Podman

106 readers
2 users here now

founded 1 year ago
MODERATORS
1
 
 

Hi everyone! I want to be able to access a (fuse-type) cloud drive mounted inside a container as the binary is proprietary and I do not want to mount it on the host for security and privacy purposes. I have tried to quickly spin a podman container and bind the folder that corresponds with the drive with the rshared flag but the folder appears to be empty on the host while inside the container it works just fine.

I am running the following commands:

$ podman unshare mount --make-shared --bind /clouddrive /clouddrive
$ podman run -i -t --cap-add=sys_admin --network host \
	--security-opt label=type:container_runtime_t \
	-v /cloudbinary:/bin/cloudbinary:ro \
	-v /clouddrive:/clouddrive:shared \
	--device /dev/fuse:/dev/fuse \
	-v /bin:/bin:ro \
	-v /lib64:/lib64:ro \
	--privileged --name=name image /bin/bash

Inside the rootless container I run:

# cloudbinary login username
<enter password>
<successful login>
# ls /clouddrive
file1 file2 file3

But on the host /clouddrive is empty:

$ ls /clouddrive
<nothing>

Running findmnt -o TARGET,PROPAGATION /clouddrive inside the container yields:

TARGET      PROPAGATION
/clouddrive shared,slave

Running findmnt -o TARGET,PROPAGATION /clouddrive on the host yields:

TARGET      PROPAGATION
/clouddrive shared,slave

I have almost no prior experience with podman but I read something about how a rootless container might not work because the user and group owning the folder is not the right one. Does anybody have an idea on how to fix this? Thank you.

Update: It seems the cloud binary is unmounting any drive with the same name at startup and mounting it's own drive. Would that be a problem? Running findmnt still shows shared but the slave label has disappeared after the binary mounts it's own drive. Is there anyway to "reshare" it at runtime/dynamically?

2
 
 

cross-posted from: https://discuss.tchncs.de/post/22760959

Hello,

I have two Podman containers. One container that contains Linkstack and another container for the Nginx Proxy Manager. Now I want the Nginx Proxy Manager to retrieve the website from the Linkstack container. Unfortunately this does not work.

I integrate the two containers in a network. I realize this with podman-compose.

First, I created the network with "podman network create n_webservice".

Compose.yaml

services: NGINXPM: networks: - n_webservice container_name: NGINXPM volumes: - /home/fan/pod_volume/npm/data/:/data/ - /home/fan/pod_volume/npm/letsencrypt/:/etc/letsencrypt ports: - 8080:80 - 4433:443 - 9446:81 image: docker.io/jc21/nginx-proxy-manager:latest linkstack: networks: - n_webservice container_name: linkstack ports: - 4430:80 image: docker.io/linkstackorg/linkstack networks: n_webservice: external: n_webservice

I have tried everything possible in the Nginx Proxy Manager with the entry, but unfortunately I can't get any further. The destinations http://linkstack:4430 and http://127.0.0.1:4430 are not working.

Can someone please help me how I can access the linkstack container from the NGINXPM container?

3
4
 
 

I am trying to create a podman compose of NGINX and PHP:FPM. I was able to get NGINX to work on its own using the docker.io./bitnami/nginx image. I gotten close I believe to getting the PHP:FPM to work also but due to an issue with NGINX not cooperating with the PHP:FPM.

In the logs of the NGINX container, I get this error every time I load localhost:8080 in the browser...

10.89.4.2 - - [24/Jul/2024:20:18:35 +0000] "GET / HTTP/1.1" 404 47 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0" "-"
2024/07/24 20:18:35 [error] 44#44: *1 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 10.89.4.2, server: localhost, request: "GET / HTTP/1.1", upstream: "fastcgi://10.89.4.3:9000", host: "localhost:8080"

And when I load localhost:8080 in the browser, it displays a blank page which says "File not found.".

I am using podman 5.1.2 on Linux Mint 21.3. My goal is to simply NGINX and PHP to work, to be able to have a web server that can use PHP.

Any advice would be most appreciated.


