docker-socket-proxy VS shepherd

Compare docker-socket-proxy vs shepherd and see what are their differences.

docker-socket-proxy

Proxy over your Docker socket to restrict which requests it accepts (by Tecnativa)

shepherd

Docker swarm service for automatically updating your services whenever their image is refreshed (by containrrr)
Our great sponsors
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
  • SaaSHub - Software Alternatives and Reviews
docker-socket-proxy shepherd
23 6
1,160 447
6.3% 3.6%
5.3 6.7
8 days ago 4 months ago
Python Shell
Apache License 2.0 MIT License
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

docker-socket-proxy

Posts with mentions or reviews of docker-socket-proxy. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-05-05.
  • Security for your Homeserver
    4 projects | /r/selfhosted | 5 May 2023
    I just found this the other day. You might be interested I haven't done myself yet https://github.com/Tecnativa/docker-socket-proxy
  • Gitea 1.19.0 released - now with support for Actions
    2 projects | /r/selfhosted | 20 Mar 2023
    I think you could provide access to the socket using a "docker-socket-proxy" container. It allows other containers to access the docker socket, you can even control which actions are allowed and which are not. You can use a bridge network for the communication to the socket-proxy container, so the socket-proxy container does not need to map/expose any ports. In the other container you need to set the "DOCKER_HOST" env variable accordingly, e.g. "DOCKER_HOST=tcp://mydockersockerproxycontainer:2375". https://github.com/Tecnativa/docker-socket-proxy
  • Is there any docker dashboard that auto detect the services ?
    5 projects | /r/selfhosted | 8 Sep 2022
    May be not necessarily: https://github.com/Tecnativa/docker-socket-proxy
  • Basic Traefik configuration tutorial
    4 projects | dev.to | 12 Feb 2022
    version: "3.7" services: traefik: image: traefik:v2.6 command: # Entrypoints configuration - --entrypoints.web.address=:80 # Docker provider configuration - --providers.docker=true # Makes sure that services have to explicitly direct Traefik to expose them - --providers.docker.exposedbydefault=false # Use the secure docker socket proxy - --providers.docker.endpoint=tcp://socket_proxy:2375 # Default docker network to use for connections to all containers - --providers.docker.network=traefik_public # Logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO. - --log.level=info ports: - 80:80 networks: - traefik_public - socket_proxy restart: unless-stopped depends_on: - socket_proxy # https://github.com/traefik/whoami whoami: image: traefik/whoami:v1.7.1 labels: # Explicitly instruct Traefik to expose this service - traefik.enable=true # Router configuration ## Listen to the `web` entrypoint - traefik.http.routers.whoami_route.entrypoints=web ## Rule based on the Host of the request - traefik.http.routers.whoami_route.rule=Host(`whoami.karvounis.tutorial`) - traefik.http.routers.whoami_route.service=whoami_service # Service configuration ## 80 is the port that the whoami container is listening to - traefik.http.services.whoami_service.loadbalancer.server.port=80 networks: - traefik_public # https://github.com/Tecnativa/docker-socket-proxy # Security-enhanced proxy for the Docker Socket socket_proxy: image: tecnativa/docker-socket-proxy:latest restart: unless-stopped environment: NETWORKS: 1 SERVICES: 1 CONTAINERS: 1 TASKS: 1 volumes: - /var/run/docker.sock:/var/run/docker.sock:ro networks: - socket_proxy networks: traefik_public: external: true socket_proxy: external: true
  • Traefik Docker Protector
    2 projects | /r/docker | 20 Jan 2022
    tecnativa's docker-socket-proxy does roughly the same thing but can be used for any container that requires access to the Docker socket.
  • How to properly secure the server?
    5 projects | /r/selfhosted | 16 Nov 2021
  • Monitoring app releases and updates..
    3 projects | /r/selfhosted | 20 Oct 2021
    Have you checked-out any socket proxies? Instead of exposing the socket though a volume, it’s done through the local docker network through the proxy container. This allows you to enable/disable access to the socket API using environmental variables. This is the image I’m using: https://github.com/Tecnativa/docker-socket-proxy
  • Worry for Synology?
    2 projects | /r/synology | 5 Jul 2021
    Docker’s root privileges are only a problem if you grant your container unrestricted access to the docker socket /var/run/docker.sock. For containers that need it, there are strategies to limit access only to the APIs that the container actually needs by using the docker-socket-proxy.
  • How to begin with Docker if I want the best security for my websites?
    3 projects | /r/docker | 16 May 2021
  • This is why I don't blindly suggest people to selfhost their Bitwarden account. Unless: 1. You are experienced and know what you are doing 2. You have time to setup and maintain it 3. You have your own trusted people to maintain it
    2 projects | /r/Bitwarden | 15 May 2021
    I wish more people understood this. You may be interested in https://github.com/Tecnativa/docker-socket-proxy.

shepherd

Posts with mentions or reviews of shepherd. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-04-20.

What are some alternatives?

When comparing docker-socket-proxy and shepherd you can also consider the following projects:

watchtower - A process for automating Docker container base image updates.

wireguard-ui - Wireguard web interface

Diun - Receive notifications when an image is updated on a Docker registry

cadvisor - Analyzes resource usage and performance characteristics of running containers.

docker - ⛴ Docker image of Nextcloud

flap

docker-socket-protector - Protected the Docker Daemon from forbidden requests

How-To-Secure-A-Linux-Server - An evolving how-to guide for securing a Linux server.

CheatSheetSeries - The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

distroless - 🥑 Language focused docker images, minus the operating system.