+++ date = '2025-02-16T12:29:47+01:00' draft = true title = 'From Docker to Podman' +++ [Podman](https://podman.io/) is a tool that can run OCI containers and aims at being a drop replacement for [Docker](https://www.docker.com/) but with some differences - no daemon - rootless by default - only run containers, do not build images However, there a subtle differences that makes it hard to directly replace docker by podman. # Usage The main difference with docker is that podman does not use a daemon. The consequence of that is that the containers are running with the user that started them. ## Use container as a service There are a couple of things to be able to use podman containers as a service ### linger As the container is started in the session of the user that started it, by default, when the user closes her session, the containers will be stopped. To prevent that, you need to enabled linger `loginctl enable-linger $USER` [Reference](https://github.com/containers/podman/blob/b03466c/troubleshooting.md#17-rootless-containers-exit-once-the-user-session-exits) ### restart The user that is running the containers need to have a restart service for podman: `systemctl --user edit podman-restart.service` {{< highlight SYSTEMD "linenos=inline">}} [Service] ExecStart= ExecStart=/usr/bin/podman $LOGGING start --all ExecStop= ExecStop=/bin/sh -c '/usr/bin/podman $LOGGING stop $(/usr/bin/podman container ls -q)' {{}} The service need to be enabled: `systemctl --user enable podman-restart.service` Once this is setup, all the containers will be stopped at shutdown and started at startup [Reference](https://nts.strzibny.name/systemd-user-services/) ### port By default, podman cannot create containers that bind to ports < 1024 There is a few of options to solve that. The one I recommend is using a tool like [redir](https://github.com/troglobit/redir) that will listen to privileged port and forward to an unprivileged one used by podman. Install redir: `sudo apt install redir` `sudo nvim /etc/systemd/system/redir.service` {{< highlight SYSTEMD "linenos=inline">}} [Unit] Description=Redirect tcp port 443 to 8443 with redir [Service] ExecStart=/bin/redir -sn :443 127.0.0.1:8443 [Install] WantedBy=multi-user.target {{}} `sudo systemctl enable --now redir.service` [Reference](https://linuxconfig.org/how-to-bind-a-rootless-container-to-a-privileged-port-on-linux) ## Compose `podman compose` is only supported starting version 4.7 of podman You will need to install `podman-compose` aside podman To be compatible with both podman and docker Although the name `docker-compose.yml` is supported, I prefer using `compose.yml` ## Socket Docker uses a daemon that is accessible from a socket. This is used by a bunch of tools to automate tasks related to docker, get info on running containers or automatically configure things based on the labels defined in a container. Podman being daemon-less,