return to main page
status: experimental
graph TB
a1[curl] -.->a2[nginx container reverse proxy]
a2 -->|"for http://apache.example.com"| a3["apache httpd container"]
a2 -->|"for http://caddy.example.com"| a4["caddy container"]
Containers:
| Container image | Type of service | Role | Network | Socket activation |
|---|---|---|---|---|
| docker.io/library/nginx | systemd system service with User=test4 |
HTTP reverse proxy | internal bridge network | ✔️ |
| docker.io/library/httpd | systemd user service | backend web server | internal bridge network | |
| docker.io/library/caddy | systemd user service | backend web server | internal bridge network |
This example is similar to Example 3 but here the nginx container is configured as an HTTP reverse proxy for two backend web server containers (apache httpd and caddy). All containers are run by rootless podman, which belongs to the user test4. The containers communicate over an internal bridge network that does not have internet access.
These instructions were tested on Fedora 39 with Podman 4.7.2.
These install instructions will create the new user test4 and install these files:
/etc/systemd/system/example4.socket
/etc/systemd/system/example4.service
/home/test4/.config/containers/systemd/caddy.container
/home/test4/.config/containers/systemd/apache.container
/home/test4/.config/containers/systemd/example4-net.network
/home/test4/nginx-reverse-proxy-conf/apache-example-com.conf
/home/test4/nginx-reverse-proxy-conf/caddy-example-com.conf
/home/test4/nginx-reverse-proxy-conf/default.conf
and start caddy.service, apache.service and example4.socket.
- Clone this GitHub repo
$ git clone URL - Change directory
$ cd podman-nginx-socket-activation - Choose a username that will be created and used for the test
$ user=test4 - Run install script
$ sudo bash ./examples/example4/install.bash ./ $user - Check the status of the backend containers
$ sudo systemctl --user -M ${user}@ is-active apache.service active $ sudo systemctl --user -M ${user}@ is-active caddy.service active - Check the status of the HTTP reverse proxy socket
$ sudo systemctl is-active example4.socket active
- Test the nginx HTTP reverse proxy
Result: Success. The nginx reverse proxy fetched the output from the apache httpd container.
$ curl -s --resolve apache.example.com:80:127.0.0.1 apache.example.com:80 <html><body><h1>It works!</h1></body></html>Result: Success. The nginx reverse proxy fetched the output from the caddy container.$ curl -s --resolve caddy.example.com:80:127.0.0.1 caddy.example.com:80 | head -4 <!DOCTYPE html> <html> <head> <title>Caddy works!</title>
systemd does not support having dependencies between systemd system services and systemd user services. Because of that we need to make sure that example4.service is started after
- podman has created the network systemd-example4-net
- podman has started apache-container (apache.service) and caddy-container (caddy.service)
A possible future modification to Example 4 could be to also run the backend web servers inside systemd system services with User=.
Then it would be possible to configure dependencies between the services by adding After=, Depends=, Requires= directives.