docker-socket-proxy
Proxy over your Docker socket to restrict which requests it accepts (by Tecnativa)
docs
Documentation for Docker Official Images in docker-library (by docker-library)
Our great sponsors
docker-socket-proxy | docs | |
---|---|---|
23 | 12 | |
1,200 | 4,945 | |
6.8% | 1.1% | |
5.3 | 9.8 | |
11 days ago | 5 days ago | |
Python | Shell | |
Apache License 2.0 | MIT License |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
docker-socket-proxy
Posts with mentions or reviews of docker-socket-proxy.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-05-05.
-
Security for your Homeserver
I just found this the other day. You might be interested I haven't done myself yet https://github.com/Tecnativa/docker-socket-proxy
-
Gitea 1.19.0 released - now with support for Actions
I think you could provide access to the socket using a "docker-socket-proxy" container. It allows other containers to access the docker socket, you can even control which actions are allowed and which are not. You can use a bridge network for the communication to the socket-proxy container, so the socket-proxy container does not need to map/expose any ports. In the other container you need to set the "DOCKER_HOST" env variable accordingly, e.g. "DOCKER_HOST=tcp://mydockersockerproxycontainer:2375". https://github.com/Tecnativa/docker-socket-proxy
-
Unraid Remotely Access Docker Daemon
I use the container docker socket proxy
- Why does next cloud docker installation require access to /var/run/docker.sock (albeit read-only)? Is there a way to circumvent that?
-
Docker socket security
There are Docker socket proxys (like docker-socket-proxy 😉) that are made exactly for this. You can pass only read access to the socket and even restrict what resources can be read.
-
VM with multiple staging hosts GitLab CI?
So far I have Traefik set up and tested (along with some security lockdowns https://github.com/Tecnativa/docker-socket-proxy). This is working well: I can manually create containers, get a cert, dynamic hostnames, etc.
-
Is there any docker dashboard that auto detect the services ?
May be not necessarily: https://github.com/Tecnativa/docker-socket-proxy
-
[How-to] Securing access to your `docker.sock` file.
Many of you might already be familiar with Tecnativa's docker-socket-proxy which says:
-
Basic Traefik configuration tutorial
version: "3.7" services: traefik: image: traefik:v2.6 command: # Entrypoints configuration - --entrypoints.web.address=:80 # Docker provider configuration - --providers.docker=true # Makes sure that services have to explicitly direct Traefik to expose them - --providers.docker.exposedbydefault=false # Use the secure docker socket proxy - --providers.docker.endpoint=tcp://socket_proxy:2375 # Default docker network to use for connections to all containers - --providers.docker.network=traefik_public # Logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO. - --log.level=info ports: - 80:80 networks: - traefik_public - socket_proxy restart: unless-stopped depends_on: - socket_proxy # https://github.com/traefik/whoami whoami: image: traefik/whoami:v1.7.1 labels: # Explicitly instruct Traefik to expose this service - traefik.enable=true # Router configuration ## Listen to the `web` entrypoint - traefik.http.routers.whoami_route.entrypoints=web ## Rule based on the Host of the request - traefik.http.routers.whoami_route.rule=Host(`whoami.karvounis.tutorial`) - traefik.http.routers.whoami_route.service=whoami_service # Service configuration ## 80 is the port that the whoami container is listening to - traefik.http.services.whoami_service.loadbalancer.server.port=80 networks: - traefik_public # https://github.com/Tecnativa/docker-socket-proxy # Security-enhanced proxy for the Docker Socket socket_proxy: image: tecnativa/docker-socket-proxy:latest restart: unless-stopped environment: NETWORKS: 1 SERVICES: 1 CONTAINERS: 1 TASKS: 1 volumes: - /var/run/docker.sock:/var/run/docker.sock:ro networks: - socket_proxy networks: traefik_public: external: true socket_proxy: external: true
- docker-socket-proxy - Proxy over your Docker socket to restrict which requests it accepts
docs
Posts with mentions or reviews of docs.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-10-08.
- The Tailscale Universal Docker Mod
-
Modern Perl Catalyst: Docker Setup
I will recommend you review the documentation for the official Postgresql docker images which you can read here.
- Changing parameter during container "boot"
-
Using PostgreSQL Official Docker image on Windows 10 and Ubuntu 22.10 kinetic.
This is the full documentation for these images. Please note, this page has links to Docker official documents on volumes, etc., which are necessary to run images such as this.
-
Dockerizing a Node.js / Express app from the very first [Part 2]
We've just followed the official documentation to add a PostgreSQL database server. This will act as an application container, as our app will soon be depended on it. And in order to make sure that the database container is always started whenever we start our application container, we've added a new depends_on key to the app service and let it know which other service(s) it, well, depends on. This will make sure that the database server is up and running before the app. You may also have noticed that we've mounted volume to our database server's datapath a bit differently. This is known as "named volume". We'll discuss it a bit more in another part, it's not relevant to what we're learning here.
-
Best way to sync and share files between machines
Nextcloud isn't hard to setup, follow the official doc https://github.com/docker-library/docs/blob/master/nextcloud/README.md
-
Nextcloud setup
Looking at the setup for this (link here: https://github.com/docker-library/docs/blob/master/nextcloud/README.md), I am starting to understand a lot of the recent posts that we've seen & how much of a mess it still is :(
-
How to begin with Docker if I want the best security for my websites?
Coming back to nextcloud, the official readme of the nextcloud image has a few notes on how to set up both nextcloud versions.
-
How to hide authorisation credentials in nginx.conf?
Use the native command envstubst to replace the Auth Tokens in your Config File before starting NGINX. Example: https://github.com/docker-library/docs/tree/master/nginx#using-environment-variables-in-nginx-configuration-new-in-119
-
Stuck with docker-compose, Nextcloud and Nginx
It's not clear why you want to split the web server (nginx) and the app (nextcloud). However, if you do have a good reason, you're in luck, they have a compose file that does just that: https://github.com/docker-library/docs/blob/master/nextcloud/README.md#base-version---fpm (version 2, but it'll work)
What are some alternatives?
When comparing docker-socket-proxy and docs you can also consider the following projects:
watchtower - A process for automating Docker container base image updates.
docker - â›´ Docker image of Nextcloud
wireguard-ui - Wireguard web interface
sqitch - Sensible database change management
Diun - Receive notifications when an image is updated on a Docker registry
ContactsDemo - Example Catalyst Application
cadvisor - Analyzes resource usage and performance characteristics of running containers.
maildev - :mailbox: SMTP Server + Web Interface for viewing and testing emails during development.
flap
tinybastion - wireguard bastion with OIDC auth
offlineimap - Read/sync your IMAP mailboxes (python2) [LEGACY: move to offlineimap3]