that is a big issue, too. :-(

I will check the "disable ipv6" stuff.

@FloThinksPi
Copy link
Contributor Author

@andryyy Yea but its working now with 0022 and i suspect the stuff you saw in iptables are coming from my other 8 containers besides mailcow.

For me this looks fine:

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
82863   17M MAILCOW    all  --  *      *       0.0.0.0/0            0.0.0.0/0           
83230   17M DOCKER-USER  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
83233   17M DOCKER-ISOLATION-STAGE-1  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 6830 2310K ACCEPT     all  --  *      br-7ceb2e27d4e4  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
  145  8700 DOCKER     all  --  *      br-7ceb2e27d4e4  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  br-7ceb2e27d4e4 !br-7ceb2e27d4e4  0.0.0.0/0            0.0.0.0/0           
  145  8700 ACCEPT     all  --  br-7ceb2e27d4e4 br-7ceb2e27d4e4  0.0.0.0/0            0.0.0.0/0           
  936  193K ACCEPT     all  --  *      br-69c13a8c5859  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
  114  6840 DOCKER     all  --  *      br-69c13a8c5859  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  br-69c13a8c5859 !br-69c13a8c5859  0.0.0.0/0            0.0.0.0/0           
  114  6840 ACCEPT     all  --  br-69c13a8c5859 br-69c13a8c5859  0.0.0.0/0            0.0.0.0/0           
 1451  490K ACCEPT     all  --  *      br-11d577c48efc  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
   31  1860 DOCKER     all  --  *      br-11d577c48efc  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  br-11d577c48efc !br-11d577c48efc  0.0.0.0/0            0.0.0.0/0           
   31  1860 ACCEPT     all  --  br-11d577c48efc br-11d577c48efc  0.0.0.0/0            0.0.0.0/0           
 360K   53M ACCEPT     all  --  *      br-7affda4c9192  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
17539 1114K DOCKER     all  --  *      br-7affda4c9192  0.0.0.0/0            0.0.0.0/0           
 183K  185M ACCEPT     all  --  br-7affda4c9192 !br-7affda4c9192  0.0.0.0/0            0.0.0.0/0           
16836 1072K ACCEPT     all  --  br-7affda4c9192 br-7affda4c9192  0.0.0.0/0            0.0.0.0/0           
 583K 2888M ACCEPT     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 DOCKER     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0           
 472K   26M ACCEPT     all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  docker0 docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
    2   120 FORWARD_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    2   120 FORWARD_IN_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    2   120 FORWARD_IN_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    2   120 FORWARD_OUT_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    2   120 FORWARD_OUT_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
    2   120 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 5083 packets, 445K bytes)
 pkts bytes target     prot opt in     out     source               destination         
 593K  207M OUTPUT_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain DOCKER (5 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp  --  !br-7affda4c9192 br-7affda4c9192  0.0.0.0/0            172.22.1.12          tcp dpt:9443
    6   304 ACCEPT     tcp  --  !br-7affda4c9192 br-7affda4c9192  0.0.0.0/0            172.22.1.12          tcp dpt:8080
    0     0 ACCEPT     tcp  --  !br-7affda4c9192 br-7affda4c9192  0.0.0.0/0            172.22.1.8           tcp dpt:3306
    0     0 ACCEPT     tcp  --  !br-7affda4c9192 br-7affda4c9192  0.0.0.0/0            172.22.1.13          tcp dpt:587
    0     0 ACCEPT     tcp  --  !br-7affda4c9192 br-7affda4c9192  0.0.0.0/0            172.22.1.6           tcp dpt:12345
    0     0 ACCEPT     tcp  --  !br-7affda4c9192 br-7affda4c9192  0.0.0.0/0            172.22.1.13          tcp dpt:465
    0     0 ACCEPT     tcp  --  !br-7affda4c9192 br-7affda4c9192  0.0.0.0/0            172.22.1.6           tcp dpt:4190
    0     0 ACCEPT     tcp  --  !br-7affda4c9192 br-7affda4c9192  0.0.0.0/0            172.22.1.13          tcp dpt:25
    0     0 ACCEPT     tcp  --  !br-7affda4c9192 br-7affda4c9192  0.0.0.0/0            172.22.1.6           tcp dpt:995
    0     0 ACCEPT     tcp  --  !br-7affda4c9192 br-7affda4c9192  0.0.0.0/0            172.22.1.6           tcp dpt:993
    0     0 ACCEPT     tcp  --  !br-7affda4c9192 br-7affda4c9192  0.0.0.0/0            172.22.1.6           tcp dpt:143
    3   140 ACCEPT     tcp  --  !br-7affda4c9192 br-7affda4c9192  0.0.0.0/0            172.22.1.6           tcp dpt:110
    0     0 ACCEPT     tcp  --  !br-7ceb2e27d4e4 br-7ceb2e27d4e4  0.0.0.0/0            172.20.0.7           tcp dpt:9980
  178 10706 ACCEPT     tcp  --  !br-7affda4c9192 br-7affda4c9192  0.0.0.0/0            172.22.1.2           tcp dpt:443
    7   352 ACCEPT     tcp  --  !br-7affda4c9192 br-7affda4c9192  0.0.0.0/0            172.22.1.2           tcp dpt:80

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER-ISOLATION-STAGE-2  all  --  br-7ceb2e27d4e4 !br-7ceb2e27d4e4  0.0.0.0/0            0.0.0.0/0           
    0     0 DOCKER-ISOLATION-STAGE-2  all  --  br-69c13a8c5859 !br-69c13a8c5859  0.0.0.0/0            0.0.0.0/0           
    0     0 DOCKER-ISOLATION-STAGE-2  all  --  br-11d577c48efc !br-11d577c48efc  0.0.0.0/0            0.0.0.0/0           
 183K  185M DOCKER-ISOLATION-STAGE-2  all  --  br-7affda4c9192 !br-7affda4c9192  0.0.0.0/0            0.0.0.0/0           
 472K   26M DOCKER-ISOLATION-STAGE-2  all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0           
2283K 3239M RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-ISOLATION-STAGE-2 (5 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      br-7ceb2e27d4e4  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      br-69c13a8c5859  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      br-11d577c48efc  0.0.0.0/0            0.0.0.0/0           
   21  1260 DROP       all  --  *      br-7affda4c9192  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      docker0  0.0.0.0/0            0.0.0.0/0           
 685K  217M RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Compose/Docker should also handle the firewall stuff via liks and networks and i did not mess with it except opening inbound ports with firewalld :) . Everything should be standard.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@andryyy @FloThinksPi