Proxy_Containers/docker-socket-proxy/compose.yaml

services:
  socket-proxy:
    image: tecnativa/docker-socket-proxy:latest
    container_name: socket-proxy
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    # Access is container-to-container only via the internal bridge.
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      CONTAINERS: 1      # Flame label discovery + Traefik routing
      NETWORKS: 1        # Optional: Flame network-grouping feature # Set to 0 if you don't use that feature
      # Hard denies — every write surface explicitly closed
      BUILD: 0
      COMMIT: 0
      CONFIGS: 0
      DISTRIBUTION: 0
      EXEC: 0
      IMAGES: 0
      INFO: 0
      NODES: 0
      PLUGINS: 0
      POST: 0            # Critical — blocks ALL write methods
      SECRETS: 0
      SERVICES: 0
      SESSION: 0
      SWARM: 0
      SYSTEM: 0
      TASKS: 0
      VOLUMES: 0
    networks:
      - socket_proxy
    # constrain resource usage so a runaway process can't starve the host
    mem_limit: 64m
    cpus: "0.25"

networks:
  socket_proxy:
    name: docker_socket_proxy
    driver: bridge
    internal: true
Add Security_Containers/docker-socket-proxy/compose.yaml 2026-05-14 02:54:43 +00:00			`services:`
			`socket-proxy:`
			`image: tecnativa/docker-socket-proxy:latest`
			`container_name: socket-proxy`
			`restart: unless-stopped`
Update Security_Containers/docker-socket-proxy/compose.yaml 2026-05-14 02:59:59 +00:00			`security_opt:`
			`- no-new-privileges:true`
Update Proxy_Containers/docker-socket-proxy/compose.yaml 2026-05-25 20:09:48 +00:00			`# Access is container-to-container only via the internal bridge.`
Add Security_Containers/docker-socket-proxy/compose.yaml 2026-05-14 02:54:43 +00:00			`volumes:`
			`- /var/run/docker.sock:/var/run/docker.sock:ro`
			`environment:`
Update Proxy_Containers/docker-socket-proxy/compose.yaml 2026-05-25 20:09:48 +00:00			`CONTAINERS: 1 # Flame label discovery + Traefik routing`
			`NETWORKS: 1 # Optional: Flame network-grouping feature # Set to 0 if you don't use that feature`
			`# Hard denies — every write surface explicitly closed`
Add Security_Containers/docker-socket-proxy/compose.yaml 2026-05-14 02:54:43 +00:00			`BUILD: 0`
			`COMMIT: 0`
			`CONFIGS: 0`
			`DISTRIBUTION: 0`
			`EXEC: 0`
			`IMAGES: 0`
			`INFO: 0`
Update Security_Containers/docker-socket-proxy/compose.yaml 2026-05-14 02:59:59 +00:00			`NODES: 0`
Add Security_Containers/docker-socket-proxy/compose.yaml 2026-05-14 02:54:43 +00:00			`PLUGINS: 0`
Update Proxy_Containers/docker-socket-proxy/compose.yaml 2026-05-25 20:09:48 +00:00			`POST: 0 # Critical — blocks ALL write methods`
Add Security_Containers/docker-socket-proxy/compose.yaml 2026-05-14 02:54:43 +00:00			`SECRETS: 0`
Update Security_Containers/docker-socket-proxy/compose.yaml 2026-05-14 02:59:59 +00:00			`SERVICES: 0`
			`SESSION: 0`
Add Security_Containers/docker-socket-proxy/compose.yaml 2026-05-14 02:54:43 +00:00			`SWARM: 0`
			`SYSTEM: 0`
Update Security_Containers/docker-socket-proxy/compose.yaml 2026-05-14 02:59:59 +00:00			`TASKS: 0`
Add Security_Containers/docker-socket-proxy/compose.yaml 2026-05-14 02:54:43 +00:00			`VOLUMES: 0`
			`networks:`
Update Security_Containers/docker-socket-proxy/compose.yaml 2026-05-14 02:59:59 +00:00			`- socket_proxy`
Update Proxy_Containers/docker-socket-proxy/compose.yaml 2026-05-25 20:09:48 +00:00			`# constrain resource usage so a runaway process can't starve the host`
			`mem_limit: 64m`
			`cpus: "0.25"`
Update Security_Containers/docker-socket-proxy/compose.yaml 2026-05-14 02:59:59 +00:00
Update Security_Containers/docker-socket-proxy/compose.yaml 2026-05-14 02:55:44 +00:00			`networks:`
Update Security_Containers/docker-socket-proxy/compose.yaml 2026-05-14 02:56:32 +00:00			`socket_proxy:`
			`name: docker_socket_proxy`
Update Security_Containers/docker-socket-proxy/compose.yaml 2026-05-14 02:59:59 +00:00			`driver: bridge`
Update Proxy_Containers/docker-socket-proxy/compose.yaml 2026-05-25 20:09:48 +00:00			`internal: true`