I changed my server setup from docker to podman after upgrading to the new Debian 11. There podman is included in the stable release. But there is an better solution instead of using podman-compose (I had some really annoying bugs using it). There is an additional package in the unstable packe repository named "podman-docker". This package implements the docker socket and translates all commands to podman. So there's the possibility to use the normal docker-compose (apt install docker-compose / pip3 install docker-compose) and things like portainer where the docker socket is needed for.
One alternative you can do is to enable ufw to stop any connection from being able to access cockpit directly. ufw allow ssh (don't lock yourself out). ufw allow 80 ufw allow 443 ufw enable
I just watched couple of your videos, really good quality stuff. One thing strucks me though in every video. Since I used to be Ubuntu maintainer, my ears are bleeding when I hear how you pronounce Ubuntu ;)
Overall super informative. I actually came here just to learn a bit about podman but really stayed for NGINX Proxy Manager. Turns out I was already also looking for something similar and it was nice seeing a quick preview of that in action. That said… 20:47 😳 Blank screen! What happened there? I even saw you tried to reload but nothing happened.
Thanks mate! For some reason it was sometimes showing me a blank screen for some time until the self signed certs are created. That took a few minutes 😀
@@christianlempa Ah, yikes. Seems like a bug on their end! Overall it seems like it works so that’s ultimately all that matters (at least for this use case, heh). Thanks for the demo!
Will you do a full podman for beginners from scratch course? Do you know if there is one on youtube which you would recommend ? There are many for docker but any video I found about podman were mostly either conference keynote, or someone just comparing podman with docker .
Thank you for the suggestion! But I probably won't do it, because I've done many videos on Docker. I'm also preparing a new Docker Beginner Guide for next week, that will come out. So that should cover anything to get started with containers, Podman is really just another implementation that's very similar to Docker. So I think the videos should cover it. .. hopefully.
Thank you for sharing your time and expertise with us. Everything was going well until I executed the "podman-compose up -d" command. Tons of error referring to CNI versions and the like. I wonder if it has anything to do with the fact that I am running an Ubuntu VM in Proxmox. Oh well, back to the drawing board.
@19:10 - can you show how to secure portainer & npm using this way ??? also can you not allow external ports on the containers, let user access containers via npm only, not via direct ip-address, or ports.
amazing tutorial! im currently testing podman in rocky linux 8.4 and i have to say, when installing docker in rockylinux, it installs podman instead... good thing there are tutorials for that eheh
i'd rather would use pipx install podman-compose than pip3. Less hassle with the error "external-managed-environment" and pipx does write the path automatically into .bashrc
from another video I read this comment: keep in mind that containers created via docker-compose are not completely native to podman. because of this, it is not possible to create self-sufficient units for systemd and, accordingly, auto-update images will not work. so I would still use podman-compose
Was looking for a tutorial to get up and running with podman running under Redhat 8. I used these commands to get up and running: sudo yum install cockpit sudo systemctl enable --now cockpit.socket sudo yum module enable -y container-tools:rhel8 sudo yum module install -y container-tools:rhel8 podman info sudo yum -y install python3 python3-pip python3-devel pip3 install --user podman-compose Especially the last command will result in permission errors if you don't use --user when installing the podman-compose
I have a big issue with Podman - the inability to modify already created pod. If I want to add a new path to my Jellyfin server, why do I have to create the pod from scratch? Also those arrogant responses on Github when this feature is requested are enough to just don't care about Podman. Arrogant parts of the community are currently the biggest issue of a Linux community. So far the best implementation of container deployment (Docker in this case) for a home lab is in Unraid. There is nothing that comes close to that in terms of ease of use. Being able to manage everything about Docker in a GUI, which actualy works (looking at you TruNAS Scale) is amazing. Nothing stops you from using a terminal, but having choices is actually a good thing.
@@christianlempa Installed it yesterday on a Netcup Root just by using ur documentation. It works fine but i am missing the -restart=always option docker has.
