LAB-linuxserver/docker-mods
1
0
Fork 0
mirror of https://github.com/linuxserver/docker-mods.git synced 2026-01-21 04:43:29 +08:00
Code Issues Packages Projects Releases Wiki Activity
42 Commits 103 Branches 0 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
aptalca 8d7babeba2
recommend our docker socket proxy
2024-04-10 15:34:12 -04:00
.github/workflows
swag-auto-proxy update/add workflows
2023-05-18 14:43:40 -04:00
root
Update root/etc/s6-overlay/s6-rc.d/init-mod-swag-auto-proxy-setup/run
2023-11-02 15:43:04 -04:00
.dockerignore
create template branch
2020-02-02 15:55:44 -05:00
.gitattributes
create template branch
2020-02-02 15:55:44 -05:00
.gitignore
create template branch
2020-02-02 15:55:44 -05:00
Dockerfile
swag-auto-proxy update/add workflows
2023-05-18 14:43:40 -04:00
LICENSE
LICENSE
2019-05-30 20:35:20 +01:00
README.md
recommend our docker socket proxy
2024-04-10 15:34:12 -04:00

README.md

Auto-proxy - Docker mod for SWAG

This mod gives SWAG the ability to auto-detect running containers via labels and automatically enable reverse proxy for them.

Requirements:

  • This mod needs the universal-docker mod installed and set up with either mapping docker.sock or setting the environment variable DOCKER_HOST=remoteaddress.
  • Other containers to be auto-detected and reverse proxied should be in the same user defined bridge network as SWAG.
  • Containers to be auto-detected and reverse proxied must have a label swag=enable at a minimum.
  • To benefit from curated preset proxy confs we provide, the container name must match the container names that are suggested in our readme examples (ie. radarr and not Radarr-4K).

Labels:

  • swag=enable - required for auto-detection
  • swag_address=containername - optional - overrides upstream app address. Can be set to an IP or a DNS hostname. Defaults to container name.
  • swag_port=80 - optional - overrides internal exposed port (if no preset conf and this label not set, auto-proxy will default to first detected exposed port)
  • swag_proto=http - optional - overrides internal proto (defaults to http)
  • swag_url=containername.domain.com - optional - overrides server_name (defaults to containername.*)
  • swag_auth=authelia - optional - enables auth methods (options are authelia, authentik, ldap and http for basic http auth)
  • swag_auth_bypass=/api,/othersubfolder - optional - bypasses auth for selected subfolders. Comma separated, no spaces.
  • swag_server_custom_directive=custom_directive; - optional - injects the label value as is into the server block of the generated conf. Must be a valid nginx directive, ending with a semi colon.

In SWAG docker arguments, set an environment variable DOCKER_MODS=linuxserver/mods:universal-docker|linuxserver/mods:swag-auto-proxy and either add a volume mapping for /var/run/docker.sock:/var/run/docker.sock:ro, or set an environment var DOCKER_HOST=remoteaddress.

Security Consideration:

Mapping the docker.sock, especially in a publicly accessible container is a security liability. Since this mod only needs read-only access to the docker api, the recommended method is to proxy the docker.sock via a solution like our docker socket proxy, limit the access, and set DOCKER_HOST= to point to the proxy address.

Here's a sample compose yaml snippet for tecnativa/docker-socket-proxy:

  dockerproxy:
    image: lscr.io/linuxserver/socket-proxy:latest
    container_name: dockerproxy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    restart: unless-stopped
    environment:
      - CONTAINERS=1
      - POST=0

Then the env var in SWAG can be set as DOCKER_HOST=dockerproxy. This will allow docker cli in SWAG to be able to retrieve info on other containers, but it won't be allowed to spin up new containers.

Description
No description provided
Readme GPL-3.0 6.5 MiB
Languages
Text 100%