Docker – DRNJ Consultancy

Azure Multi-Container YAML

21 October 2025

Background

As an exercise I had run WordPress via a Docker Compose file locally and then within Azure (I would not recommend this for “production” systems, this was merely an intellectual exercise and I based my ideas on this article amongst other.

Running containers within Azure is a little confusing for the beginner as, typical for Microsoft, there are many ways to do the same thing and I noted that it is possible to run multiple containers with a YAML file as opposed to a Docker Compose file.

So I created a YAML file which mirrored my Compose file and tried to run it

az container create --resource-group mygroup --dns-name-label myyaml  --file deploy-wp.yaml

With a YAML file:

apiVersion: 2021-09-01
location: uksouth
name: wordpress-group
type: Microsoft.ContainerInstance/containerGroups
properties:
  containers:
    - name: wordpress
      properties:
        image: wordpress:6.4
        resources:
          requests:
            cpu: 1
            memoryInGb: 1.5        
        ports:
          - port: 80
        environmentVariables:
          - name: WORDPRESS_DB_HOST
            value: db
          - name: WORDPRESS_DB_USER
            value: wordpressuser
          - name: WORDPRESS_DB_PASSWORD
            value: wordpresspass
          - name: WORDPRESS_DB_NAME
            value: wordpressdb
    - name: mysql
      properties:

        image: mysql:8.0.27
        resources:
          requests:
            cpu: 1
            memoryInGb: 1.5        
        ports:
          - port: 3306
          - port: 33060
        environmentVariables:
          - name: MYSQL_ROOT_PASSWORD
            value: rootpass
          - name: MYSQL_DATABASE
            value: wordpressdb
          - name: MYSQL_USER
            value: wordpressuser
          - name: MYSQL_PASSWORD
            value: wordpresspass
  osType: Linux
  ipAddress:
    type: Public
    dnsNameLabel: testwordpress
    ports:
      - protocol: tcp
        port: 80
      - protocol: tcp
        port: 3306
      - protocol: tcp
        port: 33060

The containers started and I could read the logs via

az container logs –resource-group mygroup –name wordpress-group –container-name wordpress
az container logs –resource-group mygroup –name wordpress-group –container-name mysql

I could also get the FQDN of wordpress via

az container show --resource-group mygroup --name wordpress-group  --query "{FQDN:ipAddress.fqdn,ProvisioningState:provisioningState}" --out table

The Problem

I then browsed to the port 80 endpoint for the WordPress container (URL obtained from the Azure portal) and….Error….wordpress could not connect to the database

The Solution

After much head scratching and searching I found an article that suggested using 127.0.0.1 for the “db name” in the yaml file

          - name: WORDPRESS_DB_HOST
            value: 127.0.0.1:3306

Azure Error For ACI Container

21 October 2025

The Problem

I was trying to run a “simple” hello-world Azure Container Instance. When I typed

az container create --resource-group myrersourcegroup --name mytestcontainer --image "mcr.microsoft.com/azuredocs/aci-helloworld" --dns-name-label mydnslabel --ports 80 443

And it worked.

I tried it again a few days later and I got the error

(InternalServerError) Encountered an internal server error. The tracking activity id is 'ba9613c2-70b8-4e3c-8d51-51e603d1c2c6', correlation id is '7e07cd3a-6e34-4ff6-8dde-8be7e58a6262'.



What was going on?

The Solution

It turns out that this is a DNS label error. As I had copied/pasted the command I was using the DNS name “mydnslabel” and it looks like someone else was using the same label. Changing the DNS label to another name allowed the command and container to work

OpenVPN on Docker and the Strange Error Message Saga

29 December 2024

Background

A “dockerised” version of openvpn server was running on a linux server and had been running without issue for years (as per these instructions).

The Problem

However, a fresh install of the OpenVPN client on an iPad led to error messages about an insecure hash

You are using insecure hash algorithm in CA signature.
Please regenerate CA with other hash algorithm

After some head-scratching it was realised that the home-generated certificates (CA and others) had an insecure hash algorithm (i.e. obsolete or unsafe). So it was decided to regenerate the certificates. But, firstly (which turns out to have been the mistake) was to do

apt-get upgrade

to ensure that the latest version of openssl etc was installed.

An attempt to use the previous method for certificate generation was used, however, the CA.sh script no longer works. So the certificates were generated by hand (with thanks to these guys). The openvpn server config was updated for the new certificates and the docker container restarted.

The Saga and its Solution

Hmm, the vpn did not appear to work. Had I made an error in the openvpn.conf file whilst during the fix? No, the problem turns out to be a strange issue where the container (which has run for years) was complaining about two things.

Firstly

docker container start -a my-openvpn-container

gave a clue.

Checking IPv6 Forwarding
Sysctl error for default forwarding, please run docker with '--sysctl net.ipv6.conf.default.forwarding=1'
Sysctl error for all forwarding, please run docker with '--sysctl net.ipv6.conf.all.forwarding=1'

This was a new error to me. The original container had been created via a command

docker run -v $PWD/vpn-data:/etc/openvpn -d -p 3000:1194/udp --cap-add=NET_ADMIN myownvpn

So I tried running the container with –sysctl commands:

docker run --sysctl net.ipv6.conf.default.forwarding=1 --sysctl net.ipv6.conf.all.forwarding=1 -v $PWD/vpn-data:/etc/openvpn -p 3000:1194/udp --cap-add=NET_ADMIN myownvpn

This solved the first issue, although it turns out not to be a real issue with the docker run command, the issue appears to be with a docker container run and stop/started prior to my linux apt-get upgrade. As our American cousins say “go figure”. So this ipv6 “issue” appears to be a red herring (but is documented here for completeness)

The second issue (which turns out to be the real issue) was pulled from the openvpn.log (I have a line log-append /etc/openvpn/logs/openvpn.log in the the openvpn.conf). The error message was

ERROR: Cannot open TUN/TAP dev /dev/net/tun:

After some searching I found this page which suggested adding

--device=/dev/net/tun

to the run command

docker run -d --device=/dev/net/tun --sysctl net.ipv6.conf.default.forwarding=1 --sysctl net.ipv6.conf.all.forwarding=1 -v $PWD/vpn-data:/etc/openvpn -p 3000:1194/udp --cap-add=NET_ADMIN myownvpn

And, voila, everything works again.

Conclusion

I have no idea what happened with the linux upgrade but, firstly, obviously something changed that stopped an existing container that had been stop/started many times from running correctly, no idea what/why. Secondly, no idea what changed to necessitate the addition of –device=/dev/net/tun to the docker run command, but this solved the issue.

Docker CLI and Compose Information Message

3 April 2024

From the Docker CLI when using a Docker Context for Azure and you do

docker compose up

You get the following message

Docker Compose's integration for ECS and ACI will be retired in November 2023. Learn more: https://docs.docker.com/go/compose-ecs-eol/

What that means, I think, is that Docker have stopped supported Compose from the Docker CLI. I’m not sure if you can use/is-supported Docker Compose from the azure CLI

Docker Containers and Azure – An Introduction

3 April 2024

The Problem

I wanted to start using Docker Containers on Azure as I had been using them locally for ages and found them very useful. I had progressed to using Docker Compose for multi-container apps and even for single-container apps as the compose-file contained all the information needed to run the container rather than remember port-mappings, volumes etc for the docker run command.

However….the documentation for containers on Azure is confusing. It’s simple to get a container up and running but it’s not so simple to understand what/where/why. Hence this article

DRNJ Consultancy

Category: Docker

Background

The Problem

The Solution

The Problem

The Solution

Background

The Problem

The Saga and its Solution

Conclusion

The Problem