Docker Desktop attempts to make HTTPS connections to port inside container

[icopp]

• I have tried with the latest version of my channel (Stable or Edge)
• I have uploaded Diagnostics
• Diagnostics ID: C7486AF8-F819-4D7F-A7C4-008136BEED51/20200206011327

Expected behavior

Docker Desktop will not attempt to do stuff to the internals of my containers unless requested.

Actual behavior

Docker Desktop continually attempts to connect to http://localhost:27017 from the inside of my Mongo container for no reason.

Information

• Is it reproducible? Yes
• Is the problem new? Yes
• Did the problem appear with an update? Not sure, this problem only started today
• A reproducible case if this is a bug: See below
• macOS Version: 10.15.2

Examining the troublesome connection attempts on the loopback interface using Wireshark reveals that they have DockerDesktop in the user agent:

Hypertext Transfer Protocol
HEAD / HTTP/1.1
Host: localhost:27017
Connection: keep-alive
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_2) AppleWebKit/537.36 (KHTML, like Gecko) DockerDesktop/2.1.1 Chrome/78.0.3904.94 Electron/7.1.0 Safari/537.36
Accept: */*
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Accept-Encoding: gzip, deflate, br
Accept-Language

Steps to reproduce the behavior

1. Create a docker-compose.yml with

version: '3'
services:
  mongo:
    image: mongo:4.1
    read_only: true
    ports:
      - 27500:27017
    restart: unless-stopped
    tmpfs:
      - /run
      - /tmp

2. Run docker-compose up -d
3. Observe the endless Error receiving request from client: SSLHandshakeFailed: SSL handshake received but server is started without SSL support. Ending connection from 172.17.0.1:##### (connection id: ###) error messages in the Mongo log
4. Confirm that nothing on the host is attempting to connect to 27500

[sleighzy]

I have started experiencing a similar issue with continual web requests from this DockerDesktop browser agent, but with the offical httpd image. The below has started appearing in my Apache logs for this container. Note that this may be due to the latest update and the inclusion of Dashboard. I only see this logging begin when I open "Dashboard" (previously Kitematic) from the menu in the Docker Desktop selected from the Mac menu bar at the top of the screen. The log spam stops as soon as I close Dashboard.

192.168.0.1 - - [11/Feb/2020:20:35:32 +0000] "HEAD / HTTP/1.1" 301 - "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) DockerDesktop/2.1.1 Chrome/78.0.3904.94 Electron/7.1.0 Safari/537.36" [11/Feb/2020:20:35:32 +0000] 192.168.0.1 - - l - "GET / HTTP/1.0" 400 362 "-" "-" 0s/31us - 192.168.0.1 - - [11/Feb/2020:20:35:33 +0000] "HEAD / HTTP/1.1" 301 - "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) DockerDesktop/2.1.1 Chrome/78.0.3904.94 Electron/7.1.0 Safari/537.36"

[sleighzy]

@icopp , thanks for that. I have a Mongodb container as well which I just replicated your same issue on. Opening Dashboard starts spamming my logs in the same manner as you've reported, the error stops logging as soon as I close Dashboard again.

[sleighzy]

Some quick followup observations after building and retesting my image with some variations:

• the log spam only occurs if ports have been bound to the Docker host
• the log spam will continue indefinitely if the image contains a healthcheck
• the log spam will start if there is a no healthcheck, but will stop a few seconds afterwards
• selecting the running container within Dashboard and viewing the logs etc. will cause the log spam to occur for a few seconds and then stop, as long as it has no healthcheck

[stephen-turner]

This is fixed in 2.2.0.4.

[docker-robott]

Closed issues are locked after 30 days of inactivity.
This helps our team focus on active issues.

If you have found a problem that seems similar to this, please open a new issue.

Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows.
/lifecycle locked