I run a few containers using docker compose where I expose ports only on the TailScale interface, like so:
ports:
- 100.x.y.z:8080:8080
The restart policy on all these containers is set to always. However, on rebooting the machine, I often see that some containers do not start up. The docker daemon logs show that it’s unable to bind to the specified address:
level=warning msg="Failed to allocate and map port 8080-8080: Error starting userland proxy: listen tcp4 100.x.y.z:8080: bind: cannot assign requested address"
If I SSH in and manually start the container, everything works fine. I suspect that docker is trying to start the containers before TailScale has connected. I tried to fix this by updating docker’s systemd service to say it should start after tailscale, like this:
After=network-online.target firewalld.service containerd.service tailscaled.service
This doesn’t seem to have helped, though. Is there a cleaner way to make this scenario work?