Host's processes and ports are not discoverable with the latest image and docker-compose.yml #52
Description
Thanks for the good work and keeping it updated.
Previously I use network_mode: "host" and things went easy and straightward, host's ports were discoverable and reachable from the portracker container.
I updated the latest image and the compose file accordingly as below.
- Portracker can detect all docker containers' ports but they are all shown unreachable.
- All system processes and ports on my host are now NOT being detected by Portracker, except 'dockerd at 127.0.0.11'
services:
docker-proxy:
image: tecnativa/docker-socket-proxy:latest
container_name: portracker-docker-proxy
restart: unless-stopped
environment:
# Only allow read operations Portracker needs
- CONTAINERS=1
- IMAGES=1
- INFO=1
- NETWORKS=1
# Disable write operations for security
- POST=0
- BUILD=0
- COMMIT=0
- EXEC=0
- SWARM=0
- EVENTS=0
- VOLUMES=0
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
ports:
- "2375:2375"
portracker:
image: mostafawahied/portracker:latest
container_name: portracker
restart: unless-stopped
#network_mode: "host"
# Required for comprehensive system port detection
# This allows Portracker to see all host processes for accurate port mapping
pid: "host"
volumes:
# Required for data persistence
- <........>:/data
# Advanced: Host filesystem access (usually not needed with pid: "host")
# Uncomment only if you experience issues with port detection
- /proc:/host/proc:ro
- /sys/fs/cgroup:/host/sys/fs/cgroup:ro
ports:
- "4999:4999"
cap_add:
- SYS_PTRACE
- SYS_ADMIN
security_opt:
- apparmor:unconfined
environment:
- DATABASE_PATH=/data/portracker.db
- PORT=4999
# DOCKER CONFIGURATION
# Uncomment to use with docker-proxy for enhanced security
- DOCKER_HOST=tcp://docker-proxy:2375
# PERFORMANCE SETTINGS (Optional)
# Cache duration - increase for better performance, decrease for fresher data
# - CACHE_TIMEOUT_MS=60000
# Disable caching entirely (not recommended for production)
- DISABLE_CACHE=true
# Optional: Health check for monitoring
healthcheck:
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:4999/api/health"]
interval: 30s
timeout: 10s
start_period: 30s
retries: 3
depends_on:
- docker-proxy
I checked the ps and port info inside of the portracker container as below. Looks like host's processes and ports info are accessible from PID 1. But somehow they are just not shown on the portracker portal page. Could you please help with this? Thanks
### ps aux | head
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 168960 11192 ? Ss Jul04 1:23 /sbin/init
root 2 0.0 0.0 0 0 ? S Jul04 0:05 [kthreadd]
root 3 0.0 0.0 0 0 ? I< Jul04 0:00 [rcu_gp]
root 4 0.0 0.0 0 0 ? I< Jul04 0:00 [rcu_par_gp]
root 5 0.0 0.0 0 0 ? I< Jul04 0:00 [slub_flushwq]
root 6 0.0 0.0 0 0 ? I< Jul04 0:00 [netns]
root 8 0.0 0.0 0 0 ? I< Jul04 0:00 [kworker/0:0H-events_highpri]
root 10 0.0 0.0 0 0 ? I< Jul04 0:00 [mm_percpu_wq]
root 11 0.0 0.0 0 0 ? I Jul04 0:00 [rcu_tasks_kthread]
#
### nsenter --target 1 --net ss -tuln
...
...
tcp LISTEN 0 511 [::]:80 [::]:*
tcp LISTEN 0 32 [::]:53 [::]:*
tcp LISTEN 0 128 [::]:22 [::]:*
tcp LISTEN 0 4096 [::]:10027 [::]:*
tcp LISTEN 0 4096 [::]:10028 [::]:*
tcp LISTEN 0 4096 [::]:10030 [::]:*
tcp LISTEN 0 4096 [::]:10023 [::]:*
tcp LISTEN 0 4096 [::]:10032 [::]:*
...
...