proxy icon indicating copy to clipboard operation
proxy copied to clipboard
verified publisher icon WhatsApp

Podman rootful in place of Docker

Open RainmakerRaw opened this issue 9 months ago • 2 comments

I have run a proxy on Alma Linux (EL9) for quite some time using Docker. Given Docker's overhead, I decided to switch to Podman. I use the latter in my homelab and it's much lighter on resources due to its integrated nature.

Creating the initial container (as root to avoid port binding issues):

sudo podman run -d --sysctl net.ipv4.ip_unprivileged_port_start=79 --name whatsapp_proxy -p 80:80 -p 443:443 -p 5222:5222 -p 8080:8080 -p 8443:8443 -p 8222:8222 -p 8199:8199 -p 587:587 -p 7777:7777 docker.io/facebook/whatsapp_proxy:latest

Then create a systemd service:

sudo podman generate systemd --new --files --name whatsapp_proxy
sudo mv container-whatsapp_proxy.service /etc/systemd/system
sudo restorecon -RFv /etc/systemd/system/
sudo systemctl enable --now container-whatsapp_proxy.service

The proxy comes up using the system's hostname (which is an appropriate fqdn in this case). All looks good, and sudo netstat -tunalp shows the listeners on 80, 443, 587, 8080 etc. However, and this is the head-scratcher, WhatsApp refuses to connect to the proxy by fqdn (it works fine under Docker, using any fqdn that points to the server IP). If I use the server's IP as the proxy address, WhatsApp will connect.

I can't for the life of me work out what's different between the two setups. HAProxy inside the container generates a self-signed cert for proxy.whatsapp.net in both instances, but only Podman doesn't allow WhatsApp to connect successfully using the fqdn.

Sometimes the WhatsApp proxy settings page flickers 'connected' for a second before going back to 'disconnected', but as soon as I either use the server IP or switch the server to the same setup under Docker, it connects flawlessly. Does anyone have any ideas please? It'd be nice to be able to switch over to Podman, but either way the technical challenge is enough in itself to be bothering me now!

RainmakerRaw avatar Mar 27 '25 19:03 RainmakerRaw

On further investigation, it seems the image run under Docker spawns listeners on 0.0.0.0 as well as ::, but under Podman only spawns 0.0.0.0. Removing AAAA records for the subdomain pointing to this server allows WhatsApp to connect to both Docker and Podman. I assume it's an IPv6 related issue (and Podman). I guess the proxy only supports IPv4, but at least I have it working now. I would still welcome any further insights.

RainmakerRaw avatar Mar 27 '25 20:03 RainmakerRaw

@RainmakerRaw

Right now the proxy only binds on ipv4: https://github.com/WhatsApp/proxy/blob/main/proxy/src/proxy_config.cfg#L60

You can change this to bind to ipv6, and then rebuild and run it.

peixian avatar Mar 29 '25 13:03 peixian