this post was submitted on 26 Feb 2025
21 points (100.0% liked)

Podman

124 readers
1 users here now

founded 2 years ago
MODERATORS
Ategon
21
Podman is so much better than Docker (lemmy.zip)
submitted 6 days ago* (last edited 6 days ago) by [email protected] to c/podman
13 comments fedilink hide all child comments
 

It is faster, leaner and translates well into Kubernetes. I also like podman Quadlets

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 5 days ago (1 children)

Any chance you could go into more depth on your reverse proxy config? By the sounds of it you’re doing exactly what I would like to do with my services. Which reverse proxy are you using? What does your config look like? I’ve been trying to get both nginx and caddy working in the last 2 weeks and I’m REALLY struggling to get subnets working. My ideal setup would be using Tailscale and being able to follow the scheme service.Device.tailXXXX.ts.net. I’m struggling to find the reverse proxy config and DNS entries on my local network to get that working. I’ve seen comments saying people have done this, but none of them have shared their configs.

[–] Deebster 2 points 4 days ago* (last edited 4 days ago) (1 children)

I use Caddy (with the Cloudflare module to handle the ACME stuff) as just another container. My setup is more classic internet server stuff - it's a VPS and all the services are internet-facing, so the DNS is via standard DNS records. Every service is on its own subdomain.

My Caddy config is pretty minimal:

$ cat caddy/Caddyfile
{
        # Global configuration
        acme_dns cloudflare myapikey
        email mycloudflareaccount
        debug
        servers {
                metrics
        }
}

manga.example.com {
        reverse_proxy kavita:5000
}

...more containers

# healthcheck target
:8080 {
        respond 200
}

$ cat .config/containers/systemd/caddy.container
[Unit]
Description=Caddy reverse proxy
After=local-fs.target

[Container]
ContainerName=caddy
Image=caddycustom
Network=kavita.network
...more networks
PublishPort=1080:80
PublishPort=1443:443
PublishPort=1443:443/udp
PublishPort=2019:2019
Volume=${HOME}/caddy/Caddyfile:/etc/caddy/Caddyfile:Z
Volume=${HOME}/caddy/data:/data:Z
Volume=${HOME}/caddy/config:/config:Z
Volume=${HOME}/caddy/httpdocs:/var/www/httpdocs:Z
HealthCmd=wget -q -t1 --spider --proxy off localhost:8080 || exit 1

[Service]
Restart=always
ExecReload=podman exec caddy /usr/bin/caddy reload -c /etc/caddy/Caddyfile

[Install]
WantedBy=multi-user.target default.target

I have a dedicated podman user (fairly restricted, no sudo, etc) that just hosts podman (i.e. the service containers and Caddy). As it's all rootless, I use firewalld to make caddy show up on ports <1024: firewall-cmd --add-forward-port=port=80:proto=tcp:toport=8080. I prefer the tiny performance hit to mucking around with the privileged ports but for completeness you can do that with sysctl -w net.ipv4.ip_unprivileged_port_start=80.

I don't specify subnets at all; I specify podman networks (one per service) and let podman handle the details.

[–] [email protected] 2 points 4 days ago (1 children)

Thanks so much! I’m only just about to make the switch to Podman, sounds like it’s going to make life a good bit simpler.

[–] Deebster 2 points 4 days ago

My pleasure! Answering your question is a good motivation to actually document my setup.

Also, if you're moving configs over, you might find podlet useful.