Podman Rootless Containers

Here are the commands used in the video Podman Rootless Containers video.

Install Podman.

dnf install podman

I recommend installing the container-management group.

dnf group install container-management

For further installation instructions go here: https://podman.io/docs/installation 

Enable the Podman service.

systemctl enable --now podman.service

Verify that everything is running.

systemctl status podman.service

Let's setup the persistent storage directory.

mkdir nginx-data

podman unshare chown -R 101:101

nginx-data/ sudo semanage fcontext -a -t httpd_sys_content_t "/home/stranger-things/nginx-data(/.*)?"

Create an index.html file in the nginx-data directory with whatever you want but this is what I used in the video.

<h1 style="text-align: center;">Linux.ninja</h1>

Create the container.

podman run -d —name web -p 9000:80 -v /home/stranger-things/nginx-data:/usr/share/nginx/html:Z nginx

Verify that it's running.

podman ps

If that doesn't show anything, then something failed

let's check with podman ps -a

Now for the systemd part.

loginctl show-user stranger-things

Check to see if linger is enabled or not.

If not, let's enable it.

loginctl enable-linger stranger-things

Create the necessary directories needed.

mkdir - ~/.config/systemd/user && cd ~/.config/systemd/user

Generate the systemd file.

podman generate systemd --name web --files --new

Reload the systemd manager configuration.

systemctl --user daemon-reload

Enable the systemd service we created.

systemct --user enable web.service

(requires linger and change out the name for whatever your --name parameter was.)

systemctl --user start web.service

systemctl --user commands only work when logging in on console or SSH and do not work in sudo and su sessions.

NGINX reverse proxy setup for non-privileged ports.

sudo dnf install nginx

sudo systemctl enable --now nginx.service

sudo firewall-cmd --add-service=http --permanent

sudo firewall-cmd --reload

setsebool -P httpd_can_network_relay 1

My web.conf for nginx. Change out all IP's for whatever you are using.

server {

listen 80;

server_name 192.168.1.143;

location / {

proxy_pass http://192.168.1.143:9000;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

}

}