Skip to content

Instantly share code, notes, and snippets.

@siwonpawel

siwonpawel/traefik_podman.md

Created April 15, 2023 15:19
Show Gist options
  • Save siwonpawel/795b7e3297bf2a2307b6d8efafdcb6d2 to your computer and use it in GitHub Desktop.
Save siwonpawel/795b7e3297bf2a2307b6d8efafdcb6d2 to your computer and use it in GitHub Desktop.
Download ZIP
How to run traefik with podman
Raw
traefik_podman.md

Setup traefik proxy with Podman

This document is a step-by-step documentation for running Traefik proxy with Podman.

Presequisets

  • installed Podman and podman-compose
  • Insomnia, Postman or curl for testing
  • verify you are able to run containers with command podman run hello-world

Admin actions

Enabling unprivileged users to bind into port 80
echo 'net.ipv4.ip_unprivileged_port_start=80' >> /etc/sysctl.conf
sysctl -p

Allow HTTP and HTTPS connections

firewall-cmd --add-service={http,https} --permanent
firewall-cmd --reload
Creating new user for publicly exposed containers

Open terminal as root user:

useradd containers
passwd containers
Allow containers user to run services after logout
loginctl enable-linger containers

Actions from containers user

Enable podman.socket service
systemctl --user enable --now podman.socket

This creates a podman socket in /run/user/$(UID)/podman/podman.sock. Please execute echo /run/user/$(UID)/podman/podman.sock in terminal because UID may be different for your account and $(UID) is not supported in docker-compose.yaml files.

docker-compose.yaml
version: '3'

services:
  reverse-proxy:
    image: traefik:latest
    container_name: reverse-proxy
    restart: always
    security_opt:
      - label=type:container_runtime_t
    ports:
      - 80:80
      - 443:443
      - 8080:8080
    volumes:
      - /run/user/1001/podman/podman.sock:/var/run/docker.sock:z
    command:
      - "--api.insecure=true"
      - --providers.docker=true
      - "--entrypoints.web.address=:80"

  whoami:
    image: "traefik/whoami"
    container_name: "simple-service"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.rule=Host(`whoami.localhost`)"
      - "traefik.http.routers.whoami.entrypoints=web"

This file should be accessible by containers user. To run this execute podman-compose up in location where this file is saved.

Testing with Insomnia

Paste this request into insomnia:

curl --request GET \
  --url http://<IP_ADDR>/ \
  --header 'Host: whoami.localhost'

Replace <IP_ADDR> with destination IP. Header Host is part of routing and needs to be matched - check docker-compose file to figure this out. More information can be found on traefik documentation.

Response should be similar to:

Hostname: 2a9488671a64
IP: 127.0.0.1
IP: ::1
IP: 10.89.0.47
IP: fe80::286b:3cff:fe1c:56a
RemoteAddr: 10.89.0.46:60428
GET / HTTP/1.1
Host: whoami.localhost
User-Agent: insomnia/2023.1.0
Accept: */*
Accept-Encoding: gzip
X-Forwarded-For: 10.89.0.46
X-Forwarded-Host: whoami.localhost
X-Forwarded-Port: 80
X-Forwarded-Proto: http
X-Forwarded-Server: cf51ff1ac7fa
X-Real-Ip: 10.89.0.46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment