Docker Socket Proxy

Overview

Docker Socket Proxy is a security-enhanced proxy for the Docker socket.

Manual

Releases

Community

---

Deployment

Advanced | Usually not deployed standalone

A number of roles include this role to deploy their dedicated Socket Proxy container and do not require this tag to be run manually. It is provided in the unlikely event that you run your own containers that need their access to the Docker socket proxied.

sb install docker-socket-proxy

Role Defaults

Use the Inventory to customize variables. (1)

1. Example override

   docker_socket_proxy_name: "custom_value"
   

   Avoid overriding variables ending in _default

   When overriding variables that end in _default (like docker_socket_proxy_docker_envs_default), you replace the entire default configuration. Future updates that add new default values will not be applied to your setup, potentially breaking functionality.

   Instead, use the corresponding _custom variable (like docker_socket_proxy_docker_envs_custom) to add your changes. Custom values are merged with defaults, ensuring you receive updates.

BasicsDockerDocker+Global Override Options

docker_socket_proxy_name

# Type: string
docker_socket_proxy_name: docker-socket-proxy

Container

docker_socket_proxy_role_docker_container

# Type: string
docker_socket_proxy_role_docker_container: "{{ docker_socket_proxy_name }}"

Image

docker_socket_proxy_role_docker_image_pull

# Type: bool (true/false)
docker_socket_proxy_role_docker_image_pull: true

docker_socket_proxy_role_docker_image_repo

# Type: string
docker_socket_proxy_role_docker_image_repo: "lscr.io/linuxserver/socket-proxy"

docker_socket_proxy_role_docker_image_tag

# Type: string
docker_socket_proxy_role_docker_image_tag: "latest"

docker_socket_proxy_role_docker_image

# Type: string
docker_socket_proxy_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='docker_socket_proxy') }}:{{ lookup('role_var', '_docker_image_tag', role='docker_socket_proxy') }}"

Envs

docker_socket_proxy_role_docker_envs_default

# Type: dict
docker_socket_proxy_role_docker_envs_default:
  TZ: "{{ tz }}"
  DISABLE_IPV6: "{{ '0' if dns_ipv6_enabled else '1' }}"

docker_socket_proxy_role_docker_envs_custom

# Type: dict
docker_socket_proxy_role_docker_envs_custom: {}

Volumes

docker_socket_proxy_role_docker_volumes_default

# Type: list
docker_socket_proxy_role_docker_volumes_default:
  - "/var/run/docker.sock:/var/run/docker.sock"

docker_socket_proxy_role_docker_volumes_custom

# Type: list
docker_socket_proxy_role_docker_volumes_custom: []

Mounts

docker_socket_proxy_role_docker_mounts_default

# Type: list
docker_socket_proxy_role_docker_mounts_default:
  - target: /run
    type: tmpfs

docker_socket_proxy_role_docker_mounts_custom

# Type: list
docker_socket_proxy_role_docker_mounts_custom: []

Hostname

docker_socket_proxy_role_docker_hostname

# Type: string
docker_socket_proxy_role_docker_hostname: "{{ docker_socket_proxy_name }}"

Networks

docker_socket_proxy_role_docker_networks_alias

# Type: string
docker_socket_proxy_role_docker_networks_alias: "{{ docker_socket_proxy_name }}"

docker_socket_proxy_role_docker_networks_default

# Type: list
docker_socket_proxy_role_docker_networks_default: []

docker_socket_proxy_role_docker_networks_custom

# Type: list
docker_socket_proxy_role_docker_networks_custom: []

Restart Policy

docker_socket_proxy_role_docker_restart_policy

# Type: string
docker_socket_proxy_role_docker_restart_policy: unless-stopped

State

docker_socket_proxy_role_docker_state

# Type: string
docker_socket_proxy_role_docker_state: started

Read Only Filesystem

docker_socket_proxy_role_docker_read_only

# Type: bool (true/false)
docker_socket_proxy_role_docker_read_only: true

The following advanced options are available via create_docker_container but are not defined in the role. See: docker_container module

