Container/Portainer apps not getting deployed properly all of a sudden.

photogen3 · September 16, 2025, 4:58am

I have been successfully deploying apps like PiHole, Sonarr, and Radarr until something went wrong with the deployment. The new apps I am deploying initially have ports, but in a bit, the ports disappear and the app is inaccessible through the browser. The pic below illustrates what I have explained:

I have restarted the NAS as well as Portainer, but to no avail. I have even redeployed them repeatedly, and that hasn’t worked either.

Hopefully, someone can show me what I am doing wrong or what could have gone wrong. All help will be appreciated. For me, moving from Synology to QNAP has been a little rough. It seems QNAP is more suitable for people who know exactly what they are doing. Synology seems to work for noobs.

Regards

NA9D · September 16, 2025, 1:32pm

So how do you have the network set up for your containers. By default, QNAP sets up a 10.0.0.0 based network for container operations and uses the Network and Virtual Switch app to create routing internally. This is OK for some things but most of the time you want an IP address on your LAN for things like PiHole. What you need to do is put the container in Bridge mode.

1.) Open Container Station.
2.) Select your particular container app and then click the “Edit” button in the upper right:

3.) Select Network. This is how my PiHole instance is set up

You will have to delete the initial set up which would be NAT. The click Add. Select Network Mode as Bridge and click to use a static IP (absolutely needed if you are using PiHole, etc).

The default address will be the address of the NAS (in my case 192.168.0.1) but pick another address that is outside of your DHCP pool on your network. Fill out all the normal network stuff and off you go.

This should help you quite a bit. Please let me know if you still need help.

photogen3 · September 17, 2025, 1:08pm

Hi,

Thank you for responding. I have been doing what you say for most deployments. My Pihole works precisely as you mentioned. I have stopped it currently as it is slowing down the web as well as not allowing some allowed sites to open.

Nonetheless I did exactly as you mentioned and got the same result:

I deployed this using Portainer. I followed what was mentioned in this guide (pasting the time link):

I created a network called external and started deploying Sonarr, Radarr, etc, which are working fine.

Hope this helps you in helping me.

Regards

Weedy · September 18, 2025, 1:58am

If you are going to use Portainer GUI I think you need to flip “Enable manual container attachment” ON.

I setup mine with a little SSH

docker network rm external_edge

docker network create \
  --driver "bridge" \
  --opt "encrypted" \
  --scope "local" \
  --subnet "172.27.1.0/24" \
  --subnet "fd00:69:420:42::/64" \
  --ipv6 \
  --attachable \
  "external_edge"

And I used to use Stacks.

Weedy · September 18, 2025, 2:01am

Wait, why the hell does he make you setup a VM to run docker (maybe still on the host?) only to install Portainer.

This is so much extra shit to dump on you right at the beginning,

NA9D · September 18, 2025, 3:08am

My Pihole works precisely as you mentioned. I have stopped it currently as it is slowing down the web as well as not allowing some allowed sites to open.

Pihole will block some sites by default - like if you are on Amazon and click on on a “sponsored” item. It’s likely going to be blocked. You can whitelist and change things to allow sites to load.

It really should not slow down your browsing one bit, not if you have it set up correctly and all.

You showed your “Networks” image above. What page is that from? That is not from Network and Virtual Switch. That is not what NVS shows. Is that from Portainer? Why are you running Portainer? You already have Container Station on the NAS…There is no reason to use Portainer and that is likely part of your problem.

In NVS, you see the networks like this:

And:

I have no idea how you have your system set up since it’s way outside Container Station and it’s possible you have multiple NAT layers or routing paths which is why you get disconnections and slow pi-hole performance. I’m sorry but I cannot help you further since you are not using ContainerStation and I have no idea how Portainer works or how it should be set up.

Weedy · September 19, 2025, 3:17am

There are a lot of reasons to use notCS, Applications aren’t really docker compose and once you need more then “spin up a single app” CS limitations really start to give you problems.

Jellyfin with GPU accel:

on CS, took me hours and liked to break every docker image update.
using SSH/Arcane/dockage/Portainer, worked 2nd try and has never broken from “outside” influence when updating the image.

Also trying to get help from and you tell them you are using CS? They are going to tell you to pound sand.
SSH/Arcane/dockage/Portainer stacks are either docker compose or ALMOST vanilla docker compose so you can go to github or mailing lists and ask for help.

Now that I know what I’m doing I could probably redo my entire stack using JUST CS applications. But even then I break easy snapshots/backups AND I’m stuck with the limited options you get in CS. deploy: resources: is just blocked.

