Running via rootless Podman not working #1871
Description
Describe the Bug
The installer script did not work for me. I fixed those errors, but I still can't access the Web UI.
Environment
- OS Type & Version: Guix 1.4
- Pangolin Version: 1.12.2
- Gerbil Version: 1.2.2
- Traefik Version: 3.5
- Newt Version: N/A
- Olm Version: N/A
- Podman Version: 5.6.1
- Podman-compose Version: 1.2.0 / 1.5.0 (see below)
To Reproduce
First, I got the error Command 'podman network exists pangolin' returned non-zero exit status 1.
I fixed this by: (1) Selecting no to Would you like to install and start the containers? (2) Setting the owner of all the files and folders, that the installer created, to my user account with sudo chown -R $(id -u):$(id -g) <pangolin_install_path>. (3) Creating the db directory with mkdir <pangolin_install_path>/db, which was not created by running podman-compose up.
When I run podman-compose up, I get:
[pangolin] |
[pangolin] | > @fosrl/[email protected] start
[pangolin] | > ENVIRONMENT=prod node dist/migrations.mjs && ENVIRONMENT=prod NODE_ENV=development node --enable-source-maps dist/server.mjs
[pangolin] |
[pangolin] | Starting migrations from version 1.12.2
[pangolin] | Migrations to run:
[pangolin] | All migrations completed successfully
[pangolin] | [info]: Started offline checker interval
[pangolin] | [warn]: Email SMTP configuration is missing. Emails will not be sent.
[pangolin] | === SETUP TOKEN EXISTS ===
[pangolin] | Token: <token>
[pangolin] | Use this token on the initial setup page
[pangolin] | ================================
[pangolin] | [info]: Pangolin now gathers anonymous usage data to help us better understand how the software is used and guide future improvements and feature development. You can find more details, including instructions for opting out of this anonymous data collection, at: https://docs.pangolin.net/telemetry
[pangolin] | [info]: API server is running on http://localhost:3000
[pangolin] | [info]: Internal server is running on http://localhost:3001
[pangolin] | [info]: Next.js server is running on http://localhost:3002
I tried to access localhost:3002 via SSH TCP forwarding with ssh -L 8080:localhost:3002 <user>@<ip>. However, when I navigate to localhost:8080 in my browser, the page does not load, and I see channel 3: open failed: connect failed: Connection refused in the Podman logs on the server. I also tried with ports 3000 and 3001, and same thing. I get this error message with any port I try forwarding to my local machine.
The latest Guix package of podman-compose is version 1.2.0. I installed version 1.5.0 by pip to check if this made a difference. The logs above are when podman-compose up is run with version 1.5.0.
When run with version 1.2.0, I get:
[gerbil] | INFO: Fetching remote config from http://pangolin:3001/api/v1/gerbil/get-config
[gerbil] | ERROR: Error fetching remote config http://pangolin:3001/api/v1/gerbil/get-config: Post "http://pangolin:3001/api/v1/gerbil/get-config": dial tcp 10.89.0.6:3001: connect: connection refused
[gerbil] | ERROR: Failed to load configuration: Post "http://pangolin:3001/api/v1/gerbil/get-config": dial tcp 10.89.0.6:3001: connect: connection refused
[traefik] | INF Traefik version 3.5.6 built on version=3.5.6
[traefik] | INF
[traefik] | Stats collection is disabled.
