Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use docker-socket-proxy for the web UI #60

Closed
ptr1337 opened this issue Dec 18, 2020 · 4 comments
Closed

Use docker-socket-proxy for the web UI #60

ptr1337 opened this issue Dec 18, 2020 · 4 comments
Assignees
@fl0ppy-d1sk
Labels
security

Comments

@ptr1337
Copy link

ptr1337 commented Dec 18, 2020

I just thought that the "docker-socket-proxy" could help out there.

Traefik and so on using also the docker.socket.

Here ill provide you nice example.

https://github.com/ptTrR/traefik2/blob/master/ymlfiles/docker-socket-proxy.yml
@ptr1337 ptr1337 changed the title Maybe a solution because your security impact at using autoconfigured reverse conf Maybe a solution because your security impact at using autoconfigured reverse conf [MAYBE IMPROVMENT} Dec 18, 2020
@fl0ppy-d1sk fl0ppy-d1sk self-assigned this Dec 28, 2020
@fl0ppy-d1sk fl0ppy-d1sk added enhancement New feature or request security and removed enhancement New feature or request labels Dec 28, 2020
@fl0ppy-d1sk
Copy link
Member

Hello @ptTrR,

Thanks for your suggestion. We already managed this security issue by creating a dedicated container which is not facing internet and not opening any ports. This change is present in the dev branch and will be available with the next release.

But this "docker-socket-proxy" might be usefull for the upcoming web UI feature. Let's keep this issue open as a reminder.

@fl0ppy-d1sk fl0ppy-d1sk changed the title Maybe a solution because your security impact at using autoconfigured reverse conf [MAYBE IMPROVMENT} Use docker-socket-proxy for the web UI Dec 28, 2020
@fl0ppy-d1sk fl0ppy-d1sk mentioned this issue Dec 28, 2020
Closed
@ptr1337
Copy link
Author

ptr1337 commented Dec 28, 2020

Alright, but thats the most used solution this security problem.
Just was an idea. Looking forward to your new release!

fl0ppy-d1sk referenced this issue Jun 2, 2021
@fl0ppy-d1sk
web UI - init work on using docker-socket-proxy
74fb015
@fl0ppy-d1sk
Copy link
Member

Hello @ptr1337,

I've added an example on how to use the docker-socket-proxy with web UI in the security tuning section of the documentation. Thanks for your report.

@ptr1337
Copy link
Author

ptr1337 commented Jul 9, 2021

Hey,

sorry for the late answer.
I will test this together with the certbot-cloudflare if possible.

But you improved the last months very much on the documentation and the source itself.

nice work!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fl0ppy-d1sk fl0ppy-d1sk

Labels
security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fl0ppy-d1sk @ptr1337