Thank you for the tutorial. I tried it out on Debian 11 and encountered many problems… it doesn't feel to be a good solution. First, podman compose wouldn't run with installed podman version so I had to upgrade podman to 3.4 which was not that easy because conflicts with dependencies. I was able to fix that after a while. And now, containers are starting without problems, but the app container can't communicate with the database container. I never had this problems using docker. This is very annoying and all is very unstable. Now I'm thinking about creating all containers manually… because this is working, I already tried it out.
Hey Christian. hmm... Just wondering, Isn't it better not to give quick and easy access permissions to these ports, since they tend to be very important ports? As IT Specialists I think one of our roles is to try and block the unnecessary access to our server's ports, and be as rigorous as possible, Don't you think so? Is there a way to give Podman access permissions to these specific ports only? Great Collection of Tut. Videos 👌.. Keep it up...
All valid points man! Would be a little bit too much for this tutorial though. I'll make a tutorial on fail2ban in the future, just need to test a little bit more how well it works in combination with docker. Thanks for your suggestions 😀
Hey, thanks for your videos. Question about this one though. You pointed NPM to Cockpit via its assigned IP, and inside I had red flags go up. Won't the IP address potentially change especially after restarts and additional containers/services added? Is this a concern from a best-practice perspective? I know docker has internal dns for names of containers that are on the same docker network; is there a way to accomplish this similarly on podman? Thanks for any insight you may have to these questions, perhaps in the 2 yr since you posted this video, maybe you came across these concerns as well..
Yeah you’re right. I wanted to make an update video of cockpit at some point but never gotten to it. But I would probably do it like this, use traefik and a custom docker network with internal dns resolution.
I do not get the last part since I can only connect to it from the local IP and not my public IP which I guess is a good thing. Maybe there was a change made
@@christianlempa Thanks so much! I'm really glad I asked. I've only used virtualbox myself I'd be interested to see a video about how you use Hyper V, and some of the cool things you can do with it - particularly relating to Dev Ops
@@christianlempa Should the NPM has a different database from the app one? Like I use the MySQL only for NPM and from my app Postgres. Is it a good idea?
I'm able to see my login page on my public domain, but when I log in, it hangs on the white page for a while like yours does in the video. Eventually, it shows a "Connection failed" page. If I change it to the local hostname of my server, I'm able to connect fine. Any idea what may be causing this issue?
I think it has something to do with the fact that cockpit is giving nginx a self-signed certificate when it interacts with nginx, though I'm not entirely sure.
I like the pace of the video. It is fast enough to satisfy a pro and concise enough to give sufficient pointers to go research yourself.
I changed my server setup from docker to podman after upgrading to the new Debian 11. There podman is included in the stable release. But there is an better solution instead of using podman-compose (I had some really annoying bugs using it). There is an additional package in the unstable packe repository named "podman-docker". This package implements the docker socket and translates all commands to podman. So there's the possibility to use the normal docker-compose (apt install docker-compose / pip3 install docker-compose) and things like portainer where the docker socket is needed for.
That sounds pretty interesting! Thanks for sharing your insight.
"I'm a scatman" started playing in my head when I read podman! Good video. 👌
Haha, thanks mate 😁
One alternative you can do is to enable ufw to stop any connection from being able to access cockpit directly.
ufw allow ssh (don't lock yourself out).
ufw allow 80
ufw allow 443
ufw enable
Oh yeah, that's right! Thanks for sharing :)
@@christianlempa You can on top of that, tunnel port 81 through your ssh connection to manage nginx reverse proxy.
Wonderful tutorial! So rich in information and it was presented so clearly. I just subscribed.
Very informative in a short time! Thank you. Went further down the playlist)
I really appreciate your content. Somehow, anything I want to do, you have a tutorial for it.
I've been able to use Portainer edge agent with Podman and remotely manage the node from the Portainer server. It's beautiful.
cool!
Awesome video, I was able to get this working following all your directions.
