Container platforms (docker, lxc, podman)

I am trying to create a podman compose of NGINX and PHP:FPM. I was able to get NGINX to work on its own using the docker.io./bitnami/nginx image. I gotten close I believe to getting the PHP:FPM to work also but due to an issue with NGINX not cooperating with the PHP:FPM.

In the logs of the NGINX container, I get this error every time I load localhost:8080 in the browser...

10.89.4.2 - - [24/Jul/2024:20:18:35 +0000] "GET / HTTP/1.1" 404 47 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0" "-"
2024/07/24 20:18:35 [error] 44#44: *1 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 10.89.4.2, server: localhost, request: "GET / HTTP/1.1", upstream: "fastcgi://10.89.4.3:9000", host: "localhost:8080"

And when I load localhost:8080 in the browser, it displays a blank page which says "File not found.".

I am using podman 5.1.2 on Linux Mint 21.3. My goal is to simply NGINX and PHP to work, to be able to have a web server that can use PHP.

Any advice would be most appreciated.

Directory structure

nginx-php/
   compose.yml
   nginx.conf
   php.dockerfile
   php.ini
   www/
      public/

compose.yml

version: '3'
networks:
    app-tier:
        driver: bridge
services:
    nginx:
        image: docker.io/bitnami/nginx
        volumes:
            - ./nginx.conf:/opt/bitnami/nginx/conf/server_blocks/my_server_block.conf:ro
            - .:/app/
        networks:
            - app-tier
        ports:
            - 8080:8080
    php:
        build:
            context: .
            dockerfile: php.dockerfile
        volumes:
            - .:/app/
        networks:
            - app-tier

nginx.conf

server {
    server_name localhost;
    listen 0.0.0.0:8080;
    
    root /app/www/public;

    index index.php index.html index.htm;
    autoindex on;

    location / {
        try_files $uri $uri/index.php;
    }

    location ~ \.php$ {
        fastcgi_pass php:9000;
        fastcgi_index index.php;
        include fastcgi.conf;
    }
}

php.dockerfile (Will like to get debugging and databases to work later on...)

FROM docker.io/bitnami/php-fpm

# Install xdebug for nicer error messages and debugging
# RUN pecl install xdebug
# RUN docker-php-ext-enable xdebug

# Install mysqli
# RUN docker-php-ext-install mysqli
# RUN docker-php-ext-enable mysqli

# Install PDO
# RUN docker-php-ext-install pdo pdo_mysql

php.ini (Will like to get debugging and databases to work later on...)

[PHP]

extension=mysqli
extension=pdo_mysql


; xdebug settings for debugging
zend_extension=xdebug
xdebug.start_with_request = yes
xdebug.client_host=xdebug://gateway

On Linux, thr best package type for a portable application is an AppImage since all the dependances are inside the AppImage, its all in one file and can run on any linux distro.

On Android, you dan download an APK and install it manually which is the closest thing to a portable Android app.

Therefore, in the service/server self hosting world. Are containers (docker/podman images) the equivalent to a portable executable of a service? AppImages downside is its size since all the dependancies are bundle with it. Containers not only bundle its dependnacies but the OS to run run them. For a stable, low incompatibility and low dependancy hell, are containers the way to go for portable services?

I know container images are not distributed as tar files often and mostly pulled from a registry, however they can be saved and loaded as portable tar files.

cross-posted from: https://sh.itjust.works/post/1163818

Update: The guide on github has been updated and has addopted a different method. Notably, it:

A) still accomplishing my goal of avoiding running the process inside as root.

B) uses the linuxserver.io image rather than the syncthing/syncthing one (my method does not allow for the linuxserver.io image to run), the linuxserver one is based on > alpine, I truly forget what the other one is based on.

An archived version of the guide I followed to create my setup has been placed bellow, the updated (and all subsequent version) can be found here

I saw this guide discussing how to run Syncthing in > a podman container on immutable OSes and decided to try and create a better solution that avoids running the process inside as root. I am new to podman and it's been > a few years since I used docker so I am a novice in this side of system administration and I guess I am writing this as a "sanity check" for what I have done.

