Traefik security issue - mitigate with docker-socket-proxy
Рет қаралды 2,996
In this video, we are going to explore how to use the Docker Socket securely, and we'll delve into a powerful tool that ensures your Docker environment is protected like never before. Say hello to the 'Docker Socket Proxy' - your guardian for safeguarding the Docker socket mount, often frequented by essential tools like Traefik and Portainer.
Docker-socket-proxy: github.com/Tecnativa/docker-socket-proxy
Tutorials files on my github: github.com/marcogreiveldinger/videos/tree/main/docker-socket-proxy
📺 Check out my ultimate traefik tutorial: kzbin.info/www/bejne/h3SWqJireLqlbtE
🔒 Worried about unauthorized access to your Docker socket? Watch as we unlock the secrets to secure Docker socket access with ease. With Docker Socket Proxy in your toolkit, you'll be in control and your Docker environment will be fortified.
🚀 In this tutorial, we'll walk you through a practical example of Docker Socket Proxy in action, demonstrating its seamless integration with Traefik. Learn how to restrict access, protect your Docker infrastructure, and simplify your container orchestration processes. Say goodbye to security concerns and hello to a more resilient, Docker-powered environment.
Don't miss out on this invaluable knowledge! Hit that 'Subscribe' button, give us a thumbs up, and let's dive into the world of secure Docker socket management. Your Docker containers will thank you. 💪
*Get 200$ worth of credits in the Digital Ocean Cloud: link.techwithmarco.com/digitalOcean (*)
00:00 - 00:50 Intro
00:51 - 02:18 The problem
02:19 - 05:02 Another proxy? docker socket proxy
05:03 - 05:17 Sponsor break?
05:18 - 09:54 Traefik integration demo
09:54 - 10:43 Extend API access
10:44 - 11:47 Outro
traefik.io/traefik/
github.com/Tecnativa/docker-socket-proxy
docs.docker.com/engine/api/v1.43/
-----
Github: github.com/marcogreiveldinger
Become a supporter with Patreon: www.patreon.com/TechwithMarco
#traefik #security #docker #dockersocketproxy #portainer
--------------------------
(*) -links are affiliate links. (If you buy something through the link, I receive a commission of your purchases. There are no extra costs for you.)
@techwithmarco 9 ай бұрын
Hey, here is my traefik tutorial, so that you know what I am talking about. kzbin.info/www/bejne/h3SWqJireLqlbtE Let me know if you have any questions 🙂
@exogeo 22 күн бұрын
Thanks for making these videos, Your videos are super helpful & awesome. You deserve success here!!
@Justin_Jay 5 ай бұрын
"just kidding, i don't have a sponsor yet" killed me. love it
@techwithmarco 5 ай бұрын
Haha yeah that was a good one :)
@rolfamfelt9946 9 ай бұрын
Please use lager fonts(zoom), that would make it readable on mobile. And great video’s
@techwithmarco 9 ай бұрын
Thanks! alrighty, next time I try to use aa larger font or zoom in :-) And thank you for the feedback
@user-mw5pm9yx6l 6 ай бұрын
I would like to congratulate you on your excellent work, I really like your videos. I would like to ask if possible if you could record a video explaining how to run nginx-proxy-manager together with traefik inside portainer, honestly this is an extreme headache for me and I really need to learn, I believe this is the question of several followers. Thanks in advance.
@LampJustin 8 ай бұрын
Great video! Unfortunately you kind of made a less secure. By using the ports directive in the compose you expose the (well known Docker-)Port on your whole machine. You also enable any container to access information about your docker environment. To circumvent all of that, I would fiestly remove the ports section on the proxy and secondly create a second network that's only used for the proxy and treafik. Keep in mind that traefik needs access to the default anf the socket proxy network, though;)
@techwithmarco 8 ай бұрын
Hey, thanks for the hint! You are totally right in this case. I did not think of the networking and port mappings as everything was only on my local machine. (I don't have a dedicated QA ... 😂) But great spot! Have a look at the pull request I made to the tutorial files! github.com/marcogreiveldinger/videos/pull/4 I guess that's the better version right :-)
@f_sdr 9 ай бұрын
🚀🚀🚀
@techwithmarco 9 ай бұрын
🚀👩🚀🌜
@dontworry7127 5 ай бұрын
Hey Marco thank you for the hint. I am trying to combine it with your traefik + crowdsec tutorial which run into error crowdsec | time="2024-02-07T22:08:42+01:00" level=error msg="UnmarshalJSON : invalid character 'i' in literal true (expecting 'r')" line="time=\"2024-02-07T22:08:42+01:00\" level=error msg=\"Failed to retrieve information of the docker client and server host: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?\" providerName=docker" In the docker-compose.yml of kzbin.info/www/bejne/kGOWc32oh7KIg5Y are labels available, crowdsec want to connect to docker.sock too. Traefik documentation is at the moment a jungle for me.
@techwithmarco 5 ай бұрын
sad to hear that it didn't work out so far. Have you tried to play around with access rights for the docker-socket-proxy? Seems like that crowdsec is reading the access logs of traefik, and traefik is not able to gain information of the docker socket. Maybe try to set the rights less restrictive and then go back and see where it fails github.com/Tecnativa/docker-socket-proxy?tab=readme-ov-file#grant-or-revoke-access-to-certain-api-sections
@user-mw5pm9yx6l 6 ай бұрын
I would like to congratulate you on your excellent work, I really like your videos. I would like to ask if possible if you could record a video explaining how to run nginx-proxy-manager together with traefik inside portainer, honestly this is an extreme headache for me and I really need to learn, I believe this is the question of several followers. Thanks in advance.
@techwithmarco 6 ай бұрын
Thanks for your compliment :) I still don't quite understand why you want to have two different proxies? What's the purpose of both of them?
i-shoppers обзоры
Рет қаралды 622 М.
KOMPUKTER
Рет қаралды 339 М.
Pochinka_blog
Рет қаралды 3,9 МЛН