Table of Contents
Docker troubleshooting
DOCKER-ISOLATION-STAGE-1
An unexpected docker error occurred: 500 Server Error: Internal Server Error ("unable to insert jump to DOCKER-ISOLATION-STAGE-1 rule in FORWARD chain: (iptables failed: iptables --wait -I FORWARD -j DOCKER-ISOLATION-STAGE-1: iptables v1.8.7 (nf_tables): Chain 'DOCKER-ISOLATION-STAGE-1' does not exist
Try `iptables -h' or 'iptables --help' for more information.
(exit status 2))")
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: (exit status 2))")
Restart the docker service:
systemctl restart docker.service
Or create that chain in filter table
iptables -t filter -N DOCKER-ISOLATION-STAGE-1
This is supposed to be fixed in version 5.2.3.7
Tested on
- Docker 20.10.12
- Debian 11
- shorewall 5.2.3.4
Volume shadowing
This is a tricky behaviour from Docker. Say you have a volume /app/my_data with some preexisting content which you mount in the container in the Dockerfile. This volume has some files there and folders
a.txt b.txt private/ private/c.txt private/d.txt
Your Dockerfile might look like this:
FROM python:3-alpine
# create folders
RUN mkdir -p /app/my_data/public && \
mkdir -p /app/my_data/backup && \
mkdir -p /app/my_data/private && \
WORKDIR /app
VOLUME /app/my_data
When you run this dockerfile everything under the private/ directory will be shadowed from the volume meaning let's say you want to create another folder in Dockerfile, you add a line
mkdir -p /app/my_data/private/extra && \
like so
FROM python:3-alpine
# create folders
RUN mkdir -p /app/my_data/public && \
mkdir -p /app/my_data/backup && \
mkdir -p /app/my_data/private && \
mkdir -p /app/my_data/private/extra && \
WORKDIR /app
VOLUME /app/my_data
When the container builds now there won't be a directory called “extra” under the private/ directory because the contents of the volume will be shown inside the container! There is no extra directory in the volume so it won't be in the container also.
To get around this you will have to create this extra directory on the host and change it's permissions accordingly or define a new volume for this extra directory only.
Error pulling image ... 404 Client Error
Might happen when trying to create the container without building the image first.
Full error:
Error pulling image myimage:dev-999 - 404 Client Error for http+docker://localhost/v1.42/images/create?tag=dev-999&fromImage=myimage: Not Found ("pull access denied for myimage, repository does not exist or may require ''docker login'': denied: requested access to the resource is denied")
Check if the image is built and exist before creating container
docker image ls