I see. How is that beneficial?
Also, I tried removing - "/var/run/docker.sock:/var/run/docker.sock" from my traefik docker-compose, and everything 404s. I see some scary warnings about using this, but it comes straight from the Traefik website and I’m not sure how to get it to work without it.
I am using this post as a guide to set up a proxy… for my proxy (?!) to make it more secure than it was before with this /var/run/docker.sock.
I am a little bit unclear on whetehr the socket-proxy ‘proxy’ network should be the same network I was using for my main traefik proxy network or if it should be separate. Which I guess could also mess up my security if I misunderstood it.
this is also mentioned here
https://docs.traefik.io/v2.0/providers/docker/#docker-api-access
I suggest to start a discussion about this in https://community.containo.us/ to come up with proper hardening guide.
I rose my safety concerns here: Learning how to secure Traefik ending up with some safety concerns - Traefik v2 - Traefik Labs Community Forum what received some likes but no answer.
That should be combined with docker hardening guides https://owasp.org/www-project-cheat-sheets/cheatsheets/Docker_Security_Cheat_Sheet.html
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.