Using docker client CLI to connect to docker api through portainer does not work for interactive commands

Bug description
When using the docker client CLI to connect to the docker API of a specific endpoint (e.g. “localhost:9000/api/endpoints/1/docker”) it is possible to issue a “docker ps”. However, when issuing a “docker run hello-world” the container is created but the docker client CLI does not respond anymore.

Expected behavior
When issuing a “docker run hello-world” to the docker API of a specific endpoint, the docker client CLI should print the message generated by the hello-world container.

Portainer Logs

2020/08/20 16:23:49 Warning: the --template-file flag is deprecated and will likely be removed in a future version of Portainer.
2020/08/20 16:23:50 Templates already registered inside the database. Skipping template import.
2020/08/20 16:23:50 server: Reverse tunnelling enabled
2020/08/20 16:23:50 server: Fingerprint 11:33:04:af:52:d8:46:72:78:f2:23:ae:94:e0:91:ba
2020/08/20 16:23:50 server: Listening on…
2020/08/20 16:23:50 Starting Portainer 1.24.1 on :9000
2020/08/20 16:23:50 [DEBUG] [chisel, monitoring] [check_interval_seconds: 10.000000] [message: starting tunnel management process]

Steps to reproduce the issue:

  1. Run the Portainer container, then navigate to the Portainer web UI and create a local endpoint
  2. Request an authentication token from the Portainer API
  3. Create a config.json file inside a new folder that looks like this (replace TOKEN with your actual token):
    { "HTTPHeaders": { "Authorization": "Bearer TOKEN" } }
  4. See that the “docker ps” command works:
    docker -H localhost:9000/api/endpoints/1/docker --config PATH/TO/CONFIG/FOLDER ps
  5. Now try to run the hello-world image:
    docker -H localhost:9000/api/endpoints/1/docker --config PATH/TO/CONFIG/FOLDER run hello-world
  6. The docker client does not respond anymore

Technical details:

  • Portainer version: 1.24.1
  • Docker version (managed by Portainer): 19.03.12
  • Platform (windows/linux): Docker Desktop for Windows using WSL 2 integration (Ubuntu 20.04), Linux
  • Command used to start Portainer: docker run -d -p 8000:8000 -p 9000:9000 --name=portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer

Additional context
I am working on a tool to forward docker commands directly to a specific Portainer endpoint using the docker client CLI. The Portainer HTTP API by example states that the docker API of a Portainer endpoint is available at “/api/endpoints/x/docker” and works exactly like the actual docker API. Thus it should allow the docker client CLI to talk to it just like it would to the actual docker API.

Hi Thanks for posting the ticket. is it possible to use portainer-ce(i.e 2.0 version) and try. Are there any extensions used in the current setup

Yes, we use the Community Edition and have no extensions.