5:28 a.m.
Hi all!
I'm scratching my head a little bit about how to set up my containers especially when
it comes to networking.
I've created a rootful pod with two containers to run nginx-proxy-manager
(https://nginxproxymanager.com/) and be able to publish low ports (80 and 443).
However, I now wish to run a variety of services that can be hosted in rootless
containers.
My main issue is how to have a reliable way of declaring these various rootless containers
in nginx-proxy-manager without having to rely on static IPs. I know I can't use the
dnsname plugin since the rootful and rootless containers won't be sharing the same
podman network.
The only workaround I've found so far is to publish high ports for my rootless
containers and accessing them from within the nginx-proxy-manager rootful container using
the default gateway of podman network (10.88.0.1) and the published high port in question.
Is this the right way to go ?
Thanks!
7:56 a.m.
Have you considered how pods might help your situation here? Whenever
I'm asked about networking, it's the first thing I think of anyways.
On Mon, 2021-03-01 at 11:28 +0000, Youri LACAN-BARTLEY wrote:
Hi all!
I'm scratching my head a little bit about how to set up my containers
especially when it comes to networking.
I've created a rootful pod with two containers to run nginx-proxy-
manager (https://nginxproxymanager.com/) and be able to publish low
ports (80 and 443).
However, I now wish to run a variety of services that can be hosted
in rootless containers.
My main issue is how to have a reliable way of declaring these
various rootless containers in nginx-proxy-manager without having to
rely on static IPs. I know I can't use the dnsname plugin since the
rootful and rootless containers won't be sharing the same podman
network.
The only workaround I've found so far is to publish high ports for my
rootless containers and accessing them from within the nginx-proxy-
manager rootful container using the default gateway of podman network
(10.88.0.1) and the published high port in question. Is this the
right way to go ?
Thanks!
_______________________________________________
Podman mailing list -- podman(a)lists.podman.io
To unsubscribe send an email to podman-leave(a)lists.podman.io
8:05 a.m.
Hi Youri,
I've created a rootful pod with two containers to run
nginx-proxy-
manager (https://nginxproxymanager.com/) and be able to publish low
ports (80 and 443).
You don't need to use rootfull. You can publish to 8080 and 8443 and then use
iptables/nftables PREROUTING to send traffic into the container/pod.
Example for nftables from:
https://lists.podman.io/archives/list/podman@lists.podman.io/thread/W6MCY...
$ sudo nft add table ip nat
$ sudo nft add chain ip nat nat-prerouting "{ type nat hook prerouting priority
-100;
policy accept; }"
$ sudo nft add chain ip nat nat-postrouting "{ type nat hook postrouting priority
100; policy accept; }"
$ sudo nft add rule ip nat nat-prerouting iifname "eth0" tcp dport { 80, 8080,
8081 } counter dnat 10.11.22.50
$ sudo nft add rule ip nat nat-postrouting oifname "eth0" counter masquerade
Kind regards,
Rudolf Vesely
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Monday, March 1, 2021 11:28 AM, Youri LACAN-BARTLEY <odnden(a)gmail.com> wrote:
Hi all!
I'm scratching my head a little bit about how to set up my containers especially when
it comes to networking.
I've created a rootful pod with two containers to run nginx-proxy-manager
(https://nginxproxymanager.com/) and be able to publish low ports (80 and 443).
However, I now wish to run a variety of services that can be hosted in rootless
containers.
My main issue is how to have a reliable way of declaring these various rootless
containers in nginx-proxy-manager without having to rely on static IPs. I know I can't
use the dnsname plugin since the rootful and rootless containers won't be sharing the
same podman network.
The only workaround I've found so far is to publish high ports for my rootless
containers and accessing them from within the nginx-proxy-manager rootful container using
the default gateway of podman network (10.88.0.1) and the published high port in question.
Is this the right way to go ?
Thanks!
Podman mailing list -- podman(a)lists.podman.io
To unsubscribe send an email to podman-leave(a)lists.podman.io
8:58 a.m.
Hi to you both,
Brent, I guess using a single pod for all my containers would address network isolation
but would it automatically enable name resolution or should I still create a new network
with the dnsname plugin enabled ?
I could then just use Rudolf's suggestion of running everything rootless on high ports
and PREROUTING to get to my containers from the outside.
Thanks!
1361
days inactive
1361
days old
3 comments
3 participants
participants (3)
-
Brent Baude -
Rudolf Vesely -
Youri LACAN-BARTLEY