Skip to content

Commit e18ae2c

Browse files
iFargleiFargle
authored
Merge pull request #46 from spomata/update-doc-podman
Adding info on how to run with rootless podman
2 parents c24185f + 3ff5b15 commit e18ae2c

File tree

1 file changed

+18
-1
lines changed

1 file changed

+18
-1
lines changed

SETUP.md

Lines changed: 18 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,23 @@
2121
* `KEY` is your encryption key. Set this to a random value generated from `openssl rand -base64 32`
2222
* `AUTH_TYPE` can be set to `Basic` or `OIDC`. See the [Authentication](#Authentication) section below for more information.
2323
* `LOG_LEVEL` can be one of `Debug`, `Info`, `Warning`, `Error`, or `Critical` for decreasing verbosity. Default is `Info` if removed from your Environment.
24+
---
25+
# Podman rootless container
26+
27+
A rootless container can be a good choice when running headscale-webui with Podman.
28+
29+
To achieve this, the option `allow_host_loopback` for the slirp4netns network driver must be explicitly set. This will allow the container to contact sockets listening on the host (specifically, headscale).
30+
31+
By default, slirp4netns will present the host on the IP address `10.0.2.2` (adjust accordingly if you specify different addressing options), so this IP will be the address to set in the HS_SERVER environment variable (along with the port number) when spinning the container.
32+
For the rest of the enviroment settings, the considerations done for the Docker example above still hold.
33+
34+
* Example:
35+
```
36+
podman run -d --network slirp4netns:allow_host_loopback=true -v /etc/headscale:/etc/headscale:ro \
37+
-p 5000:5000 --name headscale-webui -e HS_SERVER=http://10.0.2.2:8080 -e KEY=YOUR_ENC_KEY \
38+
-e DOMAIN_NAME=http://headscale-webui:5000 -e SCRIPT_NAME=/admin ifargle/headscale-webui:latest
39+
```
40+
2441
---
2542
# Reverse Proxies
2643
*If your reverse proxy isn't listed or doesn't work, please open up a [new issue](https://github.com/iFargle/headscale-webui/issues/new) and it will be worked on.*
@@ -123,4 +140,4 @@ Client Secret = [SECRET]
123140
* `OIDC_CLIENT_ID` is the `id` in your Authelia configuration.yaml. In this case, it would be `headscale-webui`.
124141
* `OIDC_SECRET` is your client secret, in this case `[SECRET]`. You can generate a secret using `openssl rand -hex 64`.
125142

126-
---
143+
---

0 commit comments

Comments
 (0)