bypass4netns
podman-nginx-socket-activation
bypass4netns | podman-nginx-socket-activation | |
---|---|---|
3 | 10 | |
107 | 16 | |
3.7% | - | |
8.6 | 7.8 | |
7 days ago | 5 months ago | |
Go | Shell | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
bypass4netns
-
How to run an Nginx container with socket activation and rootless Podman? (I only got it working with a simplified Nginx container image)
Socket activation should be the fastest alternative as then there is no need to process and interpret the network traffic that is sent over the socket. Both slirp4netns and netavark process the traffic. If I understand correctly the network driver bypass4netns could have similar performance as socket activation. The current bypass4netns implementation has some security problems but it seems that could be fixed.
-
Podman 4.2.0
(That could a be cool feature)
Also interesting would be to fix the security considerations of using bypass4netns:
"However, it is probably possible to connect to host loopback IPs by exploiting TOCTOU of struct sockaddr * pointers."
There seems to be an implementation idea for how the problem could be fixed:
https://github.com/rootless-containers/bypass4netns/issues/2...
-
Minikube now supports rootless podman driver for running Kubernetes
The filesystem performance degradation was resolved in kernel 5.11 which added support for rootless overlayfs.
The network performance is caused by slirp (usermode TCP/IP) but it is being resolved too : https://github.com/rootless-containers/bypass4netns
podman-nginx-socket-activation
-
Show HN: Obligator – An OpenID Connect server for self-hosters
https://github.com/eriksjolund/podman-nginx-socket-activatio...
-
Which alternative for slirp4netns in rootless containers is better?
I wrote an nginx socket activation example https://github.com/eriksjolund/podman-nginx-socket-activation (The example does not show nginx working as HTTP reverse proxy but I think tried that out before and it worked)
-
Systemd and Podman: When to use User= instead of user session?
(I wrote a demo: https://github.com/eriksjolund/podman-nginx-socket-activation)
-
Rootless docker vs podman: pros and cons?
The difference is that with Podman its possible to create a systemd socket unit for the service (for example nginx.socket).
- Combine host and podman network
- Show HN: Run Nginx with Podman and socket activation
- docker Vs podman - Which one is worth doing a dive in?
-
How to run an Nginx container with socket activation and rootless Podman? (I only got it working with a simplified Nginx container image)
The problem when running rootless Podman with socket activation and docker.io/library/nginx is caused by the closing of file descriptor 3 in /entrypoint.sh.
What are some alternatives?
docker-nginx - Official NGINX Dockerfiles
magento2-warden-aliases - Magento 2 Warden Aliases for Productivity
podman-deb - This has been archived because I had a fundamental misunderstanding of the unstable repos provided @lsm5.
Fedora-Remix-for-WSL - Fedora Remix for Windows Subsystem for Linux.
podman-networking-docs - rootless Podman networking documentation with examples
buildah - A tool that facilitates building OCI images.
resolve - Container scripts to build and run DaVinci Resolve [Studio] for Linux using Docker or Podman
FedoraWSL - Fedora as a WSL Instance. Supports multiple install.
restic-automatic-backup-scheduler - Automatic restic backup using Backblaze B2 storage and either Linux systemd timers, macOS LaunchAgent, Windows ScheduledTask or simply cron.
kubernetes - Production-Grade Container Scheduling and Management
traefik-forward-auth - Minimal forward authentication service that provides Google/OpenID oauth based login and authentication for the traefik reverse proxy