Dear Community, I wanted to share a personal update. I’ve recently transitioned into hospice care and, as a result, will be slowing down the development of this project. While I’m grateful for the ...
This is a quite popular repo of scripts used by the selfhosting community, so I think it's worth sharing it here. It's unfortunately saddening news related to tteck's health. I wish him the best, and that he enjoys his well deserved rest in peace.
> Dear Community, > > I wanted to share a personal update. I’ve recently transitioned into hospice care and, as a result, will be slowing down the development of this project. While I’m grateful for the progress we’ve made together, I recognize that I’ll be taking a step back for some rest and reflection during this time. > > Thank you for your continued support, encouragement, and understanding. Your dedication to the community and this project means the world to me, and I am grateful for each of you. > > Warm regards, > > tteck/tteckster
Not really, in theory all you need is that environment flag to set the socket up. I would guess it would work with NPM if it respects it. I ended up with a custom built image originally to fix nameserver detection with named networks in Podman, and then expanded it with some sane defaults.
I do enjoy administering my containers through systemd but it's indeed an inconvenience if you want a more straightforward solution. Arguably using rootless Podman is already a major inconvenience, since you always hit some quirk or need to patch something up because images assume rootful Docker, so I don't mind going an extra mile to have everything set up as quadlets. I do consider using LXC every now and then for certain things just to make it easier in the long run, as matter of fact, I'm still pondering if I shouldn't just create an unprivileged LXC container for the reverse proxy instead of dealing with this (although it has been working mostly great so far).
I've solved this on my side with socket activation, which besides giving out the real IP, also has native network performance since it fully skips slirp4netns. You could even set nginx's network to none, but since I also use named networks for internal container DNS, so I kept network set.
I've built my own Nginx image and I'm using Quadlets instead of Compose, so my config is as easy as it gets, the socket file is something like this:
[Unit]
Description=container-nginx
[Socket]
BindIPv6Only=both
ListenStream=443
[Install]
WantedBy=sockets.target
And the quadlet file for NGINX goes like this for me:
[Unit]
Description=Web serving, reverse proxying, caching, load balancing, media streaming, and more.
Requires=nginx.socket
After=nginx.socket
[Container]
Image=localhost/nginx:latest
AutoUpdate=local
Volume=/data/containers/nginx/conf.d:/etc/nginx/conf.d:Z
Volume=/data/containers/nginx/certs:/certs:Z
Network=services.network
# Socket for systemd
Environment="NGINX=3;"
[Service]
Restart=always
If you check the socket activation link, there are a few other examples, but IMO that's the easiest setup out of the 5 examples. You could move NGINX out of the compose setup for easiness or adapt examples 3 to 6 (which invoke podman manually). That said, I wanted to use Caddy for easier certificate management, but it doesn't support socket activation, so this setup kinda hardlocked me to NGINX.