Resource Limits

docker_socket_proxy_role_docker_blkio_weight

# Type: int
docker_socket_proxy_role_docker_blkio_weight:

docker_socket_proxy_role_docker_cpu_period

# Type: int
docker_socket_proxy_role_docker_cpu_period:

docker_socket_proxy_role_docker_cpu_quota

# Type: int
docker_socket_proxy_role_docker_cpu_quota:

docker_socket_proxy_role_docker_cpu_shares

# Type: int
docker_socket_proxy_role_docker_cpu_shares:

docker_socket_proxy_role_docker_cpus

# Type: string
docker_socket_proxy_role_docker_cpus:

docker_socket_proxy_role_docker_cpuset_cpus

# Type: string
docker_socket_proxy_role_docker_cpuset_cpus:

docker_socket_proxy_role_docker_cpuset_mems

# Type: string
docker_socket_proxy_role_docker_cpuset_mems:

docker_socket_proxy_role_docker_kernel_memory

# Type: string
docker_socket_proxy_role_docker_kernel_memory:

docker_socket_proxy_role_docker_memory

# Type: string
docker_socket_proxy_role_docker_memory:

docker_socket_proxy_role_docker_memory_reservation

# Type: string
docker_socket_proxy_role_docker_memory_reservation:

docker_socket_proxy_role_docker_memory_swap

# Type: string
docker_socket_proxy_role_docker_memory_swap:

docker_socket_proxy_role_docker_memory_swappiness

# Type: int
docker_socket_proxy_role_docker_memory_swappiness:

docker_socket_proxy_role_docker_shm_size

# Type: string
docker_socket_proxy_role_docker_shm_size:

Security & Devices

docker_socket_proxy_role_docker_cap_drop

# Type: list
docker_socket_proxy_role_docker_cap_drop:

docker_socket_proxy_role_docker_cgroupns_mode

# Type: string
docker_socket_proxy_role_docker_cgroupns_mode:

docker_socket_proxy_role_docker_device_cgroup_rules

# Type: list
docker_socket_proxy_role_docker_device_cgroup_rules:

docker_socket_proxy_role_docker_device_read_bps

# Type: list
docker_socket_proxy_role_docker_device_read_bps:

docker_socket_proxy_role_docker_device_read_iops

# Type: list
docker_socket_proxy_role_docker_device_read_iops:

docker_socket_proxy_role_docker_device_requests

# Type: list
docker_socket_proxy_role_docker_device_requests:

docker_socket_proxy_role_docker_device_write_bps

# Type: list
docker_socket_proxy_role_docker_device_write_bps:

docker_socket_proxy_role_docker_device_write_iops

# Type: list
docker_socket_proxy_role_docker_device_write_iops:

docker_socket_proxy_role_docker_devices

# Type: list
docker_socket_proxy_role_docker_devices:

docker_socket_proxy_role_docker_devices_default

# Type: string
docker_socket_proxy_role_docker_devices_default:

docker_socket_proxy_role_docker_groups

# Type: list
docker_socket_proxy_role_docker_groups:

docker_socket_proxy_role_docker_privileged

# Type: bool (true/false)
docker_socket_proxy_role_docker_privileged:

docker_socket_proxy_role_docker_security_opts

# Type: list
docker_socket_proxy_role_docker_security_opts:

docker_socket_proxy_role_docker_user

# Type: string
docker_socket_proxy_role_docker_user:

docker_socket_proxy_role_docker_userns_mode

# Type: string
docker_socket_proxy_role_docker_userns_mode:

Networking

docker_socket_proxy_role_docker_dns_opts

# Type: list
docker_socket_proxy_role_docker_dns_opts:

docker_socket_proxy_role_docker_dns_search_domains

# Type: list
docker_socket_proxy_role_docker_dns_search_domains:

docker_socket_proxy_role_docker_dns_servers

# Type: list
docker_socket_proxy_role_docker_dns_servers:

docker_socket_proxy_role_docker_domainname

# Type: string
docker_socket_proxy_role_docker_domainname:

docker_socket_proxy_role_docker_exposed_ports

# Type: list
docker_socket_proxy_role_docker_exposed_ports:

docker_socket_proxy_role_docker_hosts

# Type: dict
docker_socket_proxy_role_docker_hosts:

docker_socket_proxy_role_docker_hosts_use_common

# Type: bool (true/false)
docker_socket_proxy_role_docker_hosts_use_common:

docker_socket_proxy_role_docker_ipc_mode

# Type: string
docker_socket_proxy_role_docker_ipc_mode:

docker_socket_proxy_role_docker_links

# Type: list
docker_socket_proxy_role_docker_links:

docker_socket_proxy_role_docker_network_mode

# Type: string
docker_socket_proxy_role_docker_network_mode:

docker_socket_proxy_role_docker_pid_mode

# Type: string
docker_socket_proxy_role_docker_pid_mode:

docker_socket_proxy_role_docker_ports

# Type: list
docker_socket_proxy_role_docker_ports:

docker_socket_proxy_role_docker_uts

# Type: string
docker_socket_proxy_role_docker_uts:

Storage

docker_socket_proxy_role_docker_keep_volumes

# Type: bool (true/false)
docker_socket_proxy_role_docker_keep_volumes:

docker_socket_proxy_role_docker_storage_opts

# Type: dict
docker_socket_proxy_role_docker_storage_opts:

docker_socket_proxy_role_docker_tmpfs

# Type: list
docker_socket_proxy_role_docker_tmpfs:

docker_socket_proxy_role_docker_volume_driver

# Type: string
docker_socket_proxy_role_docker_volume_driver:

