You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently trying to lay out my whole podman strategy. Reverse proxy is looking to be one of the big challenges. I have seen a number of different solutions, but not the one I'm interested in.
I have two primary requirements:
Minimal per container configuration, defined in the container itself, rather than a central location. (such as a caddyfile)
Wildcard SSL.
I'm currently using Docker with nginx-proxy, which fulfills 1 perfectly by only requiring me to define the hostname in an environment variable on the container, and an additional variable if using a non standard HTTP port. (as long as nginx-proxy can access the container network) I don't want to and I shouldn't need to configure anything else, except perhaps SSL configuration, which I'm currently doing externally. I'm fine with managing SSL externally somehow, as long as it does not violate requirement 1.
Some additional info:
I'm planning to use quadlets.
I will be running containers in different namespaces using the --userns=auto option. (might be relevant?)
I don't need to expose privileged ports for the reverse proxy.
I prefer not to use a podman socket, if at all avoidable, but might be willing to do so if that's the only blocker.
I'm prepared to go to some length configuring the system in order to make per container configuration as painless as possible. For example, I don't know fully how systemd generators work, but I feel like I should be able to utilize one of them in order to generate the necessary unit parameters for a nginx, Caddy or Traefik proxy. I don't know fully what my networking options are, but perhaps that can be covered be a generator, too.
I've seen solutions involving socket activation. I don't fully understand it, but that's not something I really need. It seems cool, but I don't want to compromise requirement 1 to any significant degree.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi,
Currently trying to lay out my whole podman strategy. Reverse proxy is looking to be one of the big challenges. I have seen a number of different solutions, but not the one I'm interested in.
I have two primary requirements:
I'm currently using Docker with nginx-proxy, which fulfills 1 perfectly by only requiring me to define the hostname in an environment variable on the container, and an additional variable if using a non standard HTTP port. (as long as nginx-proxy can access the container network) I don't want to and I shouldn't need to configure anything else, except perhaps SSL configuration, which I'm currently doing externally. I'm fine with managing SSL externally somehow, as long as it does not violate requirement 1.
Some additional info:
--userns=autooption. (might be relevant?)I'm prepared to go to some length configuring the system in order to make per container configuration as painless as possible. For example, I don't know fully how systemd generators work, but I feel like I should be able to utilize one of them in order to generate the necessary unit parameters for a nginx, Caddy or Traefik proxy. I don't know fully what my networking options are, but perhaps that can be covered be a generator, too.
I've seen solutions involving socket activation. I don't fully understand it, but that's not something I really need. It seems cool, but I don't want to compromise requirement 1 to any significant degree.
Beta Was this translation helpful? Give feedback.
All reactions