This is nice because we do not need to map any host ports to container ports.
Fixes: #63
Depends on: #73
Note, if you want to test these changes in the staging or prod environment, you must make sure you have updated your podman compose to the latest version of our fork because I added one commit that fixes the issue with selinux not being recognized in a verbose mount specification.
If you forget to do this, the symptom is that nginx crashes because it is unable to bind to the unix socket due to EPERM.
Also because the test improvements made curl actually perform ssl cert checking, you may run into it complaining about a hostname mismatch if the ssl certs in your ssl folder are for localhost and you are trying to do testing on staging/prod.
The fix (as a temporary workaround, this will improve after we replace bind mounts with volumes) is to extract the certs that were generated in the file system of the container image (podman image save localhost/singularity_nginx:latest > img.tar extract the tar and find the layer that contains the ssl certs and then extract that layer into the ssl folder tar -xf some_long_hash.tar --strip-components=3 -C /path/to/the/bind/mount/for/ssl/ and then run podman exec singularity_nginx_1 nginx -s reload so it picks up the new certs).
If you forget to do this the symptom is that curl complains that it cannot verify the legitimacy of the server.
This is nice because we do not need to map any host ports to container ports.
Fixes: #63
Depends on: #73
Note, if you want to test these changes in the staging or prod environment, you must make sure you have updated your podman compose to the latest version of our fork because I added one commit that fixes the issue with selinux not being recognized in a verbose mount specification.
If you forget to do this, the symptom is that nginx crashes because it is unable to bind to the unix socket due to EPERM.
Also because the test improvements made curl actually perform ssl cert checking, you may run into it complaining about a hostname mismatch if the ssl certs in your ssl folder are for localhost and you are trying to do testing on staging/prod.
The fix (as a temporary workaround, this will improve after we replace bind mounts with volumes) is to extract the certs that were generated in the file system of the container image (
podman image save localhost/singularity_nginx:latest > img.tarextract the tar and find the layer that contains the ssl certs and then extract that layer into the ssl foldertar -xf some_long_hash.tar --strip-components=3 -C /path/to/the/bind/mount/for/ssl/and then runpodman exec singularity_nginx_1 nginx -s reloadso it picks up the new certs).If you forget to do this the symptom is that curl complains that it cannot verify the legitimacy of the server.