r-selfhosted-security VS docker-socket-proxy

Compare r-selfhosted-security vs docker-socket-proxy and see what are their differences.

r-selfhosted-security

Started from the beginners security guide on r/selfhosted - this repo aims to be a collection of guides (by justSem)
Suggest topics
Source Code
Suggest alternative
Edit details

docker-socket-proxy

Proxy over your Docker socket to restrict which requests it accepts (by Tecnativa)
Docker HacktoberFest
Source Code
Suggest alternative
Edit details
InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured
r-selfhosted-security docker-socket-proxy
5 23
211 1,211
- 3.7%
1.8 4.9
about 2 years ago 18 days ago
Python
Creative Commons Attribution Share Alike 4.0 Apache License 2.0
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

r-selfhosted-security

Posts with mentions or reviews of r-selfhosted-security. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-01-04.

docker-socket-proxy

Posts with mentions or reviews of docker-socket-proxy. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-05-05.
  • Security for your Homeserver
    4 projects | /r/selfhosted | 5 May 2023
    I just found this the other day. You might be interested I haven't done myself yet https://github.com/Tecnativa/docker-socket-proxy
  • Gitea 1.19.0 released - now with support for Actions
    2 projects | /r/selfhosted | 20 Mar 2023
    I think you could provide access to the socket using a "docker-socket-proxy" container. It allows other containers to access the docker socket, you can even control which actions are allowed and which are not. You can use a bridge network for the communication to the socket-proxy container, so the socket-proxy container does not need to map/expose any ports. In the other container you need to set the "DOCKER_HOST" env variable accordingly, e.g. "DOCKER_HOST=tcp://mydockersockerproxycontainer:2375". https://github.com/Tecnativa/docker-socket-proxy
  • Unraid Remotely Access Docker Daemon
    1 project | /r/unRAID | 15 Feb 2023
    I use the container docker socket proxy
  • Why does next cloud docker installation require access to /var/run/docker.sock (albeit read-only)? Is there a way to circumvent that?
    1 project | /r/selfhosted | 15 Jan 2023
  • Docker socket security
    1 project | /r/docker | 10 Jan 2023
    There are Docker socket proxys (like docker-socket-proxy 😉) that are made exactly for this. You can pass only read access to the socket and even restrict what resources can be read.
  • VM with multiple staging hosts GitLab CI?
    1 project | /r/gitlab | 6 Dec 2022
    So far I have Traefik set up and tested (along with some security lockdowns https://github.com/Tecnativa/docker-socket-proxy). This is working well: I can manually create containers, get a cert, dynamic hostnames, etc.
  • Is there any docker dashboard that auto detect the services ?
    5 projects | /r/selfhosted | 8 Sep 2022
    May be not necessarily: https://github.com/Tecnativa/docker-socket-proxy
  • [How-to] Securing access to your `docker.sock` file.
    1 project | /r/unRAID | 20 Feb 2022
    Many of you might already be familiar with Tecnativa's docker-socket-proxy which says:
  • Basic Traefik configuration tutorial
    4 projects | dev.to | 12 Feb 2022
    version: "3.7" services: traefik: image: traefik:v2.6 command: # Entrypoints configuration - --entrypoints.web.address=:80 # Docker provider configuration - --providers.docker=true # Makes sure that services have to explicitly direct Traefik to expose them - --providers.docker.exposedbydefault=false # Use the secure docker socket proxy - --providers.docker.endpoint=tcp://socket_proxy:2375 # Default docker network to use for connections to all containers - --providers.docker.network=traefik_public # Logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO. - --log.level=info ports: - 80:80 networks: - traefik_public - socket_proxy restart: unless-stopped depends_on: - socket_proxy # https://github.com/traefik/whoami whoami: image: traefik/whoami:v1.7.1 labels: # Explicitly instruct Traefik to expose this service - traefik.enable=true # Router configuration ## Listen to the `web` entrypoint - traefik.http.routers.whoami_route.entrypoints=web ## Rule based on the Host of the request - traefik.http.routers.whoami_route.rule=Host(`whoami.karvounis.tutorial`) - traefik.http.routers.whoami_route.service=whoami_service # Service configuration ## 80 is the port that the whoami container is listening to - traefik.http.services.whoami_service.loadbalancer.server.port=80 networks: - traefik_public # https://github.com/Tecnativa/docker-socket-proxy # Security-enhanced proxy for the Docker Socket socket_proxy: image: tecnativa/docker-socket-proxy:latest restart: unless-stopped environment: NETWORKS: 1 SERVICES: 1 CONTAINERS: 1 TASKS: 1 volumes: - /var/run/docker.sock:/var/run/docker.sock:ro networks: - socket_proxy networks: traefik_public: external: true socket_proxy: external: true
  • docker-socket-proxy - Proxy over your Docker socket to restrict which requests it accepts
    1 project | /r/docker | 20 Jan 2022

What are some alternatives?

When comparing r-selfhosted-security and docker-socket-proxy you can also consider the following projects:

How-To-Secure-A-Linux-Server - An evolving how-to guide for securing a Linux server.

watchtower - A process for automating Docker container base image updates.

lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

Diun - Receive notifications when an image is updated on a Docker registry

Keycloak - Open Source Identity and Access Management For Modern Applications and Services

wireguard-ui - Wireguard web interface

Netmaker - Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.

cadvisor - Analyzes resource usage and performance characteristics of running containers.

ansible-role-security - Ansible Role - Security

flap

tailscale - The easiest, most secure way to use WireGuard and 2FA.

docker - â›´ Docker image of Nextcloud

r-selfhosted-security vs How-To-Secure-A-Linux-Server docker-socket-proxy vs watchtower r-selfhosted-security vs lynis docker-socket-proxy vs Diun r-selfhosted-security vs Keycloak docker-socket-proxy vs wireguard-ui r-selfhosted-security vs Netmaker docker-socket-proxy vs cadvisor r-selfhosted-security vs ansible-role-security docker-socket-proxy vs flap r-selfhosted-security vs tailscale docker-socket-proxy vs docker