Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/wollomatic/traefik-hardened

hardened rootless Traefik v2 deployment without mounting the Docker socket into the Traefik container
https://github.com/wollomatic/traefik-hardened

docker-compose docker-socket-proxy letsencrypt socket-proxy traefik traefik-docker traefik-security traefik-v2 traefik2

Last synced: 2 months ago
JSON representation

hardened rootless Traefik v2 deployment without mounting the Docker socket into the Traefik container

Host: GitHub
URL: https://github.com/wollomatic/traefik-hardened
Owner: wollomatic
Created: 2021-10-17T18:25:09.000Z (about 3 years ago)
Default Branch: master
Last Pushed: 2024-05-22T06:44:37.000Z (8 months ago)
Last Synced: 2024-05-22T17:10:26.691Z (8 months ago)
Topics: docker-compose, docker-socket-proxy, letsencrypt, socket-proxy, traefik, traefik-docker, traefik-security, traefik-v2, traefik2
Homepage:
Size: 39.1 KB
Stars: 86
Watchers: 3
Forks: 4
Open Issues: 1
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

awesome - wollomatic/traefik2-hardened - hardened rootless traefik2 deployment without mounting the docker socket into the traefik container (others)

README

# traefik2-hardened

This is an example configuration of Traefik v2 for use with docker compose.
It demonstrates some good security practices like running as an unprivileged user, using a read-only container and not mounting the docker socket into the container.

As of October 2023, the Tecnativa docker socket proxy is replaced with wollomatic/socket-proxy.
This is because the new socket proxy is written in Go, allowing a more hardened deployment. For an example with Technativa's docker proxy, see the the docker-compose.yaml file tagged before 2.10.

TLS certificates are generated automatically using Let's Encrypt.