Added Socket-Proxy option for Dozzle (#20)

* Added Socket-Proxy option for Dozzle Previously docker.sock included as a volume. Now, user has option to link to socket-proxy container. The compose will ask if a socket-proxy should be used. If yes, will then ask if one already exists. - If yes, link to the existing socket-proxy. - If no, create and link to it. * enhanced security and simplified solution
azukaar · Oct 13, 2023 · df29f3a · df29f3a
1 parent 252ca5e
commit df29f3a
Showing 1 changed file with 67 additions and 1 deletion.
diff --git a/servapps/Dozzle/cosmos-compose.json b/servapps/Dozzle/cosmos-compose.json
@@ -6,6 +6,12 @@
         "label": "Do you want to make this service admin only?",
         "initialValue": false,
         "type": "checkbox"
+      },
+      { 
+        "name": "useSocketProxy",
+        "label": "Do you want to use a socket-proxy for increased security? (i.e., create socket-proxy container insead of exposing docker.sock)",
+        "initialValue": true,
+        "type": "checkbox"
       }
     ]
   },
@@ -20,19 +26,24 @@
         "DOZZLE_LEVEL=info",
         "DOZZLE_TAILSIZE=300",
         "DOZZLE_FILTER=status=running"
+        {if Context.useSocketProxy}
+          , "DOCKER_HOST=tcp://socket-proxy:2375"
+        {/if}
       ],
       "labels": {
         "cosmos-force-network-secured": "true",
         "cosmos-auto-update": "true",
         "cosmos-icon": "https://azukaar.github.io/cosmos-servapps-official/servapps/Dozzle/icon.png"
       },
+      {if not Context.useSocketProxy}
       "volumes": [
         {
           "source": "/var/run/docker.sock",
           "target": "/var/run/docker.sock",
           "type": "bind"
         }
       ],
+      {/if}
       "routes": [
         {
           "name": "{ServiceName}",
@@ -53,5 +64,60 @@
         }
       ]
     }
+    {if Context.useSocketProxy}
+      ,
+      "{ServiceName}-socket": {
+        "image": "tecnativa/docker-socket-proxy",
+        "container_name": "{ServiceName}-socket",
+        "hostname": "{ServiceName}-socket",
+        "restart": "unless-stopped",
+        "security_opt": [
+          "no-new-privileges:true"
+        ],
+        "ports": [
+          "2375:2375"
+        ],
+        "labels": {
+          "cosmos-force-network-secured": "true",
+          "cosmos-network-name": "AUTO"
+        },
+        "volumes": [
+          {
+            "source": "/var/run/docker.sock",
+            "target": "/var/run/docker.sock",
+            "type": "bind"
+            }
+        ],
+        "environment": [
+          "LOG_LEVEL=info",
+          "EVENTS=1",
+          "PING=1",
+          "VERSION=1",
+          "AUTH=0",
+          "SECRETS=0",
+          "POST=0",
+          "BUILD=0",
+          "COMMIT=0",
+          "CONFIGS=0",
+          "CONTAINERS=1",
+          "DISTRIBUTION=0",
+          "EXEC=0",
+          "IMAGES=0",
+          "INFO=0",
+          "NETWORKS=0", 
+          "NODES=0",
+          "PLUGINS=0",
+          "SERVICES=0", 
+          "SESSION=0",
+          "SWARM=0",
+          "SYSTEM=0",
+          "TASKS=0", 
+          "VOLUMES=0"
+        ],
+        "links": [
+          "{ServiceName}"
+        ]
+      }
+    {/if}
   }
-}
+}