From 6ab08bdcb04a479d1046ce95e7fb23f4791a77c8 Mon Sep 17 00:00:00 2001
From: Gabe <gabe@gabesville.com>
Date: Thu, 14 May 2026 02:59:59 +0000
Subject: [PATCH] Update Security_Containers/docker-socket-proxy/compose.yaml

---
 .../docker-socket-proxy/compose.yaml          | 25 +++++++++++++------
 1 file changed, 18 insertions(+), 7 deletions(-)

diff --git a/Security_Containers/docker-socket-proxy/compose.yaml b/Security_Containers/docker-socket-proxy/compose.yaml
index 4519ba3..3ac37b6 100644
--- a/Security_Containers/docker-socket-proxy/compose.yaml
+++ b/Security_Containers/docker-socket-proxy/compose.yaml
@@ -3,14 +3,18 @@ services:
     image: tecnativa/docker-socket-proxy:latest
     container_name: socket-proxy
     restart: unless-stopped
+    security_opt:
+      - no-new-privileges:true
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
     environment:
-      CONTAINERS: 1   # Traefik needs this
-      SERVICES: 0
-      TASKS: 0
-      NETWORKS: 0
-      NODES: 0
+      # Timeouts (silences HAProxy warning, sane for event streaming)
+      TIMEOUT_CONNECT: 5
+      TIMEOUT_CLIENT: 3600
+      TIMEOUT_SERVER: 3600
+      # Traefik only needs CONTAINERS
+      CONTAINERS: 1
+      # Everything else explicitly off
       BUILD: 0
       COMMIT: 0
       CONFIGS: 0
@@ -18,15 +22,22 @@ services:
       EXEC: 0
       IMAGES: 0
       INFO: 0
+      NETWORKS: 0
+      NODES: 0
       PLUGINS: 0
       POST: 0
       SECRETS: 0
+      SERVICES: 0
+      SESSION: 0
       SWARM: 0
       SYSTEM: 0
+      TASKS: 0
       VOLUMES: 0
     networks:
-      - socket_proxy  # isolated network, NOT traefik_network
+      - socket_proxy
+
 networks:
   socket_proxy:
     name: docker_socket_proxy
-    driver: bridge
\ No newline at end of file
+    driver: bridge
+    internal: true  # no external routing — container-to-container only
\ No newline at end of file