eriksjolund
commented
2 months ago Yes, using firewall-cmd should also be possible. I tried it out on Fedora 40 computer. It worked when I connected from another computer. I did this as a quick test a few days ago but I plan to try it out once more and properly write down the steps.
Side note:
Here is another alternative to adjusting net.ipv4.ip_unprivileged_port_start that might work:
Running rootless podman in a systemd system service configured with the systemd directive User=
I wrote some examples for nginx:
https://github.com/eriksjolund/podman-nginx-socket-activation/blob/main/examples/example3 https://github.com/eriksjolund/podman-nginx-socket-activation/blob/main/examples/example4 https://github.com/eriksjolund/podman-nginx-socket-activation/blob/main/examples/example5 https://github.com/eriksjolund/podman-nginx-socket-activation/blob/main/examples/example6
I just tried it out quickly and it seems to work, but I marked the examples as being experimental
because I don't think the Podman core developers support the use of
rootless podman in a systemd system service configured with the systemd directive User=
I haven't tried using User= with traefik yet.
Nice write up by the way.
Any thoughts on using firewalld to port-forward to the container port. eg
firewall-cmd --add-forward-port=port=80:proto=tcp:toport=8080instead of settingnet.ipv4.ip_unprivileged_port_start?It seems to work nicely for me.