Question 1: not root user cannot create a nginx application with a port number of 80?
Podman can not create containers that bind to ports < 1024.
Non priv users are not allowed to bind to ports < 1024, so this requires root.
So I can only create nginx under root? And I also need PHP and mariadb to support my site, I've tried to reference PHP in nginx's configuration file:
location ~ \.php(.*)$ {
fastcgi_pass php:9000;
...
}
Check with nginx -t and report an error:
nginx: [emerg] host not found in upstream "php" in ...
But docker works that way
What should I do?
The docker daemon, running with root privileges, manages networks on a system level. It creates extra networks, in which the docker containers have an ip address, and connects the host to these networks.
As far as I can tell, a rootless podman process creates those networks as well, but can't connect the host to these internal podman networks, as it doesn't have sufficient privileges.
But rootless podman can map the ports of containers to ports > 1024, because this doesn't require root privileges.
My workaround:
This way, the web application can run in a rootless container and still be accessible on a standard port like 80 or 443. And with nginx as a reverse proxy, you can even manage Let's Encrypt certificates at a central point.
Note: in step 1, you have to specify a port mapping in your podman command. Something like podman run -p 127.0.0.1:8090:80 image.
And for completeness, my nginx config looks similar to this:
server {
server_name example.org;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
#try_files $uri $uri/ =404;
proxy_pass http://127.0.0.1:8090/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}