densiper
commented
2 weeks ago I have the same issue.
[devnet@dev ~]$ systemd-socket-activate -l 80 -l 81 -l 443 podman run --rm -it -e "NGINX=3:4:5;" jc21/nginx-proxy-manager:2 Listening on [::]:80 as 3. Listening on [::]:81 as 4. Listening on [::]:443 as 5. Communication attempt on fd 3. Execing podman (podman run --rm -it -e NGINX=3:4:5; jc21/nginx-proxy-manager:2) s6-linux-init: fatal: unable to read from fd 3: Socket not connected [devnet@dev ~]$
It's related to s6-linux-init source code. https://github.com/skarnet/s6-linux-init/blob/af9c36d379c9c71c4111cc15545f0938cca8e68e/src/init/s6-linux-init.c#L202-L220
skarnet
Is your feature request related to a problem? Please describe. Client IP addresses are not accessible by Nginx and therefore other containers
When using rootless podman, client IP addresses get rewritten to the internal container IP. There is no workaround other than using host networking, or using another option that is incompatible with container networks.
Describe the solution you'd like Podman supports a feature where a systemd socket is forwarded to a container, which fixes this issue and also reduces overhead since the requests don't have to be processed by slirp4netns.
Nginx already has support for this by setting an Env variable
NGINX=3;. Example 1 demonstates how to. When using Nginx PM, this variable gets passed down to Nginx. However, an error occurs:fd 3: Socket not connectedI don't have enough experience to troubleshoot, but perhaps NPM is not passing the socket to Nginx.Describe alternatives you've considered Podman 5 supports a new networking stack called Pasta which apparently can pass the real IP, however it will take a considerable time until most distributions ship it. As mentioned, other workarounds either break user networks, or require network-mode host alltogether.
Additional context Podman socket activation nginx documentation