====== Systems - Media Server - Set Up the Mediaserver Docker Compose File ======
Edit the **docker-compose-mediaserver.yml** and populate with...
----
===== Define Default Network =====
networks:
default:
driver: bridge
**NOTE:** This defines one network called **default**.
* **driver: bridge** - The default bridge network is created automatically when Docker is installed.
* It provides basic networking capabilities for containers running on the same host.
* Containers connected to the bridge network can communicate with each other using their IP addresses or container names.
----
===== Add Docker Media Server Containers =====
networks:
default:
driver: bridge
include:
# HOSTNAME defined in .env file
- compose/$HOSTNAME/socket-proxy.yml
- compose/$HOSTNAME/nginx-proxy-manager.yml
env_file:
- '.env'
**NOTE:** Each app or service will be defined into its own yaml file.
* These individual services will be added into that include block in the main Docker Compose file.
----
===== Create Socket Proxy Docker Compose =====
Create a file called **socket-proxy.yml** inside **/home/peter/docker/compose/mediaserver**
services:
socket-proxy:
image: lscr.io/linuxserver/socket-proxy:latest
container_name: socket-proxy
environment:
- ALLOW_START=0 #optional
- ALLOW_STOP=0 #optional
- ALLOW_RESTARTS=0 #optional
- AUTH=0 #optional
- BUILD=0 #optional
- COMMIT=0 #optional
- CONFIGS=0 #optional
- CONTAINERS=0 #optional
- DISABLE_IPV6=0 #optional
- DISTRIBUTION=0 #optional
- EVENTS=1 #optional
- EXEC=0 #optional
- IMAGES=0 #optional
- INFO=0 #optional
- LOG_LEVEL=info #optional
- NETWORKS=0 #optional
- NODES=0 #optional
- PING=1 #optional
- PLUGINS=0 #optional
- POST=0 #optional
- SECRETS=0 #optional
- SERVICES=0 #optional
- SESSION=0 #optional
- SWARM=0 #optional
- SYSTEM=0 #optional
- TASKS=0 #optional
- VERSION=1 #optional
- VOLUMES=0 #optional
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
restart: unless-stopped
read_only: true
tmpfs:
- /run
**ALERT:** When running Docker in production, you typically do not want to expose the Docker daemon socket to external networks.
* This poses a challenge for tools and apps that need access to the Docker API.
* One solution is to set up a proxy that controls and secures access to the Docker API.
* The docker-socket-proxy will need to run as the root user to be able to proxy the docker socket to the services.
* See https://docs.linuxserver.io/images/docker-socket-proxy/.
* See https://tecnativa/docker-socket-proxy.
----
===== Example Service using Socket Proxy =====
version: "3.1"
services:
my-service:
image: my-service
environment:
- DOCKER_HOST=tcp://docker-socket-proxy:2375
networks:
- my-network
docker-socket-proxy:
image: tecnativa/docker-socket-proxy
environment:
- SERVICES=1
- TASKS=1
- NETWORKS=1
- NODES=1
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks:
- my-network
deploy:
placement:
constraints: [node.role == manager]
networks:
my-network:
driver: overlay
**NOTE:** Proxy the docker socket to my-service.
* The important line to add to each service is **DOCKER_HOST=tcp://docker-socket-proxy:2375**
* See: https://github.com/Tecnativa/docker-socket-proxy
----
===== References =====
https://docs.linuxserver.io/images/docker-socket-proxy/
https://github.com/Tecnativa/docker-socket-proxy