Directory structure

nginx-php/
   compose.yml
   nginx.conf
   php.dockerfile
   php.ini
   www/
      public/

compose.yml

version: '3'
networks:
    app-tier:
        driver: bridge
services:
    nginx:
        image: docker.io/bitnami/nginx
        volumes:
            - ./nginx.conf:/opt/bitnami/nginx/conf/server_blocks/my_server_block.conf:ro
            - .:/app/
        networks:
            - app-tier
        ports:
            - 8080:8080
    php:
        build:
            context: .
            dockerfile: php.dockerfile
        volumes:
            - .:/app/
        networks:
            - app-tier

nginx.conf

server {
    server_name localhost;
    listen 0.0.0.0:8080;
    
    root /app/www/public;

    index index.php index.html index.htm;
    autoindex on;

    location / {
        try_files $uri $uri/index.php;
    }

    location ~ \.php$ {
        fastcgi_pass php:9000;
        fastcgi_index index.php;
        include fastcgi.conf;
    }
}

php.dockerfile (Will like to get debugging and databases to work later on...)

FROM docker.io/bitnami/php-fpm

# Install xdebug for nicer error messages and debugging
# RUN pecl install xdebug
# RUN docker-php-ext-enable xdebug

# Install mysqli
# RUN docker-php-ext-install mysqli
# RUN docker-php-ext-enable mysqli

# Install PDO
# RUN docker-php-ext-install pdo pdo_mysql

php.ini (Will like to get debugging and databases to work later on...)

[PHP]

extension=mysqli
extension=pdo_mysql


; xdebug settings for debugging
zend_extension=xdebug
xdebug.start_with_request = yes
xdebug.client_host=xdebug://gateway

5
 
 

I am unable to get the VSCode debugger to work with PHP running in a podman container. I was able to set this up using Docker by following these steps...

  1. Create php.dockerfile (Dockerfile)
  2. Create php.ini
  3. Add VSCode debugging launch configuration to VSCode settings.json
  4. Create container in Docker
  5. Start container
  6. Open workspace folder of the PHP script in VSCode
  7. Add breakpoints in the PHP script in VSCode
  8. Start Debugger in VSCode
  9. Run PHP script in docker container which will trigger the debugger in VSCode

I believe it is due to some networking setup with Podman which requires additional configuring for the debugger attach itself to the PHP script in the Podman container.

Any help will be most appreciated.

Dockerfile php.dockerfile

FROM docker.io/php:cli

# Install xdebug for nicer error messages
RUN pecl install xdebug
RUN docker-php-ext-enable xdebug

php.ini

[PHP]

; xdebug settings for debugging
zend_extension=xdebug
xdebug.mode=debug
xdebug.client_host=xdebug://gateway

VSCode debugger launch config...

"launch": {
        "configurations": [
            {
                "name": "PHP (Container): Terminal",
                "type": "php",
                "request": "launch",
                "pathMappings": {
                    "/usr/src/app/": "${workspaceFolder}"
                }
            }
        ]
    },

Terminal commands to set this all up and run the script

$ docker image build -t my-php-image -f php.dockerfile .
$ docker container create --name my-container -v ./app/:/usr/src/app/ -v .:/usr/local/etc/php/ -w /usr/src/app/ -it my-php-image
$ docker container start my-container
$ docker container exec -it my-container php -d xdebug.start_with_request=yes test.php
6
7
8
9
10
11
 
 

Is it possible to run a alpine image to run an executable that is inside a volume without creating a new image? In Podman Desktop, I placed the following values in these fields when running the alpine image into a new container.

Command

/bin/sh -c /server/application

Volumes

~/Documents/server-data:/server

Ports

8080:8080

However I always get this error in my container logs. I think it could be due to the fact the container does not have permission to execute /server/application?

/bin/sh: /server/application: not found

12
 
 

Is there way on windows to add an alias for commands in powershell and command prompt?

I want to make it so when I enter docker it will execute podman

I was able to achieve this easily on Linux to were I can always enter docker and it will execute podman, even if I closed the terminal window or rebooted my machine. It was a permanent alias redirect, not a temporary one.

Can this be done on Windows for powershell and command prompt?

13
 
 

In order for me to get Podman to run on windows, I need to enter podman machine start in powershell every time I boot up Windows. Is there a way to have podman running and ready to go when I boot into Windows?