socket-proxy
A lightweight, flexible, and secure unix socket proxy (usable as docker socket proxy)
1M+
wollomatic/socket-proxy:1.12.3 / ghcr.io/wollomatic/socket-proxy:1.12.3wollomatic/socket-proxy:1 / ghcr.io/wollomatic/socket-proxy:1socket-proxy is a lightweight, secure-by-default unix socket proxy. Although it was created to proxy the docker socket to Traefik, it can also be used for other purposes.
It is heavily inspired by tecnativa/docker-socket-proxy.
As an additional benefit, socket-proxy can be used to examine the API calls of the client application.
The advantage over other solutions is the very slim container image (from-scratch-image) without any external dependencies (no OS, no packages, just the Go standard library). It is designed with security in mind, so there are secure defaults and an additional security layer (IP address-based access control) compared to most other solutions.
The allowlist is configured for each HTTP method separately using the Go regexp syntax, allowing fine-grained control over the allowed HTTP methods. In bridge network mode, each container that uses socket-proxy can be configured with its own allowlist.
The source code is available on GitHub: wollomatic/socket-proxy
Note
Starting with version 1.6.0, the socket-proxy container image is also available on GHCR.
see https://github.com/wollomatic/socket-proxy/blob/main/README.md for more information.
Parts of this project, specifically the file cmd/socket-proxy/bindmount.go and
the files in the internal/docker and internal/go-connections folders,
contain source code licensed under the Apache License 2.0. See the comments
in the applicable files for details.
The rest of the project is licensed under the MIT License – see the LICENSE file for details.
Content type
Image
Digest
sha256:12f063186…
Size
255 Bytes
Last updated
6 days ago
docker pull wollomatic/socket-proxy:sha256-720fb146fe4c3b97195b8c08a94abcf432b4da3178e15d5c8e63459957ca9d77.sigPulls:
18,067
Last week