Gabesville/Docker-Compose
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update Proxy_Containers/docker-socket-proxy/compose.yaml

Browse Source
This commit is contained in:
Gabe
2026-05-25 20:09:48 +00:00
parent bf0400f516
commit b9424d32e7
1 changed files with 9 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Proxy_Containers/docker-socket-proxy/compose.yaml
+9 -6
View File
@@ -5,12 +5,13 @@ services:
restart: unless-stopped restart: unless-stopped
security_opt: security_opt:
- no-new-privileges:true - no-new-privileges:true
# Access is container-to-container only via the internal bridge.
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro - /var/run/docker.sock:/var/run/docker.sock:ro
environment: environment:
# Traefik only needs CONTAINERS CONTAINERS: 1 # Flame label discovery + Traefik routing
CONTAINERS: 1 NETWORKS: 1 # Optional: Flame network-grouping feature # Set to 0 if you don't use that feature
# Everything else explicitly off # Hard denies — every write surface explicitly closed
BUILD: 0 BUILD: 0
COMMIT: 0 COMMIT: 0
CONFIGS: 0 CONFIGS: 0
@@ -18,10 +19,9 @@ services:
EXEC: 0 EXEC: 0
IMAGES: 0 IMAGES: 0
INFO: 0 INFO: 0
NETWORKS: 0
NODES: 0 NODES: 0
PLUGINS: 0 PLUGINS: 0
POST: 0 POST: 0 # Critical — blocks ALL write methods
SECRETS: 0 SECRETS: 0
SERVICES: 0 SERVICES: 0
SESSION: 0 SESSION: 0
@@ -31,9 +31,12 @@ services:
VOLUMES: 0 VOLUMES: 0
networks: networks:
- socket_proxy - socket_proxy
# constrain resource usage so a runaway process can't starve the host
mem_limit: 64m
cpus: "0.25"
networks: networks:
socket_proxy: socket_proxy:
name: docker_socket_proxy name: docker_socket_proxy
driver: bridge driver: bridge
internal: true # no external routing — container-to-container only internal: true