homelab

10338 readers

1 users here now

founded 5 years ago

MODERATORS

CMonster@lemmy.ml

Docker Homelab - Docker Socket Security Risks and Docker-Socket-Proxy [help/discussion] (lemmy.zip)

submitted 1 month ago by hellmo_luciferrari@lemmy.zip to c/homelab@lemmy.ml

4 comments fedilink hide all child comments

Greetings homelabbers,

I have been running a bunch of my homelab on docker, on a fedora server box for quite some time. And wanted to gauge how much of a security risk it is for me to expose the docker socket directly to containers. Is this really a huge issue when my homelab is not exposed to the internet?

The reason this question came up for me was because I cannot seem to get Docker Socket Proxy (https://github.com/Tecnativa/docker-socket-proxy) setup and working for Homepage, even following the recommendations from their guide (https://gethomepage.dev/configs/docker/#using-docker-socket-proxy)

I suppose this is mix of a discussion post, and requesting some help/guidance.

Thank you all! Hellmo

you are viewing a single comment's thread
view the rest of the comments

[–] grehund@lemmy.world 0 points 1 month ago (1 children)

It really depends on which Socket Services the container requires. If you have a lot of containers that all need the same set of Socket Services, you could potentially use a single socket-proxy to serve all of them (in theory, I think).

I usually run one per stack, sometimes more if I have a container within my stack that requires more/different Socket Services to the other(s).

I’m not a docker expert though, so I’m not sure I can say what’s recommended. If you find/get a more authoritative answer on this question, I’d be interested to know.

[–] hellmo_luciferrari@lemmy.zip 0 points 4 weeks ago

Thank you for chiming in! I will update if i find more out!