Ah I think you may have solved part of the problem. I tried to use a network and have container name resolution but it failed. That’s why I went with pods and publish ports directly to the host.
I will try to use a dedicated network with DNS on, thanks!
I wanted to do something similar. But I grouped some containers using pods and it seems it broke the networking.
Eventually I kept the pods, and exposed everything to the host where caddy can meet the services there. Not the cleanest way, especially as my firewall is turned off.
I switched at work because of the license changes docker did. I noticed that for my work workflow, podman was a direct remplacement of docker.
For my homelab, I wanted to experiment with rootless and I also prefer to have my services handled by systemd. Also I really like the built-in auto update from podman
Yes maybe, I will edit my post to better explain the issue I’m facing.
I’m using pasta. I can see some weird, for instance some services can access other through host.containers.internal and for others, I have to use 192.168.1.x
Mainly Immich, paperless and jellyfin
I should have clarified this. It does not open the ports, but I have setup my firewall to allow a range of IP and the traffic is still blocked.
I have noticed some inconsistency in the behavior, where the traffic would sometimes work upon ufw activation but never work upon reboot. Knowing how docker works, I thought podman would also mess with the firewall. But maybe the issue comes from something else.
I have been using frp to expose one port of my private server to the public one. Then on the public server, I’m using nginx as reverse proxy to enable https.
This works great for my use case. Regarding security, if the application has a vulnerability, it is still an open door to your private server. My app runs on rootless podman, so only the container and the data it contains would be compromised.