As of right now, I currently have a working Docker container for Caddy which can successfully get TLS certs and I am able to access my own test site with an external web browser.

What I want to do use the same files (Dockerfile, docker-compose.yml and Caddyfile) to do the same with Podman Compose. When I run podman compose up -d I am able to build the Caddy container and it will also successfully get it’s own TLS cert.

docker-compose.yml 
services:
  caddy:
    container_name: caddy
    build: .
    restart: always
    ports:
      - 80:80
      - 5050:443
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
      - caddy_data:/data
      - caddy_config:/config
      - /home/sxc-pi/shared/:/srv:Z
    networks:
      - reverse_proxy

volumes:
  caddy_data:
  caddy_config:

networks:
  reverse_proxy:
    external: true

While on the same device, I can use curl localhost:5050 and get the message Client sent an HTTP request to an HTTPS server. which is the same result as if I were using Docker. If I try to access my site through my domain name or local network ip address from an external device, the connection times out.

I didn’t make any changes to my firewall or router’s port forwarding because I expect Rootful Podman Compose to work similar to Docker.

I checked iptables and below are the differences between using Docker and Podman but I don’t really know networking enough to understand what it’s really saying

iptables differences 
sxc-pi:/srv/caddy$ diff ~/iptables-docker ~/iptables-podman 
--- /home/sxc-pi/iptables-docker
+++ /home/sxc-pi/iptables-podman
@@ -31,8 +31,6 @@
 
 Chain DOCKER (2 references)
 target     prot opt source               destination         
-ACCEPT     tcp  --  anywhere             172.18.0.2           tcp dpt:https
-ACCEPT     tcp  --  anywhere             172.18.0.2           tcp dpt:http
 DROP       all  --  anywhere             anywhere            
 DROP       all  --  anywhere             anywhere            
 
@@ -70,15 +68,20 @@
 Chain NETAVARK_FORWARD (1 references)
 target     prot opt source               destination         
 DROP       all  --  anywhere             anywhere             ctstate INVALID
+ACCEPT     all  --  anywhere             10.89.0.0/24         ctstate RELATED,ESTABLISHED
+ACCEPT     all  --  10.89.0.0/24         anywhere            
 
 Chain NETAVARK_INPUT (1 references)
 target     prot opt source               destination         
+ACCEPT     udp  --  10.89.0.0/24         anywhere             udp dpt:domain
+ACCEPT     tcp  --  10.89.0.0/24         anywhere             tcp dpt:domain
 
 Chain NETAVARK_ISOLATION_2 (1 references)
 target     prot opt source               destination         
 
 Chain NETAVARK_ISOLATION_3 (0 references)
 target     prot opt source               destination         
+DROP       all  --  anywhere             anywhere            
 NETAVARK_ISOLATION_2  all  --  anywhere             anywhere            
 
 Chain ufw-after-forward (1 references)

I’ve also rebooted after starting the Podman containers incase there were any iptables issues but that still didn’t help.

I’ve searched what I can but haven’t gotten anything to work or get me closer to finding an answer.

I’m hoping to use Rootless Podman if I can figure this out, if not I have Docker as a fall back plan.

Any help or insight would be appreciated.

  • confusedpuppy@lemmy.dbzer0.comOPEnglish
    3·
    1 day ago

    podman ps shows the following:

    CONTAINER ID  IMAGE                                 COMMAND               CREATED         STATUS         PORTS                                                         NAMES
daae60bdcc65  docker.io/library/caddy-caddy:latest  caddy run --confi...  47 minutes ago  Up 47 minutes  0.0.0.0:80->80/tcp, 0.0.0.0:5050->443/tcp, 2019/tcp, 443/udp  caddy

    netstat -tunpl shows the following:

    Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:5025            0.0.0.0:*               LISTEN      3270/sshd: /usr/sbi 
tcp        0      0 0.0.0.0:5050            0.0.0.0:*               LISTEN      7342/conmon         
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      7342/conmon         
tcp        0      0 10.89.0.1:53            0.0.0.0:*               LISTEN      7336/aardvark-dns   
tcp6       0      0 :::5025                 :::*                    LISTEN      3270/sshd: /usr/sbi 
udp        0      0 10.89.0.1:53            0.0.0.0:*                           7336/aardvark-dns

    The only difference for the netstat command between Docker and Podman is that Podman show’s entries for aardvark-dns and Docker does not which is something I expect.

    • InnerScientist@lemmy.worldEnglish
      2·
      1 day ago

      Disable the firewall if you can to check if that’s the issue, then do a tcpdump using root with the port. Do tcpdump inside the container too and compare what you see to the docker environment.

      Is caddy-caddy really the correct image?

      Try with this command, it’s the minimal setup that works by default (on my machine): podman run -p 0.0.0.0:5050:80 docker.io/library/caddy:latest