[traefik] | Help us improve Traefik by turning this feature on :)
[traefik] | More details on: https://doc.traefik.io/traefik/contributing/data-collection/
[traefik] |
[traefik] | INF Loading plugins... plugins=["badger"]
[pangolin] |
[pangolin] | > @fosrl/[email protected] start
[pangolin] | > ENVIRONMENT=prod node dist/migrations.mjs && ENVIRONMENT=prod NODE_ENV=development node --enable-source-maps dist/server.mjs
[pangolin] |
[traefik] | INF Plugins loaded. plugins=["badger"]
[traefik] | INF Starting provider aggregator *aggregator.ProviderAggregator
[traefik] | INF Starting provider *file.Provider
[traefik] | INF Starting provider *traefik.Provider
[traefik] | INF Starting provider *acme.ChallengeTLSALPN
[traefik] | INF Starting provider *http.Provider
[traefik] | INF Starting provider *acme.Provider
[traefik] | INF Testing certificate renew... acmeCA=https://acme-v02.api.letsencrypt.org/directory providerName=letsencrypt.acme
[traefik] | ERR Provider error, retrying in 512.313355ms error="cannot fetch configuration data: do fetch request: Get \"http://pangolin:3001/api/v1/traefik-config\": dial tcp 10.89.0.6:3001: connect: connection refused" providerName=http
[traefik] | ERR Provider error, retrying in 653.998342ms error="cannot fetch configuration data: do fetch request: Get \"http://pangolin:3001/api/v1/traefik-config\": dial tcp 10.89.0.6:3001: connect: connection refused" providerName=http
[pangolin] | Starting migrations from version 1.12.2
[pangolin] | Migrations to run:
[pangolin] | All migrations completed successfully
[traefik] | ERR Provider error, retrying in 1.324896169s error="cannot fetch configuration data: do fetch request: Get \"http://pangolin:3001/api/v1/traefik-config\": dial tcp 10.89.0.6:3001: connect: connection refused" providerName=http
[traefik] | ERR Provider error, retrying in 1.932215911s error="cannot fetch configuration data: do fetch request: Get \"http://pangolin:3001/api/v1/traefik-config\": dial tcp 10.89.0.6:3001: connect: connection refused" providerName=http
[traefik] | INF Register... providerName=letsencrypt.acme
[gerbil] | INFO: Fetching remote config from http://pangolin:3001/api/v1/gerbil/get-config
[gerbil] | ERROR: Error fetching remote config http://pangolin:3001/api/v1/gerbil/get-config: Post "http://pangolin:3001/api/v1/gerbil/get-config": dial tcp 10.89.0.6:3001: connect: connection refused
[gerbil] | ERROR: Failed to load configuration: Post "http://pangolin:3001/api/v1/gerbil/get-config": dial tcp 10.89.0.6:3001: connect: connection refused
[traefik] | ERR Provider error, retrying in 2.012596183s error="cannot fetch configuration data: do fetch request: Get \"http://pangolin:3001/api/v1/traefik-config\": dial tcp 10.89.0.6:3001: connect: connection refused" providerName=http
[pangolin] | [info]: Started offline checker interval
[pangolin] | [warn]: Email SMTP configuration is missing. Emails will not be sent.
[pangolin] | === SETUP TOKEN EXISTS ===
[pangolin] | Token: <token>
[pangolin] | Use this token on the initial setup page
[pangolin] | ================================
[pangolin] | [info]: Pangolin now gathers anonymous usage data to help us better understand how the software is used and guide future improvements and feature development. You can find more details, including instructions for opting out of this anonymous data collection, at: https://docs.pangolin.net/telemetry
[pangolin] | [info]: API server is running on http://localhost:3000
[pangolin] | [info]: Internal server is running on http://localhost:3001
[pangolin] | [info]: Next.js server is running on http://localhost:3002
[gerbil] | Fetching remote config from http://pangolin:3001/api/v1/gerbil/get-config
[pangolin] | [info]: Created new exit node Exit Node pTrkIgaj with address 100.89.128.1/24 and port 51820
[gerbil] | Created WireGuard interface wg0
[gerbil] | Assigned IP address 100.89.128.1/24 to interface wg0
[gerbil] | Attempting to delete existing MSS clamping rule for chain INPUT
[gerbil] | Attempting to delete existing MSS clamping rule for chain OUTPUT
[gerbil] | Attempting to delete existing MSS clamping rule for chain FORWARD
[gerbil] | Adding MSS clamping rule for chain INPUT
[gerbil] | Successfully added and verified MSS clamping rule for chain INPUT
[gerbil] | Adding MSS clamping rule for chain OUTPUT
[gerbil] | Successfully added and verified MSS clamping rule for chain OUTPUT
[gerbil] | Adding MSS clamping rule for chain FORWARD
[gerbil] | Successfully added and verified MSS clamping rule for chain FORWARD
[gerbil] | WireGuard interface wg0 created and configured
[gerbil] | Received initial mappings: {"mappings":{}}
[gerbil] | Loaded 0 initial proxy mappings
[gerbil] | UDP server listening on :21820
[gerbil] | Starting HTTP server on :3004
I tried accessing the HTTP server in my browser on port 3004, but this was not reachable.
I have all the recommended ports (80, 443, 51820, 21820) open in the firewall.
Expected Behavior
No errors, and ability to access the Web UI.