docker-socket-proxy
docker
Our great sponsors
docker-socket-proxy | docker | |
---|---|---|
23 | 263 | |
1,192 | 5,609 | |
6.2% | 2.4% | |
5.3 | 8.5 | |
14 days ago | 15 days ago | |
Python | Shell | |
Apache License 2.0 | GNU Affero General Public License v3.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
docker-socket-proxy
-
Security for your Homeserver
I just found this the other day. You might be interested I haven't done myself yet https://github.com/Tecnativa/docker-socket-proxy
-
Gitea 1.19.0 released - now with support for Actions
I think you could provide access to the socket using a "docker-socket-proxy" container. It allows other containers to access the docker socket, you can even control which actions are allowed and which are not. You can use a bridge network for the communication to the socket-proxy container, so the socket-proxy container does not need to map/expose any ports. In the other container you need to set the "DOCKER_HOST" env variable accordingly, e.g. "DOCKER_HOST=tcp://mydockersockerproxycontainer:2375". https://github.com/Tecnativa/docker-socket-proxy
-
Unraid Remotely Access Docker Daemon
I use the container docker socket proxy
- Why does next cloud docker installation require access to /var/run/docker.sock (albeit read-only)? Is there a way to circumvent that?
-
Docker socket security
There are Docker socket proxys (like docker-socket-proxy ๐) that are made exactly for this. You can pass only read access to the socket and even restrict what resources can be read.
-
VM with multiple staging hosts GitLab CI?
So far I have Traefik set up and tested (along with some security lockdowns https://github.com/Tecnativa/docker-socket-proxy). This is working well: I can manually create containers, get a cert, dynamic hostnames, etc.
-
Is there any docker dashboard that auto detect the services ?
May be not necessarily: https://github.com/Tecnativa/docker-socket-proxy
-
[How-to] Securing access to your `docker.sock` file.
Many of you might already be familiar with Tecnativa's docker-socket-proxy which says:
-
Basic Traefik configuration tutorial
version: "3.7" services: traefik: image: traefik:v2.6 command: # Entrypoints configuration - --entrypoints.web.address=:80 # Docker provider configuration - --providers.docker=true # Makes sure that services have to explicitly direct Traefik to expose them - --providers.docker.exposedbydefault=false # Use the secure docker socket proxy - --providers.docker.endpoint=tcp://socket_proxy:2375 # Default docker network to use for connections to all containers - --providers.docker.network=traefik_public # Logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO. - --log.level=info ports: - 80:80 networks: - traefik_public - socket_proxy restart: unless-stopped depends_on: - socket_proxy # https://github.com/traefik/whoami whoami: image: traefik/whoami:v1.7.1 labels: # Explicitly instruct Traefik to expose this service - traefik.enable=true # Router configuration ## Listen to the `web` entrypoint - traefik.http.routers.whoami_route.entrypoints=web ## Rule based on the Host of the request - traefik.http.routers.whoami_route.rule=Host(`whoami.karvounis.tutorial`) - traefik.http.routers.whoami_route.service=whoami_service # Service configuration ## 80 is the port that the whoami container is listening to - traefik.http.services.whoami_service.loadbalancer.server.port=80 networks: - traefik_public # https://github.com/Tecnativa/docker-socket-proxy # Security-enhanced proxy for the Docker Socket socket_proxy: image: tecnativa/docker-socket-proxy:latest restart: unless-stopped environment: NETWORKS: 1 SERVICES: 1 CONTAINERS: 1 TASKS: 1 volumes: - /var/run/docker.sock:/var/run/docker.sock:ro networks: - socket_proxy networks: traefik_public: external: true socket_proxy: external: true
- docker-socket-proxy - Proxy over your Docker socket to restrict which requests it accepts
docker
- Has Anyone Created A Working Docker Container?
-
NextCloud Docker
Am I better off using this container: https://hub.docker.com/_/nextcloud/
-
Issues with urandom + Docker due to DSM kernel
It looks like I'm not the only person who has faced this. apache-based images require buster, for instance, and some docker images that rely on Ruby face issues too (for example, I decided to try setting up Postal but it looks like it's facing the same issues).
-
Complete noob, hit a wall trying to get nextcloud working
If you look at the info on https://hub.docker.com/_/nextcloud, you'll see that you aught to be specifying at least one volume, so that you have the data you want to not disappear on restart, and can access config files.
-
Still issues with max file upload size after following instructions
Yes, and this is what L passed through as the env variables in the docker compose file, as the docs state: https://hub.docker.com/_/nextcloud
-
Memories no preview or thumbnails
You can't map binaries from host to container like this. What you need is a custom Dockerfile that installs ffmpeg. https://github.com/nextcloud/docker/blob/master/.examples/dockerfiles/full/fpm/Dockerfile
-
VPS + CF Tunnel + docker
A good example to start with is at https://github.com/nextcloud/docker/tree/master/.examples/docker-compose/insecure/postgres/apache
- Docker Compose for NextCloudPi?
- Run docker inside docker for Nextcloud AiO?
-
My first mini-lab
Nextcloud is free and open source. The easiest way to install it is via docker containers. nextcloud docker
What are some alternatives?
watchtower - A process for automating Docker container base image updates.
all-in-one - ๐ฆ The official Nextcloud installation method. Provides easy deployment and maintenance with most features included in this one Nextcloud instance.
wireguard-ui - Wireguard web interface
nextcloud-snap - โ๏ธ๐ฆ Nextcloud packaged as a snap [Moved to: https://github.com/nextcloud-snap/nextcloud-snap]
Diun - Receive notifications when an image is updated on a Docker registry
NextCloudPi - ๐ฆ Build code for NextcloudPi: Raspberry Pi, Odroid, Rock64, Docker, curl installer...
cadvisor - Analyzes resource usage and performance characteristics of running containers.
Invidious - Invidious is an alternative front-end to YouTube
flap
Navidrome Music Server - ๐งโ๏ธ Modern Music Server and Streamer compatible with Subsonic/Airsonic
docker-socket-protector - Protected the Docker Daemon from forbidden requests
Nextcloud - โ๏ธ Nextcloud server, a safe home for all your data