Differences

This shows you the differences between two versions of the page.

--- systems:media_server:set_up_the_mediaserver_docker_compose_file [2025/06/04 13:36] – peter
+++ systems:media_server:set_up_the_mediaserver_docker_compose_file [2025/06/04 22:01] (current) – [Add Docker Media Server Containers] peter
@@ Line 28: / Line 28: @@
 <file yaml /home/peter/docker/docker-compose-mediaserver.yml>
 networks:
   default:
@@ Line 34: / Line 33: @@
 include:
+  # HOSTNAME defined in .env file
+  - compose/$HOSTNAME/socket-proxy.yml
+  - compose/$HOSTNAME/nginx-proxy-manager.yml
+env_file:
+  - '.env'
 </file>
@@ Line 47: / Line 51: @@
 ----
+===== Create Socket Proxy Docker Compose =====
+Create a file called **socket-proxy.yml** inside **/home/peter/docker/compose/mediaserver**
+<file yaml /home/peter/docker/compose/mediaserver>
+services:
+  socket-proxy:
+    image: lscr.io/linuxserver/socket-proxy:latest
+    container_name: socket-proxy
+    environment:
+      - ALLOW_START=0 #optional
+      - ALLOW_STOP=0 #optional
+      - ALLOW_RESTARTS=0 #optional
+      - AUTH=0 #optional
+      - BUILD=0 #optional
+      - COMMIT=0 #optional
+      - CONFIGS=0 #optional
+      - CONTAINERS=0 #optional
+      - DISABLE_IPV6=0 #optional
+      - DISTRIBUTION=0 #optional
+      - EVENTS=1 #optional
+      - EXEC=0 #optional
+      - IMAGES=0 #optional
+      - INFO=0 #optional
+      - LOG_LEVEL=info #optional
+      - NETWORKS=0 #optional
+      - NODES=0 #optional
+      - PING=1 #optional
+      - PLUGINS=0 #optional
+      - POST=0 #optional
+      - SECRETS=0 #optional
+      - SERVICES=0 #optional
+      - SESSION=0 #optional
+      - SWARM=0 #optional
+      - SYSTEM=0 #optional
+      - TASKS=0 #optional
+      - VERSION=1 #optional
+      - VOLUMES=0 #optional
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    restart: unless-stopped
+    read_only: true
+    tmpfs:
+      - /run
+</file>
+<WRAP alert>
+**ALERT:**  When running Docker in production, you typically do not want to expose the Docker daemon socket to external networks.
+  * This poses a challenge for tools and apps that need access to the Docker API.
+  * One solution is to set up a proxy that controls and secures access to the Docker API.
+  * The docker-socket-proxy will need to run as the root user to be able to proxy the docker socket to the services.
+  * See https://docs.linuxserver.io/images/docker-socket-proxy/.
+  * See https://tecnativa/docker-socket-proxy.
+</WRAP>
+----
+===== Example Service using Socket Proxy =====
+<code yaml example-service.yml>
+version: "3.1"
+services:
+  my-service:
+    image: my-service
+    environment:
+      - DOCKER_HOST=tcp://docker-socket-proxy:2375
+    networks:
+      - my-network
+  docker-socket-proxy:
+    image: tecnativa/docker-socket-proxy
+    environment:
+      - SERVICES=1
+      - TASKS=1
+      - NETWORKS=1
+      - NODES=1
+    volumes:
+     - /var/run/docker.sock:/var/run/docker.sock
+    networks:
+      - my-network
+    deploy:
+      placement:
+        constraints: [node.role == manager]
+networks:
+  my-network:
+    driver: overlay
+</code>
+<WRAP info>
+**NOTE:**  Proxy the docker socket to my-service.
+  * The important line to add to each service is **DOCKER_HOST=tcp://docker-socket-proxy:2375**
+  * See: https://github.com/Tecnativa/docker-socket-proxy
+</WRAP>
+----
+===== References =====
+https://docs.linuxserver.io/images/docker-socket-proxy/
+https://github.com/Tecnativa/docker-socket-proxy