Help with Docket Container

I’m having a bit of trouble making a container with docket running in it. Has anyone here had any luck with this? My goal is then use the container on Flatcar or Photon OS to pull pcap from containerized Stenographers spread around our network. I’m fairly new to containers so it may be that I’m just missing something completely.

I’m working with the Rock Base container with the following Dockerfile from the RockNSM Github

After building the base from that Dockerfile with all of the files that go in it (only adding the Rock 2.1 repository for the confd package), I use the following Docker file to try and build Docket based on the non-containerized Docket installation instructions.

FROM rocknsm/base:latest

ENV container docker
STOPSIGNAL SIGRTMIN+3

# Install the packages
RUN yum install -y docket nginx && rm -rf /var/cache/yum/*

# Add Stenographer group since this server will not have Stenographer installed
RUN groupadd stenographer

# Install a default nginx config for docket
RUN cp /usr/share/doc/docket-*/nginx-example.conf
/etc/nginx/conf.d/docket.conf

# Enable and start both nginx and docket
RUN systemctl enable nginx docket.socket

# Expose http port
EXPOSE 8080

# systemd starts by default (from parent)

However, I cannot get this to seemingly start Docket properly. When I shell into the container and start nginx manually I can hit an nginx page but just get the error message 502 Bad Gateway.

Any help or comments would be greatly appreciated.

UPDATE: I am also seeing the following error in the nginx error.log:
2020/02/12 15:13:42 [crit] 312#0: *17 connect() to unix:/run/docket/docket.socket failed (13: Permission denied) while connecting to upstream, client: 215.65.17.16, server: docket, request: “GET / HTTP/1.1”, upstream: “uwsgi://unix:/run/docket/docket.socket:”, host: “192.168.1.101:8080”

UPDATE:

I was able to build it out in container with the following Dockerfile. Had better luck with the lighttpd config.

FROM centos/systemd

STOPSIGNAL SIGRTMIN+3

# Add RockNSM repo
COPY rocknsm-testing.repo /etc/yum.repos.d/rocknsm-testing.repo

RUN yum -y install --setopt=tsflags=nodocs epel-release;
yum -y --setopt=tsflags=nodocs update;
useradd -m -d /opt/stenographer -r stenographer;
mkdir -p /etc/stenographer; chown -R stenographer: /etc/stenographer;
yum -y install --setopt=tsflags=nodocs autofs docket lighttpd tcpdump lsof net-tools iptraf-ng; yum clean all; rm -rf /var/cache/yum/*;
mkdir /etc/systemd/system/docket.service.d/; echo -e ‘[Service]\nRestart=always’ > /etc/systemd/system/docket.service.d/docket.conf;
mkdir /etc/systemd/system/lighttpd.service.d/; echo -e ‘[Service]\nRestart=always’ > /etc/systemd/system/lighttpd.service.d/lighttpd.conf;
usermod -a -G stenographer docket; usermod -a -G docket lighttpd;
chown root:root /usr/local/bin/steno_docket.sh; chmod 0500 /usr/local/bin/steno_docket.sh;
chown root:root /etc/systemd/system/steno_docket.service; chmod 644 /etc/systemd/system/steno_docket.service;
systemctl mask sys-fs-fuse-connections.mount;
systemctl enable steno_docket docket lighttpd;

COPY etc/lighttpd/lighttpd.conf /etc/lighttpd/lighttpd.conf
COPY etc/lighttpd/vhosts.d/30-docket.conf /etc/lighttpd/vhosts.d/30-docket.conf
COPY etc/docket/prod.yaml /etc/docket/prod.yaml
COPY etc/docket/docket-uwsgi.ini /etc/docket/docket-uwsgi.ini

# Start systemd
CMD ["/usr/sbin/init"]

Awesome to hear! Thanks for posting the results…