http: invalid host header

[hilmanski]

Description

After running for months just fine,
I found out that my server(docker) is down, somehow related to this.

I never touch 'moby' directly. I only use docker and docker-compose

My Dockerfile

FROM node:16-alpine

WORKDIR /app

COPY package.json ./
COPY prisma ./prisma

RUN yarn install
RUN npx prisma generate

RUN yarn global add pm2 -g

COPY . .

My docker-compose file (I'm using traffic for issuing https)

version: '3.8'

services:
  api:
    build:
      context: .
    env_file:
      - .env
    expose:
      - 3001
    restart: always
    # volumes:
    #   - ./:/app
    command:
      yarn start
    labels:
      - "traefik.http.routers.api_app.rule=Host(`site.com`)"
      - "traefik.http.routers.api_app.entrypoints=websecure"
      - "traefik.http.routers.api_app.tls.certresolver=myresolver"
      - "traefik.http.services.api_app.loadbalancer.server.port=3001"
  traefik:
    image: traefik:v2.5
    command:
      - --providers.docker
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --certificatesresolvers.myresolver.acme.dnschallenge=true
      - --certificatesresolvers.myresolver.acme.dnschallenge.provider=cloudflare
      - --certificatesresolvers.myresolver.acme.email=email@gmail.com
      - --certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json
    ports:
      - "80:3001"
      - "443:443"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./letsencrypt:/letsencrypt
    environment:
      - CF_API_EMAIL=my@email.com
      - CF_API_KEY=akey

Reproduce

docker-compose up -d --build

Expected behavior

No response

docker version

Client: Docker Engine - Community
 Version:           23.0.6
 API version:       1.41 (downgraded from 1.42)
 Go version:        go1.19.9
 Git commit:        ef23cbc
 Built:             Fri May  5 21:18:13 2023
 OS/Arch:           linux/amd64
 Context:           default

Server:
 Engine:
  Version:          20.10.24
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.20.7
  Git commit:       5d6db84
  Built:            Wed Aug 23 20:55:00 2023
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          v1.6.20
  GitCommit:        2806fc1057397dbaeefbea0e4e17bddfbd388f38
 runc:
  Version:          1.1.5
  GitCommit:
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

docker info

Client:
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.10.4
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.17.2
    Path:     /root/.docker/cli-plugins/docker-compose

Server:
 Containers: 1
  Running: 1
  Paused: 0
  Stopped: 0
 Images: 18
 Server Version: 20.10.24
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 2806fc1057397dbaeefbea0e4e17bddfbd388f38
 runc version:
 init version: de40ad0
 Security Options:
  apparmor
  seccomp
   Profile: default
  cgroupns
 Kernel Version: 5.15.0-86-generic
 Operating System: Ubuntu Core 22
 OSType: linux
 Architecture: x86_64
 CPUs: 1
 Total Memory: 957.5MiB
 Name: api-beta-name
 ID: L6ZP:WHL3:P6LJ:BETW:K7ZY:3VDC:WSBN:2OBP:IKFD:F23U:MO25:4AS2
 Docker Root Dir: /var/snap/docker/common/var-lib-docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

Additional Info

No response

[thaJeztah]

This looks to be related to;

• net/http: insufficient sanitization of Host header [1.20 backport] golang/go#61076
• Golang client fails to attach to streams with "http: invalid Host header" with go1.20.6, go1.19.11 #45935

Which has been fixed in all current version of docker (#45962), docker-compose (docker/compose#10810), and buildx (docker/buildx#1952)

It looks like you're running Ubuntu / Canonical's snap package to run docker, and are running outdated versions of compose, buildx, and the CLI; we don't provide support for distro-packges, as they tend to carry specific patches or use non-standard build-time dependencies (which sometimes causes things to break); if possible, you could try installing the official docker packages instead (https://docs.docker.com/engine/install/ubuntu/), or report this issue with Ubuntu's issue tracker.

[thaJeztah]

I'll close this ticket because of the above, but feel free to continue the conversation

[hilmanski]

thank you @thaJeztah for the guide, will look into it

[hilmanski]

Just dropping the answer from @wordjelly here

sudo snap remove docker --purge
sudo snap install docker --channel=latest/edge