Traefik 2.0 — paranoid about mounting /var/run/docker.sock?

Source: Docker

The Problem

The Solution

The Socket Proxy uses the official Alpine-based HAProxy image. It blocks access to the Docker socket API according to the environment variables you set. It returns a HTTP 403 Forbidden status for those dangerous requests that should never happen.

Let’s create the socket-proxy container:


The environment variable CONTAINERS: 1 tells the proxy to grant get requests to /containers/* from the Docker API. Post requests are disabled by default.

All possible settings are described here.

Now we have to change the endpoint in the providers section of the traefik.yml file:


Restart the Traefik container and feel a little bit more safe ;-)

gi8 from Containeroo

where containers happen

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store