Harp Proxy Fails to Start in Proxmox 9 LXC due to Restricted Syscalls #50
Description
Hi everybody,
I'm running Nextcloud in a a privileged LXC on Proxmox 9/Debian 13 and am running into issues deploying the HaRp Proxy.
When I run this command:
docker run \
-e HP_SHARED_KEY="password" \
-e NC_INSTANCE_URL="http://domain.org" \
-e HP_EXAPPS_ADDRESS="127.0.0.1:8780" \
-v /var/run/docker.sock:/var/run/docker.sock \
-v "$(pwd)"/certs:/certs \
--name appapi-harp \
-h appapi-harp \
--restart unless-stopped \
--network host \
-d ghcr.io/nextcloud/nextcloud-appapi-harp:release
the container won't start up:
AttributeError: '_UnixSelectorEventLoop' object has no attribute '_ssock'
sys:1: RuntimeWarning: coroutine 'main' was never awaited
I already tried adding this to the configuration of my Nextcloud-LXC:
lxc.apparmor.profile: unconfined
features: nesting=1
lxc.cgroup2.devices.allow: a
lxc.cgroup.devices.allow: a
raw.lxc: |
lxc.seccomp = 0
but that didn't help either.
When I add --security-opt apparmor=unconfined \ to the docker run command, the Harp container starts up without problems. However, then the deployment test from the Nextcloud configuration fails.
ChatGPT tells me: LXC on Proxmox 9 (Debian 13) still restricts certain kernel syscalls (e.g. socketpair()) even in a privileged container with AppArmor and Seccomp disabled. This blocks Python’s asyncio event loop and HAProxy’s CLI socket creation.
Is it possible that HaRP is not compatible with Debian 13 or generally incompatible with LXCs?
Thanks!