How Do I Network Rootless Containers Between Users?

[Shadow8472]

This is a cross post from Caddy, but I'll relist my issue here from a Podman perspective.

Original topic: https://caddy.community/t/networking-caddy-in-a-podman-container-to-other-users/21462

I'm deploying Caddy to my homelab server (hostname ButtonMash) as a reverse proxy. I already have Vaultwarden, Pi-Hole, and Nextcloud deployed in rootless containers, and each service has its own user account.

For testing purposes, I'm testing Caddy deployed to Pi-Hole's account. Traffic inbound to Caddy is working properly. The problem is with the Caddy's container not letting traffic reverse proxy back out once in. I've pulled a Hello World! from Caddy to Pi-Hole's container using the "--network podman" flag, but Vaultwarden is still isolated.

I do not want to run Caddy rootless.
I do want to run Caddy in a Podman container.
I know of network host-mode and that most people in my situation take this shortcut. I'm not quite there yet.
I do want to keep user account segregation for services, but if they offer no security benefits as I've been expecting, I might as well throw everything in the same user account.
I am open to a rootfull service to link my rootless Podman containers.

I've found the names Netavark and Aardvark, but I don't know what to do with them or if they can help. I just know they obsoleted Slirp4netns along with all the legacy documentation pointing to it.

Rocky Linux 8.8
Podman version 4.4.1

[Luap99]

This is not possible, podman is designed to fully isolate users from each that includes networking.
If you want to mix networking across users you are own you own and podman cannot help you there. One option to bind the ports to the host ip and then have the service talk via the host ip.

But the much simpler answer is run everything as one user (maybe even root) and then use --userns auto to isolate the containers from each other.

[Shadow8472]

Thank you for the confirmation. It's not what I wanted to hear, but I am very grateful for a definitive answer.

[Strunck]

Have you considered to put your container in a pod?
Another idea would be quadlet.
Deploying a multi-container application using Podman and Quadlet