Selfhosted

50575 readers

233 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago

MODERATORS

HybridSarcasm@lemmy.world

HybridSarcasm@lemmy.hybridsarcasm.xyz

Can't access exposed rootful podman container from outside of host device (lemmy.dbzer0.com)

submitted 1 day ago by confusedpuppy@lemmy.dbzer0.com to c/selfhosted@lemmy.world

4 comments fedilink hide all child comments

As of right now, I currently have a working Docker container for Caddy which can successfully get TLS certs and I am able to access my own test site with an external web browser.

What I want to do use the same files (Dockerfile, docker-compose.yml and Caddyfile) to do the same with Podman Compose. When I run podman compose up -d I am able to build the Caddy container and it will also successfully get it's own TLS cert.

docker-compose.yml

services:
  caddy:
    container_name: caddy
    build: .
    restart: always
    ports:
      - 80:80
      - 5050:443
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
      - caddy_data:/data
      - caddy_config:/config
      - /home/sxc-pi/shared/:/srv:Z
    networks:
      - reverse_proxy

volumes:
  caddy_data:
  caddy_config:

networks:
  reverse_proxy:
    external: true

While on the same device, I can use curl localhost:5050 and get the message Client sent an HTTP request to an HTTPS server. which is the same result as if I were using Docker. If I try to access my site through my domain name or local network ip address from an external device, the connection times out.

I didn't make any changes to my firewall or router's port forwarding because I expect Rootful Podman Compose to work similar to Docker.

I checked iptables and below are the differences between using Docker and Podman but I don't really know networking enough to understand what it's really saying

iptables differences

sxc-pi:/srv/caddy$ diff ~/iptables-docker ~/iptables-podman 
***
/home/sxc-pi/iptables-docker
+++ /home/sxc-pi/iptables-podman
@@ -31,8 +31,6 @@
 
 Chain DOCKER (2 references)
 target     prot opt source               destination         
-ACCEPT     tcp  --  anywhere             172.18.0.2           tcp dpt:https
-ACCEPT     tcp  --  anywhere             172.18.0.2           tcp dpt:http
 DROP       all  --  anywhere             anywhere            
 DROP       all  --  anywhere             anywhere            
 
@@ -70,15 +68,20 @@
 Chain NETAVARK_FORWARD (1 references)
 target     prot opt source               destination         
 DROP       all  --  anywhere             anywhere             ctstate INVALID
+ACCEPT     all  --  anywhere             10.89.0.0/24         ctstate RELATED,ESTABLISHED
+ACCEPT     all  --  10.89.0.0/24         anywhere            
 
 Chain NETAVARK_INPUT (1 references)
 target     prot opt source               destination         
+ACCEPT     udp  --  10.89.0.0/24         anywhere             udp dpt:domain
+ACCEPT     tcp  --  10.89.0.0/24         anywhere             tcp dpt:domain
 
 Chain NETAVARK_ISOLATION_2 (1 references)
 target     prot opt source               destination         
 
 Chain NETAVARK_ISOLATION_3 (0 references)
 target     prot opt source               destination         
+DROP       all  --  anywhere             anywhere            
 NETAVARK_ISOLATION_2  all  --  anywhere             anywhere            
 
 Chain ufw-after-forward (1 references)

I've also rebooted after starting the Podman containers incase there were any iptables issues but that still didn't help.

I've searched what I can but haven't gotten anything to work or get me closer to finding an answer.

I'm hoping to use Rootless Podman if I can figure this out, if not I have Docker as a fall back plan.

Any help or insight would be appreciated.

you are viewing a single comment's thread
view the rest of the comments

[–] InnerScientist@lemmy.world 2 points 23 hours ago

Disable the firewall if you can to check if that's the issue, then do a tcpdump using root with the port. Do tcpdump inside the container too and compare what you see to the docker environment.

Is caddy-caddy really the correct image?

Try with this command, it's the minimal setup that works by default (on my machine): podman run -p 0.0.0.0:5050:80 docker.io/library/caddy:latest