AND THEN, if you use SSH/Arcane/dockage you are doing everything with just folders on the filesystem. If you ever want to move your containers to another box you can just rsync -av the parent directory and you’re done.
Trying to extract things out of /share/Containers/ is really hard.

photogen3 · September 19, 2025, 11:53am

Hi @Weedy - “Enable manual container attachment ON" how do I flip it on?

Wait, why the hell does he make you setup a VM to run Docker (maybe still on the host?) only to install Portainer

No, while I did not install the VM, I think this is the first part of installing arr apps.

@NA9D I actually set it up using this https://www.youtube.com/watch?v=hidjGrMyTpY. Though it is for Synology it broadly works for QNAP. I have set it up properly I think but it slows down everything my MacBook, the NAS, even browsing pages take time opening. Considering I am on 1 Gbps on MacBook Pro M4, 48gb ram, it really should not be the case so it has to be Pihole. If anything the issue could be that my connection has CGNAT and I don’t have any other option but that unless I go for an expensive business connection.

Portainer is nothing complicated; it is supposed to be a more straightforward GUI to implement stuff on Container Station. However, I don’t find much difference. I performed the 3-second reset for network settings yesterday, but it did not resolve the issue. This is how I am set up right now:

Regards

NA9D · September 20, 2025, 2:16pm

Looking at your virtual switch config, all your containers are on the 172.29.0.0 network which is different from your LAN of 192.168.29.0. I think therein lies your problem. You are having to NAT for every DNS lookup and relying on the routing provided by NVS. Take and put your Container Network onto your LAN in bridge mode so you don’t have to do all that extra work.

Weedy · September 20, 2025, 3:44pm

When you made the bridge, the toggle is right there.

Also I agree with @NA9D, I don’t know why your tutorial had you NAT pihole but that should run on the host network at minimum. That said trying to get the admin UI and DoT/DoH working might be a problem with docker.

I don’t use pihole so I’m not sure what the best practises are.
I would imagine in a perfect world you want pihole to have a fresh IP on your home network (192.168.0.xxx I think?) and then it can do whatever it wants without limits.
DNS is a pain and you want as few layers running between your resolver and clients.

NA9D · September 20, 2025, 7:42pm

Correct - Run PiHole on your LAN. Do not NAT it. DNS uses UDP and UDP traffic does not traverse NAT interfaces very well…

photogen3 · September 21, 2025, 1:27pm

Hi,

After removing the container station and the virtual adapter. I searched the net and it seems Container Station is essential to installing pi-hole. So I installed the CS again and a virtual adapter was created:

Also, another issue has crept up where I can explore for apps but I cannot create them. I wonder how to take care of that:

Does not work whether I use the basic or advanced mode.

Regards

photogen3 · September 21, 2025, 1:28pm

Hi,

@NA9D @Weedy Thank you so much for your response, staying at it with me. It looks like we may have a solution here. But I am going to ask you guys some really noob questions, please bear with me.

Should I delete the virtual switch?
If I do so, will I have to do a 3-second reset of the network?
Will I have to reinstall everything again, or will all the installed apps through Docker move to the LAN from the virtual switch?
If I remember correctly, most of these things have a bridged connection. The ones implemented through Portainer have an external network that I had created as advised in the video.

@Weedy, I figured out ‘enable manual container attachment’ on the Portainer deploy page. I don’t see the driver configuration set up anywhere.

Regards

NA9D · September 21, 2025, 1:40pm

You can’t delete the virtual switch. What you can do is move those items to be utilized by your main NIC.

I don’t know how Portainer does it but it ContainerStation, you can set the network mode to bride and chose an IP address, etc.

You can move your container network to the main LAN in Network and Virtual Switch. Right click on the container network and select “Settings.” Then you chose the adapter and the application:

Then click next. Click next again and you get:

Here you should be able to set your IP address, etc. Again, YMMV because you are using Portainer. I am not 100% sure how to guide you.

NA9D · September 21, 2025, 1:47pm

Yes, virtual adapters are used all the time. I’m not sure why you were not having luck creating the container.

One of the QNAP staff members yesterday posted a very good tutorial on installing PiHole. I’m not sure if the version that gets installed in that writeup is the latest build but it’s a good way to start.

But in CS, don’t try to enter the name of the package in the Create Container page. In the main page, click on Explore:

There’s Pi-Hole right there. Now you can also Search for pi-hole in the repository…

Do it this way and you should have no problem deploying…

photogen3 · September 21, 2025, 9:14pm

@NA9D Thank you mate. I removed everything and went about as you guys asked and mostly everything is installing well. Things that were giving me trouble earlier are sorted. Thank you very much.

