Azure-docs: Exposing Docker socket to a container via volumne

Thanks for the question. We are currently investigating and will update you shortly.

Thanks. Just for context.

1) this is the docker compose loaded into the container settings:

version: "3.7"

services:

  traefik:
    image: "traefik:v2.0"
    privileged: true
    command:
      #- "--log.level=DEBUG"
      - "--providers.docker.endpoint=unix:///var/run/docker.sock"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entryPoints.web.forwardedHeaders.insecure"
    ports:
      - "80:80"
      - "8080:8080"
    volumes:
      - ${WEBAPP_STORAGE_HOME}/var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      - testnet4

  whoami:
    image: "containous/whoami"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.rule=HostRegexp(`{catchall:.*}`)"
      - "traefik.http.routers.whoami.entrypoints=web"
      - "traefik.http.middlewares.test-auth.forwardauth.trustForwardHeader=true"
    ports:
      - "81:80"
    networks:
      - testnet4

networks:
  testnet4:
    name: testnet4
    driver: bridge

Startup log from azure console:
2019-09-22 06:58:06.860 INFO - Pulling image from Docker hub: library/traefik:v2.0
2019-09-22 06:58:08.273 INFO - v2.0 Pulling from library/traefik
2019-09-22 06:58:08.742 INFO - Digest: sha256:0226dc713901a6fe91c618fe64a17dfa8fdadd10ce2059433e11a911d75086c4
2019-09-22 06:58:08.742 INFO - Status: Image is up to date for traefik:v2.0
2019-09-22 06:58:08.780 INFO - Pull Image successful, Time taken: 0 Minutes and 1 Seconds
2019-09-22 06:58:08.790 INFO - Starting container for site
2019-09-22 06:58:08.790 INFO - docker run -d -p 56991:80 --name containertest1_traefik_3_2507f26b -e WEBSITES_ENABLE_APP_SERVICE_STORAGE=true -e WEBSITE_SITE_NAME=containertest1 -e WEBSITE_AUTH_ENABLED=False -e WEBSITE_ROLE_INSTANCE_ID=0 -e WEBSITE_HOSTNAME=containertest1.azurewebsites.net -e WEBSITE_INSTANCE_ID=9c45f76fcf2ed72fc0f79776f0387a38a4f53d6739f8aa06a66a120a04466857 -e HTTP_LOGGING_ENABLED=1 traefik:v2.0 --providers.docker.endpoint=unix:///var/run/docker.sock --api.insecure=true --providers.docker=true --providers.docker.exposedbydefault=false --entrypoints.web.address=:80 --entryPoints.web.forwardedHeaders.insecure

2019-09-22 06:58:09.062 INFO - Pulling image from Docker hub: containous/whoami
2019-09-22 06:58:09.871 INFO - latest Pulling from containous/whoami
2019-09-22 06:58:09.872 INFO - Digest: sha256:09229ae40edb92e95b15e90fef46bfadab14fd1ec2232aca717a501741fcf391
2019-09-22 06:58:09.872 INFO - Status: Image is up to date for containous/whoami:latest
2019-09-22 06:58:09.889 INFO - Pull Image successful, Time taken: 0 Minutes and 0 Seconds
2019-09-22 06:58:09.900 INFO - Starting container for site
2019-09-22 06:58:09.900 INFO - docker run -d -p 0:80 --name containertest1_whoami_3_2507f26b -e WEBSITES_ENABLE_APP_SERVICE_STORAGE=true -e WEBSITE_SITE_NAME=containertest1 -e WEBSITE_AUTH_ENABLED=False -e WEBSITE_ROLE_INSTANCE_ID=0 -e WEBSITE_HOSTNAME=containertest1.azurewebsites.net -e WEBSITE_INSTANCE_ID=9c45f76fcf2ed72fc0f79776f0387a38a4f53d6739f8aa06a66a120a04466857 -e HTTP_LOGGING_ENABLED=1 containous/whoami

2019-09-22 06:58:29.181 INFO - Started multi-container app
2019-09-22 06:58:29.290 INFO - Initiating warmup request to container containertest1_traefik_3_2507f26b for site containertest1
2019-09-22 06:58:29.291 INFO - Container containertest1_traefik_3_2507f26b for site containertest1 initialized successfully and is ready to serve requests.

However, the container start, the traefik container is not able to access the docker.sock.

2019-09-22T06:59:20.123632472Z time="2019-09-22T06:59:20Z" level=error msg="Failed to retrieve information of the docker client and server host: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?" providerName=docker
2019-09-22T06:59:20.123680072Z time="2019-09-22T06:59:20Z" level=error msg="Provider connection error Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?, retrying in 10.163166574s" providerName=docker

This configuration works on my local test environment without any problem, but not loaded into Azure App service.

@whentotrade, Thanks for the question! Kindly take a look at the FAQs:
I'm using my own custom container. I want the platform to mount an SMB share to the /home/ directory.
If WEBSITES_ENABLE_APP_SERVICE_STORAGE setting is unspecified or set to true, the /home/ directory will be shared across scale instances, and files written will persist across restarts. Explicitly setting WEBSITES_ENABLE_APP_SERVICE_STORAGE to false will disable the mount. Reference

Can I bring my own storage?
Yes, bring your own storage is in preview.

We really appreciate all the valuable feedback you share, you could always post your suggestions on the feedback forum (UserVoice) https://feedback.azure.com/forums/169385-web-apps - All of the feedback you share on those forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Azure.

Since we have not heard back from you we will now proceed to close this thread. If there are further questions regarding this matter, please tag me in your reply and we will gladly continue the discussion.

why was this closed? the reply had nothing to do with the question.

The question was about mounting docker.sock so that the container can run docker commands, the reply was about mounting volumes

Hi @paulpach, the issue was closed because of no response but your point is fair. When using Web App for Containers, it is not possible to access docket.socket due to PaaS limitations for accessing the Docker daemon. As a workaround, AKS allows for greater control over the environment or you can use docker on a VM.