A while ago I stumbled upon podman, which touts itself as an alternative to
Docker. Not only does podman not use any big fat daemons™ but it makes it rather easy to run
containers in a user-namespace, i.e. with greatly restricted privileges on your system. The fun
thing is: you are still root within the container!
Sooner or later when setting up a server you’ll want to create some MySQL databses and users. If you’re not proficient in writing SQL queries or just wanted to use a nice GUI tool for the task, you’d need to connect remotely to your databse host. But of course you do not want to expose your MySQL port to the internet … Or suppose you want to debug some remote service, which is only accessible locally on the remote machine …
...Okay, so I set this thing up recently as my new landing page.
Using some scripts and templates from etherpad-lite, which I modified slightly, I now run this as a systemd service under a new user. (You can find the modified files at the end of this post.) However, somehow I can’t get ghost to listen properly on sockets yet.. or at least nginx gives me 502 errors when trying to connect .. I’ll resort to using localhost:port for now.