LAB-linuxserver/docker-mods
1
0
Fork 0
mirror of https://github.com/linuxserver/docker-mods.git synced 2026-01-21 04:43:29 +08:00
Code Issues Packages Projects Releases Wiki Activity
19 Commits 103 Branches 0 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
aptalca 74335d1429 move auto generated confs into the container
2021-05-29 23:16:23 -04:00
.github/workflows
swag-auto-proxy: initial commit
2021-05-29 16:57:37 -04:00
root
move auto generated confs into the container
2021-05-29 23:16:23 -04:00
.dockerignore
create template branch
2020-02-02 15:55:44 -05:00
.gitattributes
create template branch
2020-02-02 15:55:44 -05:00
.gitignore
create template branch
2020-02-02 15:55:44 -05:00
Dockerfile
swag-auto-proxy: initial commit
2021-05-29 16:57:37 -04:00
LICENSE
LICENSE
2019-05-30 20:35:20 +01:00
README.md
swag-auto-proxy: initial commit
2021-05-29 16:57:37 -04:00

README.md

Auto-proxy - Docker mod for SWAG

This mod gives SWAG the ability to auto-detect running containers via labels and automatically enable reverse proxy for them.

Requirements:

  • This mod needs the universal-docker mod installed and set up with either mapping docker.sock or setting the environment variable DOCKER_HOST=remoteaddress.
  • Other containers to be auto-detected and reverse proxied should be in the same user defined bridge network as SWAG.
  • Containers to be auto-detected and reverse proxied must have a label swag=enable at a minimum.
  • To benefit from curated preset proxy confs we provide, the container name must match the container names that are suggested in our readme examples (ie. radarr and not Radarr-4K).

Labels:

  • swag=enable - required for auto-detection
  • swag_port=80 - optional - overrides internal exposed port
  • swag_proto=http - optional - overrides internal proto (defaults to http)
  • swag_url=containername.domain.com - optional - overrides server_name (defaults to containername.*)
  • swag_auth=authelia - optional - enables auth methods (options are authelia, ldap and http for basic http auth)
  • swag_auth_bypass=/api,/othersubfolder - optional - bypasses auth for selected subfolders. Comma separated, no spaces.

In SWAG docker arguments, set an environment variable DOCKER_MODS=linuxserver/mods:universal-docker|linuxserver/mods:swag-auto-proxy and either add a volume mapping for /var/run/docker.sock:/var/run/docker.sock:ro, or set an environment var DOCKER_HOST=remoteaddress.

Security Consideration:

Mapping the docker.sock, especially in a publicly accessible container is a security liability. Since this mod only needs read-only access to the docker api, the recommended method is to proxy the docker.sock via a solution like tecnativa/docker-socket-proxy, limit the access, and set DOCKER_HOST= to point to the proxy address.

Here's a sample compose yaml snippet for tecnativa/docker-socket-proxy:

  dockerproxy:
    image: ghcr.io/tecnativa/docker-socket-proxy:latest
    container_name: dockerproxy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    restart: unless-stopped
    environment:
      - CONTAINERS=1
      - POST=0

Then the env var in SWAG can be set as DOCKER_HOST=dockerproxy. This will allow docker cli in SWAG to be able to retrieve info on other containers, but it won't be allowed to spin up new containers.

Description
No description provided
Readme GPL-3.0 6.5 MiB
Languages
Text 100%