docker-socket-proxy
Netmaker
Our great sponsors
docker-socket-proxy | Netmaker | |
---|---|---|
23 | 165 | |
1,200 | 8,952 | |
6.8% | 2.0% | |
5.3 | 9.6 | |
11 days ago | about 21 hours ago | |
Python | Go | |
Apache License 2.0 | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
docker-socket-proxy
-
Security for your Homeserver
I just found this the other day. You might be interested I haven't done myself yet https://github.com/Tecnativa/docker-socket-proxy
-
Gitea 1.19.0 released - now with support for Actions
I think you could provide access to the socket using a "docker-socket-proxy" container. It allows other containers to access the docker socket, you can even control which actions are allowed and which are not. You can use a bridge network for the communication to the socket-proxy container, so the socket-proxy container does not need to map/expose any ports. In the other container you need to set the "DOCKER_HOST" env variable accordingly, e.g. "DOCKER_HOST=tcp://mydockersockerproxycontainer:2375". https://github.com/Tecnativa/docker-socket-proxy
-
Unraid Remotely Access Docker Daemon
I use the container docker socket proxy
- Why does next cloud docker installation require access to /var/run/docker.sock (albeit read-only)? Is there a way to circumvent that?
-
Docker socket security
There are Docker socket proxys (like docker-socket-proxy 😉) that are made exactly for this. You can pass only read access to the socket and even restrict what resources can be read.
-
VM with multiple staging hosts GitLab CI?
So far I have Traefik set up and tested (along with some security lockdowns https://github.com/Tecnativa/docker-socket-proxy). This is working well: I can manually create containers, get a cert, dynamic hostnames, etc.
-
Is there any docker dashboard that auto detect the services ?
May be not necessarily: https://github.com/Tecnativa/docker-socket-proxy
-
[How-to] Securing access to your `docker.sock` file.
Many of you might already be familiar with Tecnativa's docker-socket-proxy which says:
-
Basic Traefik configuration tutorial
version: "3.7" services: traefik: image: traefik:v2.6 command: # Entrypoints configuration - --entrypoints.web.address=:80 # Docker provider configuration - --providers.docker=true # Makes sure that services have to explicitly direct Traefik to expose them - --providers.docker.exposedbydefault=false # Use the secure docker socket proxy - --providers.docker.endpoint=tcp://socket_proxy:2375 # Default docker network to use for connections to all containers - --providers.docker.network=traefik_public # Logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO. - --log.level=info ports: - 80:80 networks: - traefik_public - socket_proxy restart: unless-stopped depends_on: - socket_proxy # https://github.com/traefik/whoami whoami: image: traefik/whoami:v1.7.1 labels: # Explicitly instruct Traefik to expose this service - traefik.enable=true # Router configuration ## Listen to the `web` entrypoint - traefik.http.routers.whoami_route.entrypoints=web ## Rule based on the Host of the request - traefik.http.routers.whoami_route.rule=Host(`whoami.karvounis.tutorial`) - traefik.http.routers.whoami_route.service=whoami_service # Service configuration ## 80 is the port that the whoami container is listening to - traefik.http.services.whoami_service.loadbalancer.server.port=80 networks: - traefik_public # https://github.com/Tecnativa/docker-socket-proxy # Security-enhanced proxy for the Docker Socket socket_proxy: image: tecnativa/docker-socket-proxy:latest restart: unless-stopped environment: NETWORKS: 1 SERVICES: 1 CONTAINERS: 1 TASKS: 1 volumes: - /var/run/docker.sock:/var/run/docker.sock:ro networks: - socket_proxy networks: traefik_public: external: true socket_proxy: external: true
- docker-socket-proxy - Proxy over your Docker socket to restrict which requests it accepts
Netmaker
- Netmaker: An open source WireGuard VPN
-
Connecting several hundreds IoT (raspberry pi's) devices with a VPN
My plan is to set up an EC2 instance and host a VPN, considering options like Netmaker, OpenVPN, or Tailscale. The goal is to connect these devices to the VPN, enabling SSH access from any connected node. This method seems cost-effective(Considering I want to use 100s of devices and potentially 1000s) and straightforward, requiring a simple setup with a sudo apt command on the Raspberry Pi.
-
Remote access to a NAS from another location?
I'm wondering if there are any alternative approaches to achieve this. Is something like Netmaker or Tailscale feasible enough? If you have any suggestions, I'd greatly appreciate it.
-
Would we still create Nebula today?
https://github.com/gravitl/netmaker
Honorable mention:
SuperHighway84 - more of a Usenet-inspired darknet, but I love the concept + the author's personal website:
https://github.com/mrusme/superhighway84
- Show HN: Netmaker – Netmaker Goes Open Source
-
Netmaker Transitions to Open source: Embracing the Apache-2.0 License
Exciting news to share! Netmaker has officially embraced open source. This momentous decision was unveiled at the Open Source Summit in Europe when the pull request successfully merged, transitioning their server from the SSPL to the widely recognized Apache License 2.0.
-
SD-WAN and SASE Solutions
While we've encountered some challenges and worked with vendors like Cisco to find solutions, I'm curious about recommendations for SD-WAN providers that are well-suited for SASE users. This includes not only Zscaler but also other options like Netmaker, Palo Alto, Cloudflare, Cisco, and Forcepoint.
-
Only allowing my home network to access all my EC2 Instances?
Now, my main question is how I can link my DDNS host endpoint with my EC2 instances, allowing only my home network to access them. I've come across a variety of suggestions, such as Netmaker, OpenVPN, Tailscale etc. but I'm curious to hear your opinions on these solutions.
-
CLAs create different issues than making (small) open source contributions
HN is somehow always timely. Currently, these folks expect me to sign a CLA for a one-byte change to their README: https://github.com/gravitl/netmaker/pull/2516
- NetMaker: Connect Everything with a WireGuard VPN
What are some alternatives?
watchtower - A process for automating Docker container base image updates.
tailscale - The easiest, most secure way to use WireGuard and 2FA.
wireguard-ui - Wireguard web interface
headscale - An open source, self-hosted implementation of the Tailscale control server
Diun - Receive notifications when an image is updated on a Docker registry
netbird - Connect your devices into a single secure private WireGuard®-based mesh network with SSO/MFA and simple access controls.
cadvisor - Analyzes resource usage and performance characteristics of running containers.
firezone - Open-source VPN server and egress firewall for Linux built on WireGuard. Firezone is easy to set up (all dependencies are bundled thanks to Chef Omnibus), secure, performant, and self hostable.
flap
Nebula - A scalable overlay networking tool with a focus on performance, simplicity and security
docker - â›´ Docker image of Nextcloud
ZeroTier - A Smart Ethernet Switch for Earth