I keep reading about podman, yet it doesm’t FEEL as mature to me as docker for a normal user like me. What’s your opinion? Did you already switch or do you keep waiting for … for what? When will you switch?
I keep reading about podman, yet it doesm’t FEEL as mature to me as docker for a normal user like me. What’s your opinion? Did you already switch or do you keep waiting for … for what? When will you switch?
You technically can bind ports <1024 to unprivileged containers.
echo 'net.ipv4.ip_unprivileged_port_start=0' | sudo tee /etc/sysctl.d/50-unprivileged-ports.conf; sudo sysctl --system. Though this will allow any user to bind ports below 1024, so it’s not very clean.Another workaround is to redirect port 80 to 8080 (or other) through iptables and have your proxy listen on this port.
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080. Same thing for 443.As far as I know granting the
CAP_NET_BIND_SERVICEcapability to/usr/bin/podmandoes not work.Also podman-compose implementation is still incomplete, and I prefer using systemd units to start and manage containers. Check
man podman-generate-systemd