Name		Name	Last commit message	Last commit date
parent directory ..
nginx-backend-conf		nginx-backend-conf
nginx-reverse-proxy-conf		nginx-reverse-proxy-conf
README.md		README.md
example6-backend.service.in		example6-backend.service.in
example6-backend.socket.in		example6-backend.socket.in
example6-proxy.service.in		example6-proxy.service.in
example6-proxy.socket		example6-proxy.socket
install.bash		install.bash

README.md

return to main page

Example 6

status: experimental

graph TB

    a1[curl] -.->a2[nginx container reverse proxy]
    a2 -->|"for http&colon;//nginx.example.com"| a4["nginx backend container"]

Containers:

Container image	Type of service	Role	Network	Socket activation	SELinux
docker.io/library/nginx	systemd system service with `User=test6`	HTTP reverse proxy	`--network=none`	✔️	disabled
docker.io/library/nginx	systemd system service with `User=test6`	backend web server	`--network=none`	✔️	enabled

Warning

The container running the proxy is currently configured with--security-opt label=disable which means that SELinux is disabled for that container.

This example is similar to Example 5 but here the backend web server is started with socket activation from a systemd system service with User=test6. No systemd user services are used. All containers are run by rootless podman, which belongs to the user test6.

Requirements

These instructions were tested on Fedora 39 with Podman 4.7.2.

Install instructions

These install instructions will create the new user test6 and install these files:

/etc/systemd/system/example6-proxy.socket
/etc/systemd/system/example6-proxy.service
/etc/systemd/system/example6-backend.socket
/etc/systemd/system/example6-backend.service
/home/test6/nginx-reverse-proxy-conf/nginx-example-com.conf
/home/test6/nginx-reverse-proxy-conf/default.conf
/run/user/1006/backend-socket

(Here assuming 1006 is the UID of test6). The install instructions will also start example6-proxy.socket and example6-backend.socket.

Clone this GitHub repo
```
$ git clone URL
```
Change directory
```
$ cd podman-nginx-socket-activation
```
Choose a username that will be created and used for the test
```
$ user=test6
```

Run install script

$ sudo bash ./examples/example6/install.bash ./ $user

Check the status of the backend socket

$ sudo systemctl is-active example6-backend.socket
active

Check the status of the HTTP reverse proxy socket

$ sudo systemctl is-active example6-proxy.socket
active

Test the nginx reverse proxy

Test the nginx HTTP reverse proxy

$ curl -s --resolve nginx.example.com:80:127.0.0.1 nginx.example.com:80 | head -4
 <!DOCTYPE html>
 <html>
 <head>
 <title>Welcome to nginx!</title>

Result: Success. The nginx reverse proxy fetched the output from the nginx backend.

Discussion about SELinux

To get it to work, --security-opt label=disable was given to the podman run command in example6-proxy.service.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

example6

example6

README.md

Example 6

Requirements

Install instructions

Test the nginx reverse proxy

Discussion about SELinux

Files

example6

Directory actions

More options

Directory actions

More options

Latest commit

History

example6

Folders and files

parent directory

README.md

Example 6

Requirements

Install instructions

Test the nginx reverse proxy

Discussion about SELinux