Thx :)
I really need to take a look at podman!
Oh yeah, it's really cool! :)
I just watched couple of your videos, really good quality stuff. One thing strucks me though in every video. Since I used to be Ubuntu maintainer, my ears are bleeding when I hear how you pronounce Ubuntu ;)
Haha thanks, well I can always say I'm a German guy and I don't know better 😆
This is amazing. I learned what I came for, and more!
Do Selinux!
Overall super informative. I actually came here just to learn a bit about podman but really stayed for NGINX Proxy Manager. Turns out I was already also looking for something similar and it was nice seeing a quick preview of that in action. That said… 20:47 😳 Blank screen! What happened there? I even saw you tried to reload but nothing happened.
Thanks mate! For some reason it was sometimes showing me a blank screen for some time until the self signed certs are created. That took a few minutes 😀
@@christianlempa Ah, yikes. Seems like a bug on their end! Overall it seems like it works so that’s ultimately all that matters (at least for this use case, heh). Thanks for the demo!
@@christianlempa seems like a security positive, to prevent key leaks, lol
Will you do a full podman for beginners from scratch course? Do you know if there is one on youtube which you would recommend ? There are many for docker but any video I found about podman were mostly either conference keynote, or someone just comparing podman with docker .
Thank you for the suggestion! But I probably won't do it, because I've done many videos on Docker. I'm also preparing a new Docker Beginner Guide for next week, that will come out. So that should cover anything to get started with containers, Podman is really just another implementation that's very similar to Docker. So I think the videos should cover it. .. hopefully.
Thank you for sharing your time and expertise with us. Everything was going well until I executed the "podman-compose up -d" command. Tons of error referring to CNI versions and the like. I wonder if it has anything to do with the fact that I am running an Ubuntu VM in Proxmox. Oh well, back to the drawing board.
Very well covered with all necessary details.
Thank you 😊
@19:10 - can you show how to secure portainer & npm using this way ???
also can you not allow external ports on the containers, let user access containers via npm only, not via direct ip-address, or ports.
amazing tutorial! im currently testing podman in rocky linux 8.4 and i have to say, when installing docker in rockylinux, it installs podman instead... good thing there are tutorials for that eheh
Thanks! :)
i'd rather would use pipx install podman-compose than pip3. Less hassle with the error "external-managed-environment" and pipx does write the path automatically into .bashrc
You should do a video on the new docker-compose support in 3.0.
Yeah maybe in the future
from another video I read this comment: keep in mind that containers created via docker-compose are not completely native to podman. because of this, it is not possible to create self-sufficient units for systemd and, accordingly, auto-update images will not work.
so I would still use podman-compose
Was looking for a tutorial to get up and running with podman running under Redhat 8. I used these commands to get up and running:
sudo yum install cockpit
sudo systemctl enable --now cockpit.socket
sudo yum module enable -y container-tools:rhel8
sudo yum module install -y container-tools:rhel8
podman info
sudo yum -y install python3 python3-pip python3-devel
pip3 install --user podman-compose
Especially the last command will result in permission errors if you don't use --user when installing the podman-compose
Hi Christian, something completely unrelated and I hope you don't mind me asking but what shaver are you using to shave your head? Thanks
I thought I was the only person who says “and also” when typing && 😂
I have a big issue with Podman - the inability to modify already created pod. If I want to add a new path to my Jellyfin server, why do I have to create the pod from scratch? Also those arrogant responses on Github when this feature is requested are enough to just don't care about Podman. Arrogant parts of the community are currently the biggest issue of a Linux community.
So far the best implementation of container deployment (Docker in this case) for a home lab is in Unraid. There is nothing that comes close to that in terms of ease of use. Being able to manage everything about Docker in a GUI, which actualy works (looking at you TruNAS Scale) is amazing. Nothing stops you from using a terminal, but having choices is actually a good thing.
