From 91cf3add5bb3c1b757436e781a526323f42bebb2 Mon Sep 17 00:00:00 2001 From: Luca Beltrame Date: Sun, 1 Aug 2021 10:47:01 +0200 Subject: [PATCH] Clarify one sentence and make output more readable --- ...cks-recorder-and-oauth2-with-nginx-and-podman.md | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/content/post/2021-08-01-setting-up-owntracks-recorder-and-oauth2-with-nginx-and-podman.md b/content/post/2021-08-01-setting-up-owntracks-recorder-and-oauth2-with-nginx-and-podman.md index 05229d4..622efde 100644 --- a/content/post/2021-08-01-setting-up-owntracks-recorder-and-oauth2-with-nginx-and-podman.md +++ b/content/post/2021-08-01-setting-up-owntracks-recorder-and-oauth2-with-nginx-and-podman.md @@ -14,6 +14,7 @@ tags: - podman - containers - linux +- opensuse title: Setting up OwnTracks Recorder and OAuth2 with nginx, oauth2-proxy and podman --- @@ -56,7 +57,7 @@ For this guide I used podman version **3.2.3**, installed through my distributio First of all, I created a new user. I used `useradd` but any way is fine, for example thorugh YaST or other tools. ```shell -useradd --system -c "OwnTracks" owntrakcs --create-home +useradd --system -c "OwnTracks" owntracks --create-home ``` This is a *real* login, so that you can do things interactively. I set up a strong password and configured SSH to refuse any login from this user, to make sure it stays local only. @@ -66,7 +67,8 @@ Before we proceed further, we have to set up *subuids* and *subgids* for our use To make this work you have to assign ranges of subuids and subgids to your user to use, ensuring they *don't* overlap with anything existing in your system. At least in openSUSE Leap 15.2 the generation of these is not automatic, meaning you have to resort to `usermod` to do the job: ```shell -usermod --add-subuids - --add-subgids - +usermod --add-subuids - \ + --add-subgids - ``` Once that is done, you'll see something like this in `/etc/subuid` and `/etc/subgid`: @@ -108,7 +110,10 @@ mkdir -p owntracks/recorder/config owntracks/recorder/data owntracks/frontend/co Then we create our pod. Note that *all* container:host port mappings need to be created here, or they won't work when adding individual containers: ```shell -podman pod create --name owntracks -p 127.0.0.1:8083:8083 -p 127.0.0.1:6666:80 +podman pod create \ + --name owntracks \ + -p 127.0.0.1:8083:8083 \ + -p 127.0.0.1:6666:80 ``` This creates the pod *owntracks* and maps port 8083, the one used by the Recorder, to 8083 on the host (only from localhost). Likewise, port 80 on the frontend is mapped to port 6666 (the default is different, but I had something else listening there already). @@ -228,6 +233,8 @@ You can add `--new` to make podman recreate pod and containers on each restart. Point a browser on the server (even `links` will suffice) to `localhost:8083` and `localhost:6666` if you want to verify everything is done correctly. +On the OwnTracks user front, everything is done, so the next steps are carried out as root (or with `sudo`). + ### Hooking up the web server Right now both the Recorder and the frontend are accessible only via localhost. This was the plan all along, because we'll put nginx in front of them. I assume you have already a functional web server with proper SSL set up (with Let's Encrypt, there is no reason not to).