„closed network connection“ error and Docker restart

Traefik Traefik v3 (latest)
1

Hello guys,
when stopping the Traefik Docker container I am getting those

2025-06-13T17:50:28+02:00 ERR error="accept tcp [::]:80: use of closed network connection" entryPointName=web

2025-06-13T17:50:28+02:00 ERR error="close tcp [::]:80: use of closed network connection" entryPointName=web

errors. I found many threads saying just ignore them and start the container again, which is working, but I couldnt find a solution about how to lose / avoid theses errors?

Because when I reboot my Debian system, all my Docker containers come back up thanks to --restart unless-stopped , but Traefik is not.
Due to that closed network connection error from shutting down it stays down, and this is very annoying. Booting up everything without the very much needed Traefik border router.

Thanks for your help on this!

2

btw, --restart always is not helping either

3

The error sometimes occurs during shutdown. I think it’s Docker closing the port and Traefik closing the port at the same time.

But this has nothing to do with a new start of the container. So if Traefik doesn’t start after reboot, it has to be something else.

Check the Traefik container logs and the Docker daemon logs.

4

@bluepuma77 Thanks :+1:
Think I found the error:

time="2025-06-14T16:46:04.955346290+02:00" level=error msg="failed to start container"
container=ed8aeb981d6aac6fbb933905faaf5d7f2c049aec03562709f2a78451b4d9d40d 
error="failed to create task for container: failed to create shim task: OCI runtime create failed: 
runc create failed: unable to start container process: error during container init: error mounting 
\"/path/tailscale/run/tailscaled.sock\" to rootfs at \"/var/run/tailscale/tailscaled.sock\": create 
mountpoint for /var/run/tailscale/tailscaled.sock mount: cannot create subdirectories in 
\"/var/lib/docker/overlay2/bb3ac3308587564d2e5473524bc92869600e04dd99c6e9ba2429d3db9
9e70d7a/merged/run/tailscale/tailscaled.sock\": not a directory: unknown: Are you trying to 
mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the 
expected type"

This is because Im using Tailscale and it's TLS certs with Traefik.
First I need to start the Tailscale container and do a bind mount affecting tailscaled.sock and then Ill have to bind mount that socket to Traefik. Looks to me when everything is rebooting and restarting at the same time things are not happening in the right order.

How do I change this? I would need to add a 30s delay to the Traefik docker compose at startup, and couldn't figure this out. (Tried google but didn't find a working solution)
I cannot put the two containers in one compose stack and do a "depends on"-setting because the containers are in different Docker networks. Tailscale is running in network mode host, Traefik is using a separate bridge network.

5

Why not? Can’t you create those required settings per service?

6

The depends_on directive only works with services in the same docker compose project.
And I cannot put Tailscale and Traefik in the same compose project because of docker networking: Tailscale should run in the host network, Traefik in a separate bridge network.
This sums up my (beginner‘s) docker knowledge and what I was able to look up and try out using google.
I could run all containers in the host network (Tailscale, Traefik, every proxied service), but that would be against Docker‘s networking concepts and principles I guess??

7

Why can’t you set tailscale to network_mode: host and use a Docker network for Traefik in the same compose file?

8

I thought I could not and I failed before... BUT as it turns out: I can. :star_struck:
So docker-wise, Ive made it happen: created a compose project which starts up Tailscale, then waits for it to become 'healthy' then spins up Traefik. Works like a charm.

Screen Shot 2025-06-16 at 05.28.06 AM
Screen Shot 2025-06-16 at 05.28.06 AM1824×138 15.8 KB

and after 30s it looks like this

Screen Shot 2025-06-16 at 05.28.26 AM
Screen Shot 2025-06-16 at 05.28.26 AM1824×132 16.6 KB

BUT unfortunately, it still doesn't do reboots :woozy_face:

time="2025-06-16T05:31:37.779063771+02:00" level=error msg="failed to start 
container" container=841eba error="failed to create task for container: 
failed to create shim task: OCI runtime create failed: runc create failed: 
unable to start container process: error during container init: error mounting 
\"/mypath/tailscale/run/tailscaled.sock\" to rootfs at 
\"/var/run/tailscale/tailscaled.sock\": create mountpoint for 
/var/run/tailscale/tailscaled.sock mount: cannot create subdirectories in 
\"/var/lib/docker/overlay2/da30a/merged/run/tailscale/tailscaled.sock\": 
not a directory: unknown: Are you trying to mount a directory onto a file 
(or vice-versa)? Check if the specified host path exists and is the expected 
type"

Any further ideas?

@bluepuma77 Thank you very much for the help on docker / docker compose. Your questions were pointing me into the right direction and Ive learned a thing or two :+1:

9

P.S. I know this is not a Traefik problem. I should (will) post this in a Docker help forum.

10

See you there :wink:

11

It's not really a docker problem, either. I'm pretty sure it's a tailscale problem. I believe the problem is that Compose is creating the bind to /mypath/tailscale/run/tailscaled.sock for the traefik container before starting the tailscale container, while the tailscale container is actually creating that socket. Can you bind /mypath/tailscale/run, rather than just the socket file? Or if that exposes too much to your traefik container, can you specify a different path for the socket to Tailscale, and then bind the directory that will contain that to both containers.

1 Like
12

Wow. Just wow :star_struck:
This perfectly works and now all containers are coming back up after a reboot.

@auspex Thanks !!

1 Like