Properly resolve local registry IP when running remotely

Author: mbr

Cargo.lock

@@ -11,6 +11,7 @@ axum = { version = "0.7.1", features = [ "tracing" ] }
 base64 = "0.21.5"
 constant_time_eq = "0.3.0"
 futures = "0.3.29"
+gethostname = "0.4.3"
 hex = "0.4.3"
 itertools = "0.12.0"
 nom = "7.1.3"

Cargo.toml

@@ -1,5 +1,14 @@
 #!/bin/sh
 
+export REGISTRY_ADDR=127.0.0.1:3000
+
+if [ $PODMAN_IS_REMOTE == "true" ]; then
+  export REGISTRY_ADDR=$(dig +short $(hostname)):3000
+fi
+
+echo "registry: ${REGISTRY_ADDR}"
+
+podman login --tls-verify=false --username devuser --password devpw http://${REGISTRY_ADDR}
 podman pull crccheck/hello-world
-podman tag  crccheck/hello-world 127.0.0.1:3000/testing/hello:prod
-podman push --tls-verify=false 127.0.0.1:3000/testing/hello:prod
+podman tag crccheck/hello-world ${REGISTRY_ADDR}/testing/hello:prod
+podman push --tls-verify=false ${REGISTRY_ADDR}/testing/hello:prod

quick-test.sh

@@ -5,7 +5,10 @@ use constant_time_eq::constant_time_eq;
 use sec::Secret;
 use serde::Deserialize;
 
-use crate::registry::{AuthProvider, UnverifiedCredentials};
+use crate::{
+    podman_is_remote,
+    registry::{AuthProvider, UnverifiedCredentials},
+};
 
 #[derive(Debug, Default, Deserialize)]
 #[serde(deny_unknown_fields)]
@@ -150,5 +153,9 @@ impl Default for ReverseProxyConfig {
 }
 
 fn default_http_bind() -> SocketAddr {
-    ([127, 0, 0, 1], 3000).into()
+    if podman_is_remote() {
+        ([0, 0, 0, 0], 3000).into()
+    } else {
+        ([127, 0, 0, 1], 3000).into()
+    }
 }

src/config.rs

@@ -5,7 +5,7 @@ mod reverse_proxy;
 
 use std::{
     env, fs,
-    net::{Ipv4Addr, SocketAddr},
+    net::{IpAddr, Ipv4Addr, SocketAddr, ToSocketAddrs},
     path::Path,
     str::FromStr,
     sync::Arc,
@@ -14,6 +14,7 @@ use std::{
 use anyhow::Context;
 use axum::{async_trait, Router};
 use config::Config;
+use gethostname::gethostname;
 use podman::Podman;
 use registry::{
     storage::ImageLocation, ContainerRegistry, ManifestReference, Reference, RegistryHooks,
@@ -51,8 +52,7 @@ impl PodmanHook {
         local_addr: SocketAddr,
         registry_credentials: (String, Secret<String>),
     ) -> Self {
-        let is_remote = env::var("PODMAN_IS_REMOTE").unwrap_or_default() == "true";
-        let podman = Podman::new(podman_path, is_remote);
+        let podman = Podman::new(podman_path, podman_is_remote());
         Self {
             podman,
             reverse_proxy,
@@ -88,6 +88,10 @@ impl PodmanHook {
     }
 }
 
+pub(crate) fn podman_is_remote() -> bool {
+    env::var("PODMAN_IS_REMOTE").unwrap_or_default() == "true"
+}
+
 #[derive(Debug, Deserialize)]
 #[serde(rename_all = "PascalCase")]
 #[allow(dead_code)]
@@ -255,7 +259,25 @@ async fn main() -> anyhow::Result<()> {
 
     debug!(?cfg, "loaded configuration");
 
-    let local_addr = SocketAddr::from(([127, 0, 0, 1], cfg.reverse_proxy.http_bind.port()));
+    let local_ip: IpAddr = if podman_is_remote() {
+        info!("podman is remote, trying to guess IP address");
+        let local_hostname = gethostname();
+        let dummy_addr = (
+            local_hostname
+                .to_str()
+                .ok_or_else(|| anyhow::anyhow!("local hostname is not valid UTF8"))?,
+            12345,
+        )
+            .to_socket_addrs()
+            .ok()
+            .and_then(|addrs| addrs.into_iter().next())
+            .ok_or_else(|| anyhow::anyhow!("failed to resolve local hostname"))?;
+        dummy_addr.ip()
+    } else {
+        [127, 0, 0, 1].into()
+    };
+
+    let local_addr = SocketAddr::from((local_ip, cfg.reverse_proxy.http_bind.port()));
     info!(%local_addr, "guessing local registry address");
 
     let reverse_proxy = ReverseProxy::new();