Hello,
I am trying to make working the docker socket proxy.
My docker-compose file:
version: '3.8'
services:
docker-socket-proxy:
container_name: docker-socket-proxy
image: tecnativa/docker-socket-proxy
privileged: true
restart: always
logging:
driver: journald
environment:
- CONTAINERS=1
networks:
- proxy
ports:
- 127.0.0.1:2375:2375
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
traefik:
image: traefik:v3.0
container_name: traefik
#command:
#- "--providers.docker.endpoint=tcp://docker-socket-proxy:2375"
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
ports:
- 1180:80
- 11443:443
- 8087:8080
- 1181:1181
- 11444:11444
environment:
- CF_API_EMAIL=my email
- CF_DNS_API_TOKEN=nejxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-
- TZ=Europe/Helsinki
- DOCKER_HOST=tcp://docker-socket-proxy:2375
volumes:
- /etc/localtime:/etc/localtime:ro
#- /var/run/docker.sock:/var/run/docker.sock:ro
- /mnt/user/appdata/docker/traefik/data/traefik.yml:/traefik.yml:ro
- /mnt/user/appdata/docker/letsencrypt:/letsencrypt
- /mnt/user/appdata/docker/traefik/data/dynamic_conf.yml:/dynamic_conf.yml:ro
- /var/log/crowdsec/:/var/log/crowdsec
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(`traefik.mydomain.tld`)"
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.rule=Host(`traefik.mydomain.tld`)"
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=dns-cloudflare"
- "traefik.http.routers.traefik-secure.tls.domains[0].main=mydomain.tld"
- "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.mydomain.tld"
- "traefik.http.routers.traefik-secure.service=api@internal"
# middlewares
- "traefik.http.middlewares.traefik-auth.basicauth.users=admin:passwd"
# middlewares security headers
- "traefik.http.middlewares.security-headers.headers.accesscontrolallowmethods=GET, OPTIONS, PUT"
- "traefik.http.middlewares.security-headers.headers.accesscontrolmaxage=100"
- "traefik.http.middlewares.security-headers.headers.addvaryheader=true"
- "traefik.http.middlewares.security-headers.headers.hostsproxyheaders=X-Forwarded-Host"
- "traefik.http.middlewares.security-headers.headers.sslredirect=true"
- "traefik.http.middlewares.security-headers.headers.sslproxyheaders.X-Forwarded-Proto=https"
- "traefik.http.middlewares.security-headers.headers.stsseconds=63072000"
- "traefik.http.middlewares.security-headers.headers.stsincludesubdomains=true"
- "traefik.http.middlewares.security-headers.headers.stspreload=true"
- "traefik.http.middlewares.security-headers.headers.forcestsheader=true"
- "traefik.http.middlewares.security-headers.headers.framedeny=true"
- "traefik.http.middlewares.security-headers.headers.contenttypenosniff=true"
- "traefik.http.middlewares.security-headers.headers.browserxssfilter=true"
- "traefik.http.middlewares.security-headers.headers.referrerpolicy=same-origin"
- "traefik.http.middlewares.security-headers.headers.featurepolicy=camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none';"
- "traefik.http.middlewares.security-headers.headers.customresponseheaders.X-Robots-Tag=none,noarchive,nosnippet,notranslate,noimageindex"
whoami:
image: "traefik/whoami"
container_name: "simple-service"
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`whoami.localhost`)"
- "traefik.http.routers.whoami.entrypoints=http"
networks:
proxy:
external: true
When looking at the server who run all my dockers, I can see:
#netstat -tunlp
tcp 0 0 127.0.0.1:2375 0.0.0.0:* LISTEN 563720/docker-proxy
When checking the traefik web management page:
Host(`whoami.localhost`) http whoami@docker whoami-traefik 24
There is no, as you can see, there is no service "whoami-docker-socket-proxy" as it should be ...
I am running out of ideas ....
Thx