Add example that runs Caddy in the network namespace of rootless Podman. Use a systemd system service (configured with User=)
#21
Comments
eriksjolund
added a commit
that referenced
this issue
Nov 24, 2024
The implementation makes use of
ExecStart=bash -c "exec nsenter \
--preserve-credentials \
--net=/proc/$(cat $XDG_RUNTIME_DIR/containers/networks/aardvark-dns/aardvark.pid)/ns/net \
--user=/proc/$(cat $XDG_RUNTIME_DIR/libpod/tmp/pause.pid)/ns/user \
--mount=/proc/$(cat $XDG_RUNTIME_DIR/libpod/tmp/pause.pid)/ns/mnt \
/usr/local/bin/caddy run --environ --config /srv/caddy/Caddyfile"
Fixes: #21
Signed-off-by: Erik Sjölund <[email protected]>
eriksjolund
added a commit
that referenced
this issue
Nov 24, 2024
The implementation makes use of
ExecStart=bash -c "exec nsenter \
--preserve-credentials \
--net=/proc/$(cat $XDG_RUNTIME_DIR/containers/networks/aardvark-dns/aardvark.pid)/ns/net \
--user=/proc/$(cat $XDG_RUNTIME_DIR/libpod/tmp/pause.pid)/ns/user \
--mount=/proc/$(cat $XDG_RUNTIME_DIR/libpod/tmp/pause.pid)/ns/mnt \
/usr/local/bin/caddy run --environ --config /srv/caddy/Caddyfile"
Fixes: #21
Signed-off-by: Erik Sjölund <[email protected]>
eriksjolund
added a commit
that referenced
this issue
Nov 24, 2024
The implementation makes use of
ExecStart=bash -c "exec nsenter \
--preserve-credentials \
--net=/proc/$(cat $XDG_RUNTIME_DIR/containers/networks/aardvark-dns/aardvark.pid)/ns/net \
--user=/proc/$(cat $XDG_RUNTIME_DIR/libpod/tmp/pause.pid)/ns/user \
--mount=/proc/$(cat $XDG_RUNTIME_DIR/libpod/tmp/pause.pid)/ns/mnt \
/usr/local/bin/caddy run --environ --config /srv/caddy/Caddyfile"
Fixes: #21
Signed-off-by: Erik Sjölund <[email protected]>
eriksjolund
added a commit
that referenced
this issue
Nov 24, 2024
The implementation makes use of
ExecStart=bash -c "exec nsenter \
--preserve-credentials \
--net=/proc/$(cat $XDG_RUNTIME_DIR/containers/networks/aardvark-dns/aardvark.pid)/ns/net \
--user=/proc/$(cat $XDG_RUNTIME_DIR/libpod/tmp/pause.pid)/ns/user \
--mount=/proc/$(cat $XDG_RUNTIME_DIR/libpod/tmp/pause.pid)/ns/mnt \
/usr/local/bin/caddy run --environ --config /srv/caddy/Caddyfile"
Fixes: #21
Signed-off-by: Erik Sjölund <[email protected]>
eriksjolund
added a commit
that referenced
this issue
Nov 24, 2024
The implementation makes use of
ExecStart=bash -c "exec nsenter \
--preserve-credentials \
--net=/proc/$(cat $XDG_RUNTIME_DIR/containers/networks/aardvark-dns/aardvark.pid)/ns/net \
--user=/proc/$(cat $XDG_RUNTIME_DIR/libpod/tmp/pause.pid)/ns/user \
--mount=/proc/$(cat $XDG_RUNTIME_DIR/libpod/tmp/pause.pid)/ns/mnt \
/usr/local/bin/caddy run --environ --config /srv/caddy/Caddyfile"
Fixes: #21
Signed-off-by: Erik Sjölund <[email protected]>
eriksjolund
added a commit
that referenced
this issue
Nov 28, 2024
Related to #21 Signed-off-by: Erik Sjölund <[email protected]>
eriksjolund
added a commit
that referenced
this issue
Nov 28, 2024
Related to #21 Signed-off-by: Erik Sjölund <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add an example that runs Caddy in a systemd system service that is configured with the systemd directive
User=This makes it possible to use Caddy as an HTTP reverse proxy for a rootless Podman custom network.
Caddy as well as the containers running in the custome network will be running rootless.
Systemd system manager (which runs as root) creates a socket for Caddy so there is no need to lower
the kernel parameter ip_unprivileged_port_start to use port 80 and 443.
Caddy should run in the network namespace of rootless Podman.
It looks like there are three possible alternative implementation ideas
Not officially supported by the Podman project.
Reference:
The text was updated successfully, but these errors were encountered: