Docker and CSF Problems

Support and Discussion Docker Manager
1

Hi,

Got to know about this issue from client server.

If anyone on CyberPanel is using Docker and they have also installed CSF. Then I am experiencing various problems.

I’ve installed csf and enabled docker support in csf configurations.

Screenshot 2024-02-13 at 2.39.14 PM
Screenshot 2024-02-13 at 2.39.14 PM2367×623 28.4 KB

Then I created docker app from CyberPanel, but keep getting 503 error. It turns out that if i remove csf, remove and re-install docker then apps start working.

I’ve seen couple of posts on reddit, stackoverflow having similar problems.

If you want to remove and re-install Docker, read this guide: Debugging Docker Apps Features – Knowledge Base

This is a devloping story as I’ve contacted csf support…

2

Update 1: It seems that after adding port 8088 to csf docker apps seems to be working.

But in some cases they are still not working as expected.

3

Update 2:

If I create Docker App, then install CSF, it does not work.

I had to delete docker and re-install docker from cli and start it again.

Then make sure port 8088 and port 5678 is in CSF for TCP_IN and TCP_OUT.

Then created docker app again and it works.

4

If Docker uses custom bridge networks (e.g., br-XXXX) instead of docker0, CSF needs to be configured to avoid conflicts.

1. Identify Active Docker Bridge(s)

Find your active Docker bridge interfaces (starting with br- and in UP state with 172.x.x.x IPs):

ip a

2. Configure CSF

Edit csf.conf:

nano /etc/csf/csf.conf

Set DOCKER_DEVICE to your active Docker bridge(s) (comma-separated if more than one). Remove docker0 if it’s not in use.

DOCKER_DEVICE = "br-61fa586ddd3a" # Example: "br-abc,br-xyz"

Add the same bridge(s) to ETH_DEVICE_SKIP to prevent CSF from interfering with Docker’s traffic management:

ETH_DEVICE_SKIP = "br-61fa586ddd3a" # Same as DOCKER_DEVICE

Save and exit.

3. Allow Docker Network in csf.allow

Ensure the Docker bridge’s subnet is permitted (e.g., 172.18.0.0/16 for br-61fa586ddd3a):

echo "172.18.0.0/16 # Docker bridge network" >> /etc/csf/csf.allow
# Also ensure 127.0.0.1 is in csf.allow

4. Restart Services in Order

This order is crucial to prevent iptables conflicts:

  1. Stop all Docker containers:
    docker stop $(docker ps -aq)
  2. Restart CSF:
    csf -r
  3. Restart Docker service:
    systemctl restart docker
  4. Start your Docker containers:
    docker compose up -d