0

So I have a docker network named home that all of my root-based (or docker containers that were simply too hard to port to podman) containers live.

sudo docker network ls
NETWORK ID     NAME                 DRIVER    SCOPE
9d5788b45048   bridge               bridge    local
b1f4756feab4   home                 bridge    local
5d7ee6579f19   host                 host      local
8678a773e2f2   none                 null      local

And, for podman, I have a very similar configuration.

podman network ls
NETWORK ID    NAME        DRIVER
8b17ae3d5d67  home        bridge  
2f259bab93aa  podman      bridge

The problem? Well, it turns out that my name resolution for containers doesn't work within one network to another. So, for example, I have nginx-proxy-manager running on podman and I want to redirect http://domain/freshrss to the freshrss service by specifying freshrss and the associated port number. This doesn't work, and that makes sense to me as the docker network and the podman network are fundamentally detached from one another.

So my question is simple: Is there some way to treat these two networks as one network by bridging them together without hurting the sanctity of individualized network configurations? Alternatively, is there some way for me to get around this communication issue without having to respecify the domain name in the forward name and port? For example, I thought forwarding to 127.0.0.1:<freshrss port> would work as it would go to the host, and then connect to the appropriate port but that didn't work.

docker/podman compose tailored answers are welcome as that's how I'm configuring my services.

Improve this question
0

1 Answer 1

Reset to default
1

For example, I thought forwarding to 127.0.0.1: would work as it would go to the host,

127.0.0.1, inside a container, always means "this container" (unless you're running in host network mode). If you want to reference a port that is published on the host, then you need to use an ip address assigned to one of your host interfaces. You can use the magic hostname host.docker.internal in many cases to refer to your host; in recent versions of Podman this is available by default, and in Docker it's available if (a) you're using Docker Desktop on Windows or MacOS, or (b) you're on Linux and you include --add-host host.docker.internal:host-gateway on your docker run command line.

That means that if you run a container like this:

docker run -d --name myservice -p 8888:8888 myservice:latest

Then from a podman or docker container you can access the service like this:

curl http://host.docker.internal:8888

There's no easy way to get name resolution working between the two environments.

The easiest solution is to just pick one of podman or docker. It's not clear from your question why you're using both. Note that docker compose will work just fine with Podman as your container engine if you enable the docker compatibility API.

Here we're enabling the podman user (non-root) socket and setting up a docker context that points to the socket:

$ systemctl --user enable podman.socket

We can point the DOCKER_HOST environment variable at the podman socket:

$ export DOCKER_HOST=unix:///run/user/$UID/podman/podman.sock

And now docker commands will interact with podman. E.g.:

$ docker compose up -d
[+] Running 2/2
 ✔ Network example_default  Created                                                                                                        0.0s
 ✔ Container example-web-1  Started                                                                                                        0.4s
$ podman ps
CONTAINER ID  IMAGE                            COMMAND     CREATED        STATUS        PORTS                           NAMES
5657fc3dde19  docker.io/traefik/whoami:latest              8 seconds ago  Up 9 seconds  0.0.0.0:8888->8888/tcp, 80/tcp  example-web-1

The docker context command lets you create named configurations that refer to different remote sockets. We can create a podman-user context like this:

docker context create podman-user --docker host=unix:///run/user/$UID/podman/podman.sock

If we activate the context:

docker context use podman-user

All subsequent Docker commands will operate against the podman socket. You can then docker context use default to switch back to the default context that connects to your local Docker daemon.

Improve this answer
3
  • Letting you know that your answer is right though it seems like the podman url recommendation is host.containers.internal, which is compatible with host.docker.internal it seems so both should be interchangable. As for why use both: I've been having major permission denied errors on CoreOS for some containers. Trying to fix those containers has been a long and arduous process. Some work as expected while others are not working at all. For example, a simple command like: podman run --rm docker.io/curlimages/curl -v host.containers.internal:2040 gives permission denied errors. Commented Nov 22, 2024 at 22:05
  • Cont: I've tried doing all sort of secure linux corrections but at this point I'm not sure if that's actually the root of the problem anymore. Something like the above should work perfectly fine as it doesn't really have any volumes or anything to manage, so it's probably worth asking as a separate question. Commented Nov 22, 2024 at 22:09
  • @TheYokai With Podman 5.3.0, both host.docker.internal and host.containers.internal are provided by Podman. I chose the first because it is compatible with both Podman and Docker environments. Commented Nov 22, 2024 at 22:46

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.