Comment on Podman rootless and ufw
giacomo@lemm.ee 2 days ago
i too am on the docker to podman quadlet train! i switched from a ubuntu server running docker to a pretty stock ucore server with podman.
i put all my containers in a podman network. im using nginx proxy manager with inside ports 80, 81, and 443 mapped to 9080, 9081, and 9443 to keep the container rootless. i have the firewall configured witn port forwarding 80, 81, and 443 back to 9080, 9081, and 9443.
ucore is from the universal blue project and based on fedora’s coreos, so it comes with firewalld instead of ufw.
kwa@lemmy.zip 2 days ago
I wanted to do something similar. But I grouped some containers using pods and it seems it broke the networking.
Eventually I kept the pods, and exposed everything to the host where caddy can meet the services there. Not the cleanest way, especially as my firewall is turned off.
giacomo@lemm.ee 2 days ago
ah you may need to make sure the pods are added to the network. i specified the network in the .pod quadlet.
im kinda digging the podman network setup as I dont have to map a bunch of port 80s to ports on the host and keep track of them. i can just tell the proxy whatever service is running on http://{container_name}:80. that is, after I found out I needed to make a new podman network because the default “podman” network doesn’t do DNS lol.
kwa@lemmy.zip 1 day ago
Ah I think you may have solved part of the problem. I tried to use a network and have container name resolution but it failed. That’s why I went with pods and publish ports directly to the host.
I will try to use a dedicated network with DNS on, thanks!