Aah there you go :D Maybe you could add some information at the DockerVSPodman-Video, to look up Podman-Compose in this new Video :)
Great suggestion! I'll add it later :)
@@christianlempa Installed it yesterday on a Netcup Root just by using ur documentation. It works fine but i am missing the -restart=always option docker has.
Yeah thats probably based on the daemon less architecture, I guess
Thank you for the tutorial. I tried it out on Debian 11 and encountered many problems… it doesn't feel to be a good solution. First, podman compose wouldn't run with installed podman version so I had to upgrade podman to 3.4 which was not that easy because conflicts with dependencies. I was able to fix that after a while. And now, containers are starting without problems, but the app container can't communicate with the database container. I never had this problems using docker. This is very annoying and all is very unstable. Now I'm thinking about creating all containers manually… because this is working, I already tried it out.
It is now working after removing all networks and run command `podman-compose -p npm --in-pod npm up -d`…
Hey Christian. hmm... Just wondering, Isn't it better not to give quick and easy access permissions to these ports, since they tend to be very important ports? As IT Specialists I think one of our roles is to try and block the unnecessary access to our server's ports, and be as rigorous as possible, Don't you think so?
Is there a way to give Podman access permissions to these specific ports only?
Great Collection of Tut. Videos 👌.. Keep it up...
Ty, but.. nginx proxy manager is good.
You have try SWAG ?? Compare to NPManager ?
Im getting "bad gateway" trying to login with the default login. How do I fix this?
Check your docker logs, likely something with your setup is wrong
Hmmm, expose cockpit to the internet? No mfa? Fail2ban protection? Is it possible to brute force cockpit? If so, someone can take over your server.
All valid points man! Would be a little bit too much for this tutorial though. I'll make a tutorial on fail2ban in the future, just need to test a little bit more how well it works in combination with docker.
Thanks for your suggestions 😀
Hey, thanks for your videos. Question about this one though. You pointed NPM to Cockpit via its assigned IP, and inside I had red flags go up. Won't the IP address potentially change especially after restarts and additional containers/services added? Is this a concern from a best-practice perspective? I know docker has internal dns for names of containers that are on the same docker network; is there a way to accomplish this similarly on podman? Thanks for any insight you may have to these questions, perhaps in the 2 yr since you posted this video, maybe you came across these concerns as well..
Yeah you’re right. I wanted to make an update video of cockpit at some point but never gotten to it. But I would probably do it like this, use traefik and a custom docker network with internal dns resolution.
I do not get the last part since I can only connect to it from the local IP and not my public IP which I guess is a good thing. Maybe there was a change made
docker uses iptables in the init process which rootless podman obviously can't. So check your firewall.
What’s the app between Spotify and OBS?
Thats Microsoft hyper-V Manager, to manage my virtual machines
@@christianlempa Thanks so much! I'm really glad I asked. I've only used virtualbox myself
I'd be interested to see a video about how you use Hyper V, and some of the cool things you can do with it - particularly relating to Dev Ops
Awesome Video. A question. Does Nginx Proxy Manager only work on MySQL? I'm using PostgreSQL and didn't find anything about Postgres in NPM docs
Thanks ❤, I don't think so as it also has a custom built image for mysql.
@@christianlempa Should the NPM has a different database from the app one? Like I use the MySQL only for NPM and from my app Postgres. Is it a good idea?
I'm able to see my login page on my public domain, but when I log in, it hangs on the white page for a while like yours does in the video. Eventually, it shows a "Connection failed" page. If I change it to the local hostname of my server, I'm able to connect fine. Any idea what may be causing this issue?
I think it has something to do with the fact that cockpit is giving nginx a self-signed certificate when it interacts with nginx, though I'm not entirely sure.
Thanks bro
You're welcome
your keyboard sounds very nice, what is it?
Logitech G413 with red switched ;)
You misspelled "python" in your guide for installing pip. I did a copy paste and it didnt work, second look showed the problem LOL
Ouch 🤣
What CLI do you use?
Windows Terminal
omggggggg you so complicated 😅😅😅