this post was submitted on 03 Feb 2025
21 points (95.7% liked)

Selfhosted

41638 readers
610 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
21
Podman rootless and ufw (lemmy.zip)
submitted 11 hours ago* (last edited 3 hours ago) by [email protected] to c/[email protected]
17 comments fedilink hide all child comments
 

I had to restore my homelab and took the opportunity to move from docker to rootless podman quadlets. Well almost full rootless, I kept pi-hole and caddy at the root level because I did not want to deal with sysctl.

I have everything running but for now I have to disable my firewall. With docker I was using this script: https://github.com/chaifeng/ufw-docker But I’m having a hard time finding an alternative for podman.

Do you know how any scripts that would magically fix podman and ufw? Would it be a better solution for me to manage iptables manually?

My needs are pretty simple as I do not really care if the ports are visible on my private network, I just want to allow specific IPs on port 80 and 443.

Edit: the issue I’m facing is that I’m allowing some specific IPs to access my network, but when I enable ufw the traffic is blocked. I had the same rules using docker and everything was working fine. I can notice that sometimes the traffic goes through and other time it is blocked. Much like with docker when you don’t use the script and the traffic will be blocked or not depending on what wrote the iptables rules last.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 4 hours ago (1 children)

The hardest part for me was to switch from docker compose to quadlets, but there is podlet to help with the conversion.

https://github.com/containers/podlet

[–] [email protected] 1 points 3 hours ago* (last edited 3 hours ago) (1 children)

I stayed with podman compose. Do the quadlets specification have an advantage?

[–] [email protected] 1 points 1 hour ago

If it works for you, there is no reason to switch.

The benefit for me is mostly the systemd integration (e.g. do a simple DB backup before running the container using StartExecPre) & the corresponding unified logging with journalctl. Then there is auto update and boot persistence without having to run an additional process.