Below is the podman run arguments I used in place of the ones found in the article, I also manage it with systemd as shown in the article.

podman run -d \
 --name=syncthing \
 --hostname=syncpod \
 --label io.containers.autoupdate=registry \
 --userns keep-id \
 -p 127.0.0.1:8384:8384 \
 -p 22000:22000/tcp \
 -p 22000:22000/udp \
 -p 21027:21027/udp \
 -v ~/.config/syncthing:/var/syncthing/config:Z \
 -v ~/SyncedDirs/:/SyncedDirs:Z \
-v ~/SyncedDirs2/:/var/syncthing/SyncedDirs2:Z \
 docker.io/syncthing/syncthing:latest

Note: I feel the original guide does not explain what the :Z flag does very well, it should at least emphasize unknowing users that it is telling podman to change the SELinux label of a dir to match that of the container.

The notable changes in my arguments is the --userns keep-id option and switching from the linuxserver.io version to the syncthing image. The keep-id option from my understanding tells Podman to create a user namespace where the user and container map to the same UID:GID values. Allowing all files the container touches to still be used by me, the user. I had to switch from the linuxserver.io version to the syncthing official one because the former did not allow the --userns keep-id option to work (perhaps because it is based on Alpine Linux? I have to investigate more. It failed on running an add-user command if I recall)

Below is an excerpt from a RedHat article describing the --userns keep-id option, square brackets are mine:

User namespace modes

I can change this default mapping using the –userns option, which is described in the podman run man page. This list shows the different modes you can pass to the –userns option.

• Key: "" (Unset) [Effectively what the original guide did]

    >Host user: $UID
    >Container user: 0 (Default User account mapped to root user in container.) (Default)

• Key: keep-id [What I am doing]

    >Host user: $UID
    >Container user: $UID (Map user account to the same UID within the container.)

(Source)

So far this method seems to work quite well, and has replaced the syncthing package I had layered for a while. Is this the best way to run it on an OS like Silverblue / Kinoite, or is there a more sensible route to go? Any feedback is appreciated!

Edit: Clarity and grammar, and some more detail in a few spots.

I'm currently using a Windows machine as the "server" in my home lab, but I just ordered some new hardware and I'd like to change things up to add some more flexibility and capability.

Based on my research so far, my plan is to install Proxmox on the bare metal and use it to run any regular VMs I need. However, I am still trying to figure out what to do about containers.

I know Proxmox also, supports LXC containers, but based on everything I've read, I think I'd like to use something more "industry standard". I was thinking Docker, but it sounds like Podman is lighter and more secure, so I am now leaning that direction. I plan on setting up an Ubuntu server VM in Proxmox and running Podman on that.

I'm thinking of running full blown VMs for more complex applications (Plex for example), but containers for simple applications (Pihole, ddclient, cloudflared, etc).

Does that all sound like a reasonable plan? Are there any obvious gotchas I might be missing? Any tips or resources you'd recommend for a first time user of Podman (and containers in general)?

I have been doing my own research and I think it's going well but sometimes you don't know what you don't know, so I'd value a second opinion.

I am pretty tech savvy, so I don't mind learning new things. Windows has always been my primary platform, but I would like to branch out a bit and containers are starting to seem like a must for personal and professional growth. I'm pretty familiar with virtualization (mostly VMWare) but I'm new to containers.

Thanks in advance for taking a look and sharing any tips!

https://www.phoronix.com/news/Canonical-Pulls-In-LXD

Most are scratch-based, with "Nobody" set as the main user. Enjoy.

This looks like it could be amazing. Maybe a self hosting dream, or a flash in the pan.

If so tell us your experience and how you deployed it.

Let's start off with what a container is compared to a virtual machine.

This is the place to discuss various Container platforms, runtimes, and technologies. Whether it is big daddy Docker, or something newer like Podman. Grand-daddy LXC, or the OCI. If it is about containers, let's talk.