Example 1 fails on Fedora CoreOS

[didn0t]

Thanks for the great write up.

I am using Fedora Core OS but found step 20( connecting remotely) doesn't work. It looks like Firewalld is blocking the remote connection, disabling firewalld allows this to work.

What is the correct was to get podman/firewalld to correctly allow the socket ports to be accessible externally?

[eriksjolund]

Thanks, for bringing up this topic. I opened a PR https://github.com/eriksjolund/podman-traefik-socket-activation/pull/12 for clarification.

Some more explanation: In Example 1, podman is running as rootless podman so it does not have enough permissions to modify the firewall on the host. The systemd user manager (/usr/lib/systemd/systemdsystemd --user) creates the listening socket and then executes podman run .... Both of these programs are running as the the user test.

For example

$ ps axuw | grep "systemd --user" | grep test
test       1128  0.0  0.3  31672 14312 ?        Ss   Nov20   0:00 /usr/lib/systemd/systemd --user

[eriksjolund]

Instead of disabling firewalld you could also open up specific ports.

For example the command firewall-cmd takes the argument --add-port=80/tcp

For more details, check out https://docs.fedoraproject.org/en-US/quick-docs/firewalld/