Podman rootful in place of Docker #367
Description
I have run a proxy on Alma Linux (EL9) for quite some time using Docker. Given Docker's overhead, I decided to switch to Podman. I use the latter in my homelab and it's much lighter on resources due to its integrated nature.
Creating the initial container (as root to avoid port binding issues):
sudo podman run -d --sysctl net.ipv4.ip_unprivileged_port_start=79 --name whatsapp_proxy -p 80:80 -p 443:443 -p 5222:5222 -p 8080:8080 -p 8443:8443 -p 8222:8222 -p 8199:8199 -p 587:587 -p 7777:7777 docker.io/facebook/whatsapp_proxy:latest
Then create a systemd service:
sudo podman generate systemd --new --files --name whatsapp_proxy
sudo mv container-whatsapp_proxy.service /etc/systemd/system
sudo restorecon -RFv /etc/systemd/system/
sudo systemctl enable --now container-whatsapp_proxy.service
The proxy comes up using the system's hostname (which is an appropriate fqdn in this case). All looks good, and sudo netstat -tunalp shows the listeners on 80, 443, 587, 8080 etc. However, and this is the head-scratcher, WhatsApp refuses to connect to the proxy by fqdn (it works fine under Docker, using any fqdn that points to the server IP). If I use the server's IP as the proxy address, WhatsApp will connect.
I can't for the life of me work out what's different between the two setups. HAProxy inside the container generates a self-signed cert for proxy.whatsapp.net in both instances, but only Podman doesn't allow WhatsApp to connect successfully using the fqdn.
Sometimes the WhatsApp proxy settings page flickers 'connected' for a second before going back to 'disconnected', but as soon as I either use the server IP or switch the server to the same setup under Docker, it connects flawlessly. Does anyone have any ideas please? It'd be nice to be able to switch over to Podman, but either way the technical challenge is enough in itself to be bothering me now!