Fix linux docker proxy #7878
Fix linux docker proxy #7878
Conversation
|
screenshot shows docker cli closing one of the streams when stdin isn't enabled on the container https://github.com/docker/cli/blob/master/cli/command/container/hijack.go#L132 |
|
Go's We can bypass the http proxying by going down to L4 and starting a tcp proxy between the two sockets and conditionally forward the connection to L7 when the request matches the criteria. |
matejkramny
force-pushed
the
fix-linux-docker-stdin
branch
3 times, most recently
from
7f079f7 to
2e4d09e
Compare
|
Possibly fixes #2094 @jandubois would you be able to review? Thank you |
Signed-off-by: Matej Kramny <git@matej.me>
matejkramny
force-pushed
the
fix-linux-docker-stdin
branch
from
22b9e32 to
505adf7
Compare
|
Great analysis @matejkramny - think it might be worth trying to get back a fix to the Go reverse proxy in the first instance, something like: golang/go#35892. |
Fixes #3239
I added some logging to the proxy and observed the /attach API call converting to a websocket. This websocket is streaming data to/from the container.
I suspected the issue stemming from nonstandard docker behaviour when it comes to websockets, as one of the pipes gets closed when the container does not have stdin open.
The docker client knows the container spec and when stdin on the container is closed, outbound pipe from the client is EOF whilst the inbound pipe (stdout/err from container) is streaming data.
The issue can be worked around if you set DOCKER_HOST to
/mnt/wsl/rancher-desktop/run/docker.sockeffectively isolating the issue to the wsl-helper proxy.The PR is proof of concept - starts a proxy on the TCP level, and conditionally sends connections to the original proxy capable of munging the request data etc.
To verify fix, run
used https://github.com/jpillora/go-tcp-proxy
and https://github.com/docker/go-connections/blob/master/sockets/inmem_socket.go