Skip to content

Arcelone/Docker-socket-proxy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 
nginx.conf
nginx.conf
 
 

Repository files navigation

docker-socket-proxy

A simple socket proxy based on a rootless Nginx-mainline-alpine-slim image that allows you to build an image with only the Docker Engine API URL you want to expose.

How it works:

  1. It adds the docker group to the container. (⚠️ Verify that the group ID is the same inside the container as on the host.)
  2. It adds the nginx user to the docker group, which allows the nginx process run by the nginx user to send instructions inside the socket.
  3. (Optional) It copies the configuration inside the container. Feel free to adjust this line as needed.

⚠️🚩 Running this container with 2375:2375 gives all your networks access to your Docker socket. Make sure to run it with at least 127.0.0.1:2375:2375 or with the container connected to an internal network. Or security measures (firewall rules, etc.) may be necessary. ⚠️🚩

This container supports:

  • read_only: true
  • WIP Testing for
cap_drop:
  - ALL

Caveat:

It needs to be run with the following: userns_mode: "host" in case you are using the remap functionality. Otherwise, the Docker socket won't be readable inside the container.

About

A simple docker socket proxy based on rootless Nginx-alpine-slim

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages