How to correct configuration for firewalld and docker/nginx?
To recap the chat investigation, this particular problem wasn't related to Docker and containers. The problem was in firewalld
not having rules for NGINX
running as a proxy for containers on the host. The solution was to add permanent firewalld rules for HTTP and HTTPS traffic:
sudo firewall-cmd --permanent --zone=public --add-service=httpsudo firewall-cmd --permanent --zone=public --add-service=httpssudo firewall-cmd --reload
Warning messages like this one:
WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -D FORWARD -i br-8acb606a3b50 -o br-8acb606a3b50 -j DROP' failed: iptables: Bad rule (does a matching rule exist in that chain?)
... can appear during normal operation, when Docker attempts to delete a rule without checking its existence first. In other words, containers can be running smoothly even when there are warnings like this.
I had some similar problems with Podman and for me i had to upgrade from Debian 9 to Debian 10 in order to fix it, because of the way firewalld handles iptables vs nftables.