docker
docker-socket-proxy
Our great sponsors
docker | docker-socket-proxy | |
---|---|---|
263 | 23 | |
5,557 | 1,160 | |
2.5% | 6.3% | |
8.5 | 5.3 | |
4 days ago | 9 days ago | |
Shell | Python | |
GNU Affero General Public License v3.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
docker
-
NextCloud Docker
Am I better off using this container: https://hub.docker.com/_/nextcloud/
-
Issues with urandom + Docker due to DSM kernel
It looks like I'm not the only person who has faced this. apache-based images require buster, for instance, and some docker images that rely on Ruby face issues too (for example, I decided to try setting up Postal but it looks like it's facing the same issues).
- Run docker inside docker for Nextcloud AiO?
-
My first mini-lab
Nextcloud is free and open source. The easiest way to install it is via docker containers. nextcloud docker
-
Smbclient auto-install on docker
The correct way to do it is to build your own docker container with the command to install the smbclient installed. You can find example docker files here: https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles/smb
-
Should I migrate back from Nextcloud to ownCloud?
Have you considered Docker? There is an official NextCloud image https://hub.docker.com/_/nextcloud
-
Memories for Nextcloud v5: Admin panel and server-side photo editing
I just use this Dockerfile and something like this docker-compose file. The result is super-flexible (not everyone needs this though).
-
Need advice about running a photo server for family
Some of the extensions have dependencies not included in base image. They keep the base image clean to keep it small. See some of their official examples. https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles/full. I’m using their official image as the base image and adding dependencies. I based mine off of https://github.com/andrey18106/mediadc-docker-example, but use Nextcloud 25 as the latest version (25 is latest stable with most plugins up to it) as well as dependency additions for recognize and facial recognition extensions not available in base.
-
New Nextcloud user - modifying Homedrive Nextcloud Docker operation
However, you should probably take a look at the official nextcloud all-in-one docker setup. Otherwise, the official nextcloud docker image comes preinstalled and provides lots of customization options via environment variables (like NEXTCLOUD_DATA_DIR).
docker-socket-proxy
-
Security for your Homeserver
I just found this the other day. You might be interested I haven't done myself yet https://github.com/Tecnativa/docker-socket-proxy
-
Gitea 1.19.0 released - now with support for Actions
I think you could provide access to the socket using a "docker-socket-proxy" container. It allows other containers to access the docker socket, you can even control which actions are allowed and which are not. You can use a bridge network for the communication to the socket-proxy container, so the socket-proxy container does not need to map/expose any ports. In the other container you need to set the "DOCKER_HOST" env variable accordingly, e.g. "DOCKER_HOST=tcp://mydockersockerproxycontainer:2375". https://github.com/Tecnativa/docker-socket-proxy
-
Is there any docker dashboard that auto detect the services ?
May be not necessarily: https://github.com/Tecnativa/docker-socket-proxy
-
Basic Traefik configuration tutorial
version: "3.7" services: traefik: image: traefik:v2.6 command: # Entrypoints configuration - --entrypoints.web.address=:80 # Docker provider configuration - --providers.docker=true # Makes sure that services have to explicitly direct Traefik to expose them - --providers.docker.exposedbydefault=false # Use the secure docker socket proxy - --providers.docker.endpoint=tcp://socket_proxy:2375 # Default docker network to use for connections to all containers - --providers.docker.network=traefik_public # Logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO. - --log.level=info ports: - 80:80 networks: - traefik_public - socket_proxy restart: unless-stopped depends_on: - socket_proxy # https://github.com/traefik/whoami whoami: image: traefik/whoami:v1.7.1 labels: # Explicitly instruct Traefik to expose this service - traefik.enable=true # Router configuration ## Listen to the `web` entrypoint - traefik.http.routers.whoami_route.entrypoints=web ## Rule based on the Host of the request - traefik.http.routers.whoami_route.rule=Host(`whoami.karvounis.tutorial`) - traefik.http.routers.whoami_route.service=whoami_service # Service configuration ## 80 is the port that the whoami container is listening to - traefik.http.services.whoami_service.loadbalancer.server.port=80 networks: - traefik_public # https://github.com/Tecnativa/docker-socket-proxy # Security-enhanced proxy for the Docker Socket socket_proxy: image: tecnativa/docker-socket-proxy:latest restart: unless-stopped environment: NETWORKS: 1 SERVICES: 1 CONTAINERS: 1 TASKS: 1 volumes: - /var/run/docker.sock:/var/run/docker.sock:ro networks: - socket_proxy networks: traefik_public: external: true socket_proxy: external: true
-
Traefik Docker Protector
tecnativa's docker-socket-proxy does roughly the same thing but can be used for any container that requires access to the Docker socket.
- How to properly secure the server?
-
Monitoring app releases and updates..
Have you checked-out any socket proxies? Instead of exposing the socket though a volume, it’s done through the local docker network through the proxy container. This allows you to enable/disable access to the socket API using environmental variables. This is the image I’m using: https://github.com/Tecnativa/docker-socket-proxy
-
Worry for Synology?
Docker’s root privileges are only a problem if you grant your container unrestricted access to the docker socket /var/run/docker.sock. For containers that need it, there are strategies to limit access only to the APIs that the container actually needs by using the docker-socket-proxy.
- How to begin with Docker if I want the best security for my websites?
-
This is why I don't blindly suggest people to selfhost their Bitwarden account. Unless: 1. You are experienced and know what you are doing 2. You have time to setup and maintain it 3. You have your own trusted people to maintain it
I wish more people understood this. You may be interested in https://github.com/Tecnativa/docker-socket-proxy.
What are some alternatives?
all-in-one - 📦 The official Nextcloud installation method. Provides easy deployment and maintenance with most features included in this one Nextcloud instance.
nextcloud-snap - ☁️📦 Nextcloud packaged as a snap [Moved to: https://github.com/nextcloud-snap/nextcloud-snap]
NextCloudPi - 📦 Build code for NextcloudPi: Raspberry Pi, Odroid, Rock64, Docker, curl installer...
watchtower - A process for automating Docker container base image updates.
wireguard-ui - Wireguard web interface
Diun - Receive notifications when an image is updated on a Docker registry
Invidious - Invidious is an alternative front-end to YouTube
Navidrome Music Server - 🎧☁️ Modern Music Server and Streamer compatible with Subsonic/Airsonic
Nextcloud - ☁️ Nextcloud server, a safe home for all your data
acme.sh - A pure Unix shell script implementing ACME client protocol
Nginx Proxy Manager - Docker container for managing Nginx proxy hosts with a simple, powerful interface
PhotoPrism - AI-Powered Photos App for the Decentralized Web 🌈💎✨