MicroOS Podman container

[Mirronth]

Hello Guys,

I'm trying to move away from Windows as I won't get security updates anymore next year. My chosen OS is openSUSE MicroOS, at the moment I'm trying to figure out as a VM.

I managed to set up Jellyfin via Podman, locally it is working fine, systemd configuration too.. I set up Caddy in the same way as on Windows, but when I'd like to connect to my Jellyfin via HTTPS, getting connection timed out.

This is my current setup:

podman network create server
 
podman create --replace \
  --label "io.containers.autoupdate=registry" \
  --name jellyfin \
  --publish 8096:8096/tcp \
  --network server \
  --user $(id -u server):$(id -g server) \
  --group-add=$(getent group render | cut -d: -f3) \
  --device /dev/dri/renderD128:/dev/dri/renderD128:rwm \
  --volume jellyfin-cache:/cache:Z \
  --volume jellyfin-config:/config:Z \
  --mount type=bind,source=/var/my_data/home/server/jellyfin/media,destination=/media,ro=true,relabel=private \
  docker.io/jellyfin/jellyfin:latest

podman create --replace \
  --label "io.containers.autoupdate=registry" \
  --name caddy \
  --publish 80:80/tcp \
  --publish 443:443/tcp \
  --network server \
  --user 0:0 \
  --volume /var/my_data/home/server/caddy/Caddyfile:/etc/caddy/Caddyfile:Z \
  --volume /var/my_data/home/server/caddy/caddy_data:/data:Z \
  docker.io/serfriz/caddy-duckdns:latest

Ports are allowed for Podman from port 80 via net.ipv4.ip_unprivileged_port_start=80

On my router, ports are forwarded 80, 443, 2019 (not modified these, had the same on Windows)

My Caddyfile:

myhost.duckdns.org {
  reverse_proxy 0.0.0.0:8096
  tls {
    dns duckdns mytoken
  }
}

DuckDNS script is configured based on the installation guide from their website and it is working.

semanage port -l | grep http
http_port_t                    tcp      2019, 80, 81, 443, 488, 8008, 8009, 8443, 9000


podman logs caddy

{"level":"info","ts":1709992788.8414624,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1709992788.8452077,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":4}
{"level":"info","ts":1709992788.846745,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1709992788.8470774,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1709992788.847094,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"info","ts":1709992788.8476772,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
{"level":"info","ts":1709992788.8478417,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/...ffer-Sizes for details."}
{"level":"info","ts":1709992788.8480594,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
{"level":"info","ts":1709992788.8481236,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000040a80"}
{"level":"info","ts":1709992788.8481276,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
{"level":"info","ts":1709992788.848143,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["myhost.duckdns.org"]}
{"level":"info","ts":1709992788.849524,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1709992788.8495479,"msg":"serving initial configuration"}
{"level":"warn","ts":1709992788.8540523,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/data/caddy","instance":"2d238845-a3d0-45b8-acc3-f1a50bdb93f0","try_again":1710079188.8540483,"try_again_in":86399.999999469}
{"level":"info","ts":1709992788.8542216,"logger":"tls","msg":"finished cleaning storage units"}


I really like the idea of MicroOS, so please if someone can help, I'd appreciate!

[TheDreadPirate]

Since both are in containers, which I'm assuming wasn't the case with Windows, your Caddy file needs to use the container IP for Jellyfin instead of 0.0.0.0.

[Mirronth]

I recreated everything, included the IP in the configuration:

podman create --replace \
  --label "io.containers.autoupdate=registry" \
  --name jellyfin \
  --publish 192.168.0.98:8096:8096/tcp \
  --network server \
  --user $(id -u server):$(id -g server) \
  --group-add=$(getent group render | cut -d: -f3) \
  --device /dev/dri/renderD128:/dev/dri/renderD128:rwm \
  --volume jellyfin-cache:/cache:Z \
  --volume jellyfin-config:/config:Z \
  --mount type=bind,source=/var/my_data/home/server/jellyfin/media,destination=/media,ro=true,relabel=private \
  docker.io/jellyfin/jellyfin:latest


podman create --replace \
  --label "io.containers.autoupdate=registry" \
  --name caddy \
  --publish 192.168.0.98:80:80/tcp \
  --publish 192.168.0.98:443:443/tcp \
  --network server \
  --user 0:0 \
  --volume /var/my_data/home/server/caddy/Caddyfile:/etc/caddy/Caddyfile:Z \
  --volume /var/my_data/home/server/caddy/caddy_data:/data:Z \
  docker.io/serfriz/caddy-duckdns:latest

podman ps
CONTAINER ID  IMAGE                                  COMMAND              CREATED        STATUS                  PORTS                                              NAMES
cca2e1a54fe6  docker.io/jellyfin/jellyfin:latest                            20 seconds ago  Up 2 seconds (starting)  192.168.0.98:8096->8096/tcp                        jellyfin
1b0b7f7fa306  docker.io/serfriz/caddy-duckdns:latest  caddy run --confi...  12 seconds ago  Up 8 seconds            192.168.0.98:80->80/tcp, 192.168.0.98:443->443/tcp  caddy


myhost.duckdns.org {
reverse_proxy 192.168.0.98:8096
    tls {
dns duckdns MYTOKEN
    }
}


Locally it is working, but when I try to reach it via https://myhost.duckdns.org/, just loading and eventually the connection time out:
I'm probably missing something with Caddy.

cat /etc/sysctl.conf
net.ipv4.ip_unprivileged_port_start=80

cat duck.log
OK

firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=8096/tcp --permanent
firewall-cmd --reload

[Mirronth]

Nevermind. Somehow I managed to make it work. I'll try to start from scratch again to see if it is working again.

Thank you for the suggestions!