search

fmartinou / whats-up-docker

What's up Docker ( aka WUD ) gets you notified when a new version of your Docker Container is available.
https://fmartinou.github.io/whats-up-docker
MIT License
939 stars 29 forks source link

Use docker socket proxy instead of mounting /var/run/docker.sock #317

Open mgite opened 10 months ago

mgite commented 10 months ago

Can we add support to use docker-socket-proxy container instead of using mount to /var/run/docker.sock for security purposes?

kingp0dd commented 4 months ago

been wanting this for a while

ameer1234567890 commented 4 months ago

I have been using WUD with docker-socket-proxy and it works pretty well.

kingp0dd commented 4 months ago

What is your compose like?

On Fri, Mar 15, 2024, 7:45 PM Ameer Dawood @.***> wrote:

I have been using WUD with docker-socket-proxy and it works pretty well.

— Reply to this email directly, view it on GitHub https://github.com/fmartinou/whats-up-docker/issues/317#issuecomment-1999485122, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACGD6KTE5WTSWJ2P5G6MI7DYYLNL3AVCNFSM6AAAAAA4RML3KKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSOJZGQ4DKMJSGI . You are receiving this because you commented.Message ID: @.***>

ameer1234567890 commented 4 months ago

Here is my compose file.

services:
  whatsupdocker:
    image: fmartinou/whats-up-docker
    container_name: whatsupdocker
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /home/pi/docker/whatsupdocker:/store
    environment:
      - WUD_WATCHER_NAS2_SOCKET=/var/run/docker.sock
      - WUD_WATCHER_NAS2_WATCHALL=true
      - WUD_WATCHER_FIG_HOST=fig.lan
      - WUD_WATCHER_FIG_WATCHALL=true
    ports:
      - 3000:3000
    restart: unless-stopped
jrbarronumd commented 4 months ago

I've been using the socket proxy for a remote server and it has been working well. My local watcher uses the direct socket mount, but it should work the same doing it local vs remote. There is some configuring to the proxy container as well, which I pulled an issue here for, and @fmartinou helped out with (#354). My compose entries are below. Hope this helps.

Host Machine:

services:
    whatsupdocker:
      container_name: wud
      image: ghcr.io/fmartinou/whats-up-docker:6.3.0
      restart: unless-stopped
      security_opt:
        - no-new-privileges:true
      healthcheck:
        test: wget --no-verbose --tries=1 --no-check-certificate --spider http://localhost:3000
        interval: 10s
        timeout: 10s
        retries: 3
        start_period: 10s  
      volumes:
        - /var/run/docker.sock:/var/run/docker.sock
        - $DOCKERDIR/whats-up-docker:/store
      environment:
        - WUD_WATCHER_local_SOCKET=/var/run/docker.sock
        - WUD_WATCHER_remote_HOST=10.x.x.x

Remote machine

services:
  dockerproxy:
    image: ghcr.io/tecnativa/docker-socket-proxy:0.1.1
    container_name: dockerproxy
    restart: unless-stopped
    ports:
      - 2375:2375
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      - LOG_LEVEL=debug
      - CONTAINERS=1 # Allow access to viewing containers
      - ALLOW_START=1
      - ALLOW_STOP=1
      - IMAGES=1
      - POST=0 # Disallow any POST operations (effectively read-only)
kingp0dd commented 3 months ago

I've been using the socket proxy for a remote server and it has been working well. My local watcher uses the direct socket mount, but it should work the same doing it local vs remote. There is some configuring to the proxy container as well, which I pulled an issue here for, and @fmartinou helped out with (#354). My compose entries are below. Hope this helps.

Host Machine:

services:
   whatsupdocker:
     container_name: wud
     image: ghcr.io/fmartinou/whats-up-docker:6.3.0
     restart: unless-stopped
     security_opt:
       - no-new-privileges:true
     healthcheck:
       test: wget --no-verbose --tries=1 --no-check-certificate --spider http://localhost:3000
       interval: 10s
       timeout: 10s
       retries: 3
       start_period: 10s  
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - $DOCKERDIR/whats-up-docker:/store
     environment:
       - WUD_WATCHER_local_SOCKET=/var/run/docker.sock
       - WUD_WATCHER_remote_HOST=10.x.x.x

Remote machine

services:
  dockerproxy:
    image: ghcr.io/tecnativa/docker-socket-proxy:0.1.1
    container_name: dockerproxy
    restart: unless-stopped
    ports:
      - 2375:2375
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      - LOG_LEVEL=debug
      - CONTAINERS=1 # Allow access to viewing containers
      - ALLOW_START=1
      - ALLOW_STOP=1
      - IMAGES=1
      - POST=0 # Disallow any POST operations (effectively read-only)

thanks for sharing this. i'm confused though, why isn't your WUD using the socket proxy port?

jrbarronumd commented 3 months ago

@kingp0dd It's been a bit since I set it up, but I think because 2375 is the default port for the docker socket to be exposed (whether using the proxy or not). If exposing the socket proxy on a different port, you would have to specify in the WUD config.

kingp0dd commented 3 months ago

@kingp0dd It's been a bit since I set it up, but I think because 2375 is the default port for the docker socket to be exposed (whether using the proxy or not). If exposing the socket proxy on a different port, you would have to specify in the WUD config.

that makes much more sense now. thanks mate!

edit: upon further checking, it seems that containers do not use 2375 as default, they use the docker.sock file. so WUD still has to be configured to use docker-socket-proxy explicitly, which i think it doesn't support

cerealconyogurt commented 2 weeks ago

Hi @kingp0dd, are you still having the problem? In my cases is working without any problem.

kingp0dd commented 2 weeks ago

Was there a recent update or change to support it? I haven't tried it yet

On Tue, Jun 25, 2024, 10:47 AM cerealconyogurt @.***> wrote:

Hi @kingp0dd https://github.com/kingp0dd, are you still having the problem? In my cases is working without any problem.

— Reply to this email directly, view it on GitHub https://github.com/fmartinou/whats-up-docker/issues/317#issuecomment-2187850192, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACGD6KUMPUPNDZGYXDUOZGDZJDK5VAVCNFSM6AAAAAA4RML3KKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCOBXHA2TAMJZGI . You are receiving this because you were mentioned.Message ID: @.***>

cerealconyogurt commented 2 weeks ago

I am not sure since this is the first time for me installing this app. My setup indeed is using two socket proxies; one for the local machine and the second one for a remote machine:

WUD_WATCHER_NAS_HOST: xxx.xxx.0.2 WUD_WATCHER_NAS_PORT: 2375 WUD_WATCHER_NAS_WATCHALL: true WUD_WATCHER_DIETPI_HOST: xxx.xxx.1.73 WUD_WATCHER_DIETPI_PORT: 2376 WUD_WATCHER_DIETPI_WATCHALL: true