Support rootless containers

[sharmay]

Any possibility to use ENV to set HTTP/HTTPS ports?
I run rootless container using podman,, this means port < 1024 can not be opened (by default).
Sure, I can enable it but it would be good to add to ENV vars
WT_HTTP_PORT
WT_HTTPS_PORT

Here is traceback

[NV_INIT] Sending setup wizard request to http://127.0.0.1:80/
[NV_INIT] Attempt 0 for http://127.0.0.1:80/
Traceback (most recent call last):
  File "/usr/lib/python3.11/urllib/request.py", line 1348, in do_open
    h.request(req.get_method(), req.selector, req.data, headers,
  File "/usr/lib/python3.11/http/client.py", line 1282, in request
    self._send_request(method, url, body, headers, encode_chunked)
  File "/usr/lib/python3.11/http/client.py", line 1328, in _send_request
    self.endheaders(body, encode_chunked=encode_chunked)
  File "/usr/lib/python3.11/http/client.py", line 1277, in endheaders
    self._send_output(message_body, encode_chunked=encode_chunked)
  File "/usr/lib/python3.11/http/client.py", line 1037, in _send_output
    self.send(msg)
  File "/usr/lib/python3.11/http/client.py", line 975, in send
    self.connect()
  File "/usr/lib/python3.11/http/client.py", line 941, in connect
    self.sock = self._create_connection(
                ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/socket.py", line 851, in create_connection
    raise exceptions[0]
  File "/usr/lib/python3.11/socket.py", line 836, in create_connection
    sock.connect(sa)
ConnectionRefusedError: [Errno 111] Connection refused

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/docker-entrypoint.py", line 583, in <module>
    main()
  File "/docker-entrypoint.py", line 568, in main
    setup_wizard()
  File "/docker-entrypoint.py", line 465, in setup_wizard
    retry_urlopen(
  File "/docker-entrypoint.py", line 199, in retry_urlopen
    resp = request.urlopen(url, data)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/urllib/request.py", line 216, in urlopen
    return opener.open(url, data, timeout)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/urllib/request.py", line 519, in open
    response = self._open(req, data)
               ^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/urllib/request.py", line 536, in _open
    result = self._call_chain(self.handle_open, protocol, protocol +
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/urllib/request.py", line 496, in _call_chain
    result = func(*args)
             ^^^^^^^^^^^
  File "/usr/lib/python3.11/urllib/request.py", line 1377, in http_open
    return self.do_open(http.client.HTTPConnection, req)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/urllib/request.py", line 1351, in do_open
    raise URLError(err)
urllib.error.URLError: <urlopen error [Errno 111] Connection refused>

[NathanVaughn]

Can you not map port 80 to something else? Example:

    ports:
      - 5000:80

Or are you using host networking?

[sharmay]

Can you not map port 80 to something else? Example:

    ports:
      - 5000:80

I have such mapping.

Error is thrown by NV_INIT

[NV_INIT] Sending setup wizard request to http://127.0.0.1:80/
[NV_INIT] Attempt 0 for http://127.0.0.1:80/
Traceback (most recent call last):
  File "/usr/lib/python3.11/urllib/request.py", line 1348, in do_open
    h.request(req.get_method(), req.selector, req.data, headers,
  File "/usr/lib/python3.11/http/client.py", line 1282, in request

Or are you using host networking?

podman network ls

NETWORK ID    NAME                     DRIVER
2f259bab93aa  podman                   bridge

[NathanVaughn]

Okay, so, I spent a bit of time on this. I think this may not be related to port 80, but rather a different problem. I was able to run a rootless container on my computer as-is with no issue, admittedly with Docker instead of Podman.

The error you're getting is related to how internally the container attempts to automate the webtrees setup wizard. It starts up Apache on port 80, sends a HTTP request, and then reconfigures Apache to however you selected. It's erroring on this request though. If port 80 was blocked, I would expect the Apache server to never start.

1. Can you try running the container without some of the inputs like WT_USER? This will force you to manually fill out out the setup wizard
2. Can you post the config/command you're using to launch the container?

[sharmay]

Thank you for your help.

Okay, so, I spent a bit of time on this. I think this may not be related to port 80, but rather a different problem. I was able to run a rootless container on my computer as-is with no issue, admittedly with Docker instead of Podman.

The error you're getting is related to how internally the container attempts to automate the webtrees setup wizard. It starts up Apache on port 80, sends a HTTP request, and then reconfigures Apache to however you selected. It's erroring on this request though. If port 80 was blocked, I would expect the Apache server to never start.

1. Can you try running the container without some of the inputs like WT_USER? This will force you to manually fill out out the setup wizard

I removed WT_ ENV vars and now getting groupadd errors

I tried using all combinations of UserNS and/or User+Group and/or PGUID+PUID

groupmod: Permission denied.
groupmod: cannot lock /etc/group; try again later.
 Traceback (most recent call last):
   File "/docker-entrypoint.py", line 583, in <module>
     main()
   File "/docker-entrypoint.py", line 564, in main
     perms()
   File "/docker-entrypoint.py", line 333, in perms
     subprocess.check_call(["groupmod", "-o", "-g", ENV.pgid, "www-data"])
   File "/usr/lib/python3.11/subprocess.py", line 413, in check_call
     raise CalledProcessError(retcode, cmd)
 subprocess.CalledProcessError: Command '['groupmod', '-o', '-g', '33', 'www-data']' returned non-zero exit status 10.

or

 groupmod: Permission denied.
 groupmod: cannot lock /etc/group; try again later.
 Traceback (most recent call last):
   File "/docker-entrypoint.py", line 583, in <module>
    main()
   File "/docker-entrypoint.py", line 564, in main
     perms()
   File "/docker-entrypoint.py", line 333, in perms
     subprocess.check_call(["groupmod", "-o", "-g", ENV.pgid, "www-data"])
   File "/usr/lib/python3.11/subprocess.py", line 413, in check_call
     raise CalledProcessError(retcode, cmd)
 subprocess.CalledProcessError: Command '['groupmod', '-o', '-g', '1001', 'www-data']' returned non-zero exit status 10.

2. Can you post the config/command you're using to launch the container?

I am using quadlets. Here is my ~/.config/containers/systemd/webtrees.container

[Unit]
Description=Family Tree

[Container]
AutoUpdate=registry
Label=WebTrees
ContainerName=webtrees
HostName=webtrees
Network=postgresql-17.network
Network=container-intra.network

Image=ghcr.io/nathanvaughn/webtrees:latest

UserNS=keep-id:uid=1001,gid=1001

# User=1001
# Group=1001
# Environment=PUID=1001
# Environment=PGID=1001

Environment=PRETTY_URLS="1"
Environment=HTTPS="0"
Environment=HTTPS_REDIRECT="0"
Environment=LANG="en-US"
Environment=BASE_URL="http://localhost"
Environment=DB_TYPE="pgsql"
Environment=DB_HOST="postgresql-17"
Environment=DB_PORT="5432"
Environment=DB_USER="webtrees"
Environment=DB_NAME="webtreesdb"
Environment=DB_PREFIX="wt_"

Volume=${HOME}/webtrees/data:/var/www/webtrees/data:z

[Install]
WantedBy=multi-user.target default.target

[NathanVaughn]

Thanks for the info, unfortunately I have not yet had time to work on this more.

[NathanVaughn]

I think supporting rootless containers is going to be a larger effort than an easy change. I'm adding this to my infinite backlog. Unfortunately no idea when I will get to it. I was trying to copy some of the Linuxserver images, but I'll need to do more research.