Harden Traefik security by accessing the Docker API through docker-socket-proxy
With these changes, we: - install https://github.com/Tecnativa/docker-socket-proxy via the https://github.com/devture/com.devture.ansible.role.container_socket_proxy Ansible role - make Traefik access the Docker API via TCP by connecting to this socket proxy - .. which allows us to run the Traefik container with less privileges (non-`root`, dropped capabilities)
This commit is contained in:
Slavi Pantaleev
@ -119,6 +119,8 @@
|
||||
- custom/matrix-user-creator
|
||||
- custom/matrix-common-after
|
||||
|
||||
- role: galaxy/com.devture.ansible.role.container_socket_proxy
|
||||
|
||||
- when: matrix_playbook_traefik_role_enabled | bool
|
||||
role: galaxy/com.devture.ansible.role.traefik
|
||||
|
||||
|
||||
Reference in New Issue
Block a user