You technically can bind ports <1024 to unprivileged containers. echo 'net.ipv4.ip_unprivileged_port_start=0' | sudo tee /etc/sysctl.d/50-unprivileged-ports.conf; sudo sysctl --system. Though this will allow any user to bind ports below 1024, so it’s not very clean.

Another workaround is to redirect port 80 to 8080 (or other) through iptables and have your proxy listen on this port. sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080. Same thing for 443.

As far as I know granting the CAP_NET_BIND_SERVICE capability to /usr/bin/podman does not work.

Also podman-compose implementation is still incomplete, and I prefer using systemd units to start and manage containers. Check man podman-generate-systemd

You shouldn’t need root to bind to privileged ports. I use k8s but I assume you can set sys capabilities for containers in a similar way I do for pods.

For what it’s worth, I just wrote up a compose.yaml file as I’d write it for Docker Compose and it just worked. See the bottom of my comment on this GitHub issue for an example. I think the team’s intention is for it to transparently support whatever you’d write for a standard Compose file but of course we don’t have things like the brand new Docker watch. They do point to the Compose spec in the Podman Compose README. Bind mounts are good enough for me, thus far.