This demo shows how to run a socket-activated traefik container with Podman. See also the tutorials Podman socket activation and podman-nginx-socket-activation.
Overview of the examples
| Example | Type of service | Ports | Using quadlet | rootful/rootless podman | Comment |
|---|---|---|---|---|---|
| Example 1 | systemd user service | 80, 443 | yes | rootless podman |
When using the traefik option --providers.docker, traefik needs access to a unix socket that provides the Docker API. By default the path to the unix socket is /var/run/docker.sock. SELinux will by default block access to the file.
Currently, the problem is worked around by disabling SELinux for the traefik container.
The quadlet unit file contains this line:
SecurityLabelDisable=true
Another workaround could have been to bind-mount the unix socket with the :z option,
but that would change the file context of the unix socket which might cause problems for
other programs.
See also https://bugzilla.redhat.com/show_bug.cgi?id=1495053#c2