docker_socket_proxy_role_docker_volumes_from

# Type: list
docker_socket_proxy_role_docker_volumes_from:

docker_socket_proxy_role_docker_volumes_global

# Type: bool (true/false)
docker_socket_proxy_role_docker_volumes_global:

docker_socket_proxy_role_docker_working_dir

# Type: string
docker_socket_proxy_role_docker_working_dir:

Monitoring & Lifecycle

docker_socket_proxy_role_docker_auto_remove

# Type: bool (true/false)
docker_socket_proxy_role_docker_auto_remove:

docker_socket_proxy_role_docker_cleanup

# Type: bool (true/false)
docker_socket_proxy_role_docker_cleanup:

docker_socket_proxy_role_docker_force_kill

# Type: string
docker_socket_proxy_role_docker_force_kill:

docker_socket_proxy_role_docker_healthcheck

# Type: dict
docker_socket_proxy_role_docker_healthcheck:

docker_socket_proxy_role_docker_healthy_wait_timeout

# Type: int
docker_socket_proxy_role_docker_healthy_wait_timeout:

docker_socket_proxy_role_docker_init

# Type: bool (true/false)
docker_socket_proxy_role_docker_init:

docker_socket_proxy_role_docker_kill_signal

# Type: string
docker_socket_proxy_role_docker_kill_signal:

docker_socket_proxy_role_docker_log_driver

# Type: string
docker_socket_proxy_role_docker_log_driver:

docker_socket_proxy_role_docker_log_options

# Type: dict
docker_socket_proxy_role_docker_log_options:

docker_socket_proxy_role_docker_oom_killer

# Type: bool (true/false)
docker_socket_proxy_role_docker_oom_killer:

docker_socket_proxy_role_docker_oom_score_adj

# Type: int
docker_socket_proxy_role_docker_oom_score_adj:

docker_socket_proxy_role_docker_output_logs

# Type: bool (true/false)
docker_socket_proxy_role_docker_output_logs:

docker_socket_proxy_role_docker_paused

# Type: bool (true/false)
docker_socket_proxy_role_docker_paused:

docker_socket_proxy_role_docker_recreate

# Type: bool (true/false)
docker_socket_proxy_role_docker_recreate:

docker_socket_proxy_role_docker_restart_retries

# Type: int
docker_socket_proxy_role_docker_restart_retries:

docker_socket_proxy_role_docker_stop_timeout

# Type: int
docker_socket_proxy_role_docker_stop_timeout:

Other Options

docker_socket_proxy_role_docker_capabilities

# Type: list
docker_socket_proxy_role_docker_capabilities:

docker_socket_proxy_role_docker_cgroup_parent

# Type: string
docker_socket_proxy_role_docker_cgroup_parent:

docker_socket_proxy_role_docker_commands

# Type: list
docker_socket_proxy_role_docker_commands:

docker_socket_proxy_role_docker_create_timeout

# Type: int
docker_socket_proxy_role_docker_create_timeout:

docker_socket_proxy_role_docker_entrypoint

# Type: string
docker_socket_proxy_role_docker_entrypoint:

docker_socket_proxy_role_docker_env_file

# Type: string
docker_socket_proxy_role_docker_env_file:

docker_socket_proxy_role_docker_labels

# Type: dict
docker_socket_proxy_role_docker_labels:

docker_socket_proxy_role_docker_labels_use_common

# Type: bool (true/false)
docker_socket_proxy_role_docker_labels_use_common:

docker_socket_proxy_role_docker_runtime

# Type: string
docker_socket_proxy_role_docker_runtime:

docker_socket_proxy_role_docker_sysctls

# Type: list
docker_socket_proxy_role_docker_sysctls:

docker_socket_proxy_role_docker_ulimits

# Type: list
docker_socket_proxy_role_docker_ulimits:

docker_socket_proxy_role_autoheal_enabled

# Enable or disable Autoheal monitoring for the container created when deploying
# Type: bool (true/false)
docker_socket_proxy_role_autoheal_enabled: true

docker_socket_proxy_role_depends_on

# List of container dependencies that must be running before the container start
# Type: string
docker_socket_proxy_role_depends_on: ""

docker_socket_proxy_role_depends_on_delay

# Delay in seconds before starting the container after dependencies are ready
# Type: string (quoted number)
docker_socket_proxy_role_depends_on_delay: "0"

docker_socket_proxy_role_depends_on_healthchecks

# Enable healthcheck waiting for container dependencies
# Type: string ("true"/"false")
docker_socket_proxy_role_depends_on_healthchecks:

docker_socket_proxy_role_diun_enabled

# Enable or disable Diun update notifications for the container created when deploying
# Type: bool (true/false)
docker_socket_proxy_role_diun_enabled: true

docker_socket_proxy_role_docker_controller

# Enable or disable Saltbox Docker Controller management for the container
# Type: bool (true/false)
docker_socket_proxy_role_docker_controller: true

docker_socket_proxy_role_docker_image_repo

# Type: string
docker_socket_proxy_role_docker_image_repo:

docker_socket_proxy_role_docker_image_tag

# Type: string
docker_socket_proxy_role_docker_image_tag:

docker_socket_proxy_role_docker_volumes_download

# Type: bool (true/false)
docker_socket_proxy_role_docker_volumes_download: