Sender | Message | Time |
---|---|---|
18 Apr 2024 | ||
syntolog joined the room. | 19:19:21 | |
UrbenLegend joined the room. | 19:48:48 | |
David Schadlich joined the room. | 23:38:38 | |
19 Apr 2024 | ||
xyhhx Ⓜ️ (they/them) joined the room. | 00:56:08 | |
M. Edward (Ed) Borasky joined the room. | 03:25:57 | |
bitblt | Hello again! Has anybody noticed that the podman-next version from copr doesn't work?
The system logs aren't really helpful either, as don't show any errors | 08:29:34 |
@felix:0x23.me joined the room. | 09:54:46 | |
@felix:0x23.me | I have two containers running on the same host. I try to access container2 (an app) from container 1(traefik) through the host ip and the respective bound port. | 10:09:49 |
logo (he/him) joined the room. | 14:43:31 | |
doggo | trying to translate a docker-compose instruction to be more podman compatible, but idk if it works. here is a line that defined a volume in the original docker-compose file im trynna convert:
for podman, it should be rootless, so idk how to translate this line... need a little help 😀️ | 20:48:06 |
doggo | * trying to translate a docker-compose instruction to be more podman compatible, but idk if it works. here is a line that defined a volume in the original docker-compose file im trynna convert:
for podman, it should be rootless, so idk how to translate this line... need a little help 😀️ | 20:48:45 |
doggo | * trying to translate a docker-compose instruction to be more podman compatible, but idk if it works. here is a line that defined a volume in the original docker-compose file im trynna convert:
for podman, it should be rootless, so idk how to translate this line to be rootless... need a little help 😀️ | 20:49:06 |
DoofusCanadensis | That just mounts a socket file | 23:47:09 |
DoofusCanadensis | So that the container mounting that can control the docker daemon. | 23:47:29 |
20 Apr 2024 | ||
gigidi5557 joined the room. | 12:57:51 | |
Matt joined the room. | 20:29:43 | |
21 Apr 2024 | ||
UrbenLegend | Is there a reason why the real IP of incoming requests isn't getting passed from Nginx Proxy Manager to my other containers when they're run in rootless mode? My configuration works in rootful mode, but in rootless, things like Nextcloud and Jellyfin only see requests as coming from the Nginx Proxy Manager IP address | 02:29:46 |
UrbenLegend | Seems like its related to this bug: https://github.com/containers/podman/issues/8193 | 04:19:27 |
UrbenLegend | How are you guys handling reverse proxies in rootless mode? | 04:19:35 |
Erik Sjölund | The source IP address is available to nginx if you configure nginx + rootless podman to use socket activation. I wrote some documentation about running nginx with rootless podman https://github.com/eriksjolund/podman-nginx-socket-activation/tree/main/examples/example4 On my todo-list is to see if X-Forwarded-For HTTP header works. Then the backend servers would also get the information about the source IP address. | 08:26:13 |
Erik Sjölund | I also did some experimenting with nextcloud and rootless podman in November 2023. https://github.com/eriksjolund/nextcloud-podman I think I got so far that I could see the nextcloud web interface running but I didn't do any further testing. Socket activation is used https://github.com/eriksjolund/nextcloud-podman/blob/main/nginx.socket | 08:39:39 |
@felix:0x23.me left the room. | 09:13:20 | |
baerentoeter | hi guys, im - again - having issues with podman (5.0.0) and selinux: i have a container that starts an sshd on port 22022 using network_mode: host. it works perfeclty fine when selinux is in permissive mode, but i cannot connect to the server when selinux is in enforcing mode. i have followd the steps from https://access.redhat.com/documentation/de-de/red_hat_enterprise_linux/8/html/using_selinux/creating-selinux-policies-for-containers_using-selinux but installing the policy generated by udica fails with "Failed to resolve typeattributeset statement at /etc/selinux/targeted/tmp/modules/400/base_container/cil:6" any ideas? | 11:20:44 |
baerentoeter | In reply to @baerentoeter:matrix.orgalso, everything works fine when selinux is in enforcing and the container is ran in privileged mode. however, i doubt that this is the best practice, eh | 11:23:41 |
Erik Sjölund | The sshd problem might be related to this troubleshooting tip https://github.com/containers/podman/blob/main/troubleshooting.md#33-the-sshd-process-fails-to-run-inside-of-the-container | 11:37:58 |
Erik Sjölund | (or maybe not, at least the tip was about sshd) | 11:40:13 |
baerentoeter | In reply to @eriksjolund:fedora.imthanks Erik, but i think that is not the problem im facing - i dont have reason to believe that loginuid is an issue. actually my question aims for a more general answer to the question why the whole "podman-inspect->udica->semodule" toolchain fails | 11:45:09 |
baerentoeter | Since my setup works fine when selinux is permissive, it is quite safe to say that it is an issue with the labels I guess | 11:52:57 |
Dennis (7616) joined the room. | 13:41:41 | |
@lucas_sr:matrix.org joined the room. | 23:35:06 |