Regards

NA9D · September 22, 2025, 1:37am

Great news! Hopefully you get all your stuff working in whatever “container” app you want to use. Sorry I couldn’t help you more with Portainer. Just know nothing about it and how it sets up.

photogen3 · September 22, 2025, 5:31pm

@NA9D I am not using Portainer as yet. I’ll get everything set up soon, as its all from scratch now. Thank you again for all your help. Will be back if I need more.

Regards

Weedy · September 22, 2025, 10:22pm

If you already have SSH running and are comfortable with using the shell I highly suggest Arcane/dockage.

CS is a nice UI but if you ever need to go to github because something broke during a version upgrade you are going to get stink eye from app devs.

Also I wouldn’t automatically bridge all your stuff to the host network.
DNS Yeah. Entire *arrr stack/jellyfin/linux ISOs/etc not necessarily.

But for now ease into it. Learn docker. Try not to get too mad at QNAP networking decisions.

Weedy · September 22, 2025, 10:29pm

One thing with good tutorials (the one you used, the one I used). They had us keep apps outside of CS data directory. So it’s really easy to back up everything and move containers off the NAS if the time comes for a more powerful machine. I have everything under /share/docker/ (QuTS)

Password:
[admin@TheVault weedy]# cd /share/docker/stacks/arcane/
[admin@TheVault arcane]# cat compose.yaml
networks:
  # create the below network before running this template
  external_edge:
    external: true
    enable_ipv6: false

services:
  arcane:
    networks:
      external_edge:
        ipv4_address: 172.27.1.250
    container_name: arcane
    image: ghcr.io/ofkm/arcane:next
    deploy:
      resources:
        limits:
          cpus: '1.0'
          memory: 192M
      restart_policy:
        condition: any
        delay: 3s
        window: 17s
    security_opt:
      - no-new-privileges:true
    environment:
      # Server Configuration
      - APP_ENV=${APP_ENV}
      - APP_URL=${APP_URL}
      - ENVIRONMENT=${APP_ENV}
      - OIDC_ENABLED=false
      - PORT=3552
      # Entropy for encryption
      - ENCRYPTION_KEY=${ENCRYPTION_KEY}
      - JWT_SECRET=${A_SECRET}
      # Optional: Set if Docker access fails
      - DOCKER_GID=0
      # Optional: Match your host user for permissions
      - PUID=1001
      - PGID=1000
      - TZ=America/Toronto
    ports:
      - '3552:3552'
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:rw
      - /share/docker/appdata/arcane/config:/app/data
      - /share/docker/compose:/app/data/templates
      - /share/docker/stacks:/app/data/projects
    labels:
      - com.ofkm.arcane.updater=false
    restart: always


  dockerproxy:
    networks:
      external_edge:
        ipv4_address: 172.27.1.251
    container_name: dockerproxy
    image: ghcr.io/tecnativa/docker-socket-proxy:latest
    deploy:
      resources:
        limits:
          cpus: '0.5'
          memory: 24M
      restart_policy:
        condition: any
        delay: 3s
        window: 7s
    environment:
#      - PUID=1001
#      - PGID=1000
      - TZ=America/Toronto
      - CONTAINERS=1 # Allow access to viewing containers
      - SERVICES=1 # Allow access to viewing services (necessary when using Docker Swarm)
      - TASKS=1 # Allow access to viewing tasks (necessary when using Docker Swarm)
      - POST=0 # Disallow any POST operations (effectively read-only)
    ports:
      - 127.0.0.1:2375:2375
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro # Mounted as read-only
    restart: always
[admin@TheVault arcane]# ls -al /share/docker/
drwxrwx---    9 1001     1000             9 Jul 27 13:10 .
drwxr-xr-x    3 root     root             4 Apr 24 20:08 ..
drwxrwxr-x    2 1001     1000            18 Sep 22 05:00 @Recently-Snapshot
drwxrwxr-x    2 1001     1000             3 May 17 00:09 @Recycle
drwxrwxr-x    9 1001     1000             9 Jul 27 13:17 appdata
drwxrwxr-x    3 1001     1000             3 Sep 15 23:31 compose
drwxrwxr-x    2 1001     1000             2 Apr 25 00:58 scripts
drwxrwxr-x    2 1001     1000             2 Apr 25 00:58 secrets
drwxrwxr-x   11 1001     1000            11 Sep 15 23:56 stacks
[admin@TheVault arcane]#

And since it’s all just files on a network share I can peak into whats going on with SMB. Edit config files or adjust compose.yaml. I have Arcane/dockage going so I can do admin from the browser also. It’s nice.

Container Station is great until the QNAP limitations start to make you work harder. For me that was barely a week into starting with my NAS and learning docker. Nobody makes CS tutorials, everyone has docker compose or Portainer tutorials.

Good luck!