As of right now, I currently have a working Docker container for Caddy which can successfully get TLS certs and I am able to access my own test site with an external web browser.
What I want to do use the same files (Dockerfile, docker-compose.yml and Caddyfile) to do the same with Podman Compose. When I run podman compose up -d I am able to build the Caddy container and it will also successfully get it’s own TLS cert.
docker-compose.yml
services:
  caddy:
    container_name: caddy
    build: .
    restart: always
    ports:
      - 80:80
      - 5050:443
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
      - caddy_data:/data
      - caddy_config:/config
      - /home/sxc-pi/shared/:/srv:Z
    networks:
      - reverse_proxy
volumes:
  caddy_data:
  caddy_config:
networks:
  reverse_proxy:
    external: true
While on the same device, I can use curl localhost:5050 and get the message Client sent an HTTP request to an HTTPS server. which is the same result as if I were using Docker. If I try to access my site through my domain name or local network ip address from an external device, the connection times out.
I didn’t make any changes to my firewall or router’s port forwarding because I expect Rootful Podman Compose to work similar to Docker.
I checked iptables and below are the differences between using Docker and Podman but I don’t really know networking enough to understand what it’s really saying
iptables differences
sxc-pi:/srv/caddy$ diff ~/iptables-docker ~/iptables-podman 
--- /home/sxc-pi/iptables-docker
+++ /home/sxc-pi/iptables-podman
@@ -31,8 +31,6 @@
 
 Chain DOCKER (2 references)
 target     prot opt source               destination         
-ACCEPT     tcp  --  anywhere             172.18.0.2           tcp dpt:https
-ACCEPT     tcp  --  anywhere             172.18.0.2           tcp dpt:http
 DROP       all  --  anywhere             anywhere            
 DROP       all  --  anywhere             anywhere            
 
@@ -70,15 +68,20 @@
 Chain NETAVARK_FORWARD (1 references)
 target     prot opt source               destination         
 DROP       all  --  anywhere             anywhere             ctstate INVALID
+ACCEPT     all  --  anywhere             10.89.0.0/24         ctstate RELATED,ESTABLISHED
+ACCEPT     all  --  10.89.0.0/24         anywhere            
 
 Chain NETAVARK_INPUT (1 references)
 target     prot opt source               destination         
+ACCEPT     udp  --  10.89.0.0/24         anywhere             udp dpt:domain
+ACCEPT     tcp  --  10.89.0.0/24         anywhere             tcp dpt:domain
 
 Chain NETAVARK_ISOLATION_2 (1 references)
 target     prot opt source               destination         
 
 Chain NETAVARK_ISOLATION_3 (0 references)
 target     prot opt source               destination         
+DROP       all  --  anywhere             anywhere            
 NETAVARK_ISOLATION_2  all  --  anywhere             anywhere            
 
 Chain ufw-after-forward (1 references)
I’ve also rebooted after starting the Podman containers incase there were any iptables issues but that still didn’t help.
I’ve searched what I can but haven’t gotten anything to work or get me closer to finding an answer.
I’m hoping to use Rootless Podman if I can figure this out, if not I have Docker as a fall back plan.
Any help or insight would be appreciated.


Use
ss -tlpnorpodman psto show what ports podman I’d listening on, my guess is it is only listening on localhost.podman ps shows the following:
netstat -tunplshows the following:The only difference for the netstat command between Docker and Podman is that Podman show’s entries for aardvark-dns and Docker does not which is something I expect.
Disable the firewall if you can to check if that’s the issue, then do a tcpdump using root with the port. Do tcpdump inside the container too and compare what you see to the docker environment.
Is caddy-caddy really the correct image?
Try with this command, it’s the minimal setup that works by default (on my machine):
podman run -p 0.0.0.0:5050:80 docker.io/library/caddy:latest