Clarify one sentence and make output more readable
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
363c489d87
commit
91cf3add5b
GPG key ID:
4707F46E9EC72DEC
1 changed files with 10 additions and 3 deletions
|
|
@ -14,6 +14,7 @@ tags:
|
|||
- podman
|
||||
- containers
|
||||
- linux
|
||||
- opensuse
|
||||
title: Setting up OwnTracks Recorder and OAuth2 with nginx, oauth2-proxy and podman
|
||||
---
|
||||
|
||||
|
|
@ -56,7 +57,7 @@ For this guide I used podman version **3.2.3**, installed through my distributio
|
|||
First of all, I created a new user. I used `useradd` but any way is fine, for example thorugh YaST or other tools.
|
||||
|
||||
```shell
|
||||
useradd --system -c "OwnTracks" owntrakcs --create-home
|
||||
useradd --system -c "OwnTracks" owntracks --create-home
|
||||
```
|
||||
|
||||
This is a *real* login, so that you can do things interactively. I set up a strong password and configured SSH to refuse any login from this user, to make sure it stays local only.
|
||||
|
|
@ -66,7 +67,8 @@ Before we proceed further, we have to set up *subuids* and *subgids* for our use
|
|||
To make this work you have to assign ranges of subuids and subgids to your user to use, ensuring they *don't* overlap with anything existing in your system. At least in openSUSE Leap 15.2 the generation of these is not automatic, meaning you have to resort to `usermod` to do the job:
|
||||
|
||||
```shell
|
||||
usermod --add-subuids <min-subuid>-<max-subuid> --add-subgids <min-subgid>-<max-subgid> <login>
|
||||
usermod --add-subuids <min-subuid>-<max-subuid> \
|
||||
--add-subgids <min-subgid>-<max-subgid> <login>
|
||||
```
|
||||
|
||||
Once that is done, you'll see something like this in `/etc/subuid` and `/etc/subgid`:
|
||||
|
|
@ -108,7 +110,10 @@ mkdir -p owntracks/recorder/config owntracks/recorder/data owntracks/frontend/co
|
|||
Then we create our pod. Note that *all* container:host port mappings need to be created here, or they won't work when adding individual containers:
|
||||
|
||||
```shell
|
||||
podman pod create --name owntracks -p 127.0.0.1:8083:8083 -p 127.0.0.1:6666:80
|
||||
podman pod create \
|
||||
--name owntracks \
|
||||
-p 127.0.0.1:8083:8083 \
|
||||
-p 127.0.0.1:6666:80
|
||||
```
|
||||
|
||||
This creates the pod *owntracks* and maps port 8083, the one used by the Recorder, to 8083 on the host (only from localhost). Likewise, port 80 on the frontend is mapped to port 6666 (the default is different, but I had something else listening there already).
|
||||
|
|
@ -228,6 +233,8 @@ You can add `--new` to make podman recreate pod and containers on each restart.
|
|||
|
||||
Point a browser on the server (even `links` will suffice) to `localhost:8083` and `localhost:6666` if you want to verify everything is done correctly.
|
||||
|
||||
On the OwnTracks user front, everything is done, so the next steps are carried out as root (or with `sudo`).
|
||||
|
||||
### Hooking up the web server
|
||||
|
||||
Right now both the Recorder and the frontend are accessible only via localhost. This was the plan all along, because we'll put nginx in front of them. I assume you have already a functional web server with proper SSL set up (with Let's Encrypt, there is no reason not to).
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue