From 4640eac0f40423fcaf4419ef7b4c56660ce29261 Mon Sep 17 00:00:00 2001
From: Gurulandia <gurulandia@outlook.com>
Date: Sun, 1 Mar 2026 12:24:46 +0200
Subject: [PATCH] Jemmaan

---
 .../oldyml-files/gl/docker-socket-proxy.yml   | 72 +++++++++++++++++++
 .../docker/2023/oldyml-files/gl/portainer.yml | 66 +++++++++++++++++
 .../2023/oldyml-files/gl/portainer_mgmt.yml   | 66 +++++++++++++++++
 3 files changed, 204 insertions(+)
 create mode 100644 config/docker/2023/oldyml-files/gl/docker-socket-proxy.yml
 create mode 100644 config/docker/2023/oldyml-files/gl/portainer.yml
 create mode 100644 config/docker/2023/oldyml-files/gl/portainer_mgmt.yml

diff --git a/config/docker/2023/oldyml-files/gl/docker-socket-proxy.yml b/config/docker/2023/oldyml-files/gl/docker-socket-proxy.yml
new file mode 100644
index 0000000..d573bd8
--- /dev/null
+++ b/config/docker/2023/oldyml-files/gl/docker-socket-proxy.yml
@@ -0,0 +1,72 @@
+version: "3.7"
+########################### NETWORKS
+# There is no need to create any networks outside this docker-compose file.
+# You may customize the network subnets (192.168.90.0/24 and 91.0/24) below as you please.
+# Docker Compose version 3.5 or higher required to define networks this way.
+networks:
+  gl_proxy:
+    name: gl_proxy
+    driver: bridge
+    ipam:
+      config:
+        - subnet: $GL_PROXY_SUBNET
+        - gateway: $GL_PROXY_GATEWAY 
+  default:
+    driver: bridge
+  gl_socket_proxy:
+    name: gl_socket_proxy
+    driver: bridge
+    ipam:
+      config:
+        - subnet: $GL_SOCKET_PROXY_SUBNET
+        - gateway: $GL_SOCKET_PROXY_GATEWAY
+
+########################### SERVICES
+services:
+  # Docker Socket Proxy - Security Enchanced Proxy for Docker Socket
+  socket-proxy:
+    container_name: gl-socket-proxy
+    image: tecnativa/docker-socket-proxy
+    restart: always
+    networks:
+      gl_socket_proxy:
+        ipv4_address: $SOCKET_PROXY_IP # You can specify a static IP
+    privileged: true
+    #ports:
+    # - "127.0.0.1:2375:2375" # Port 2375 should only ever get exposed to the internal network. When possible use this line.
+    # I use the next line instead, as I want portainer to manage multiple docker endpoints within my home network.
+    # - "2375:2375"
+    volumes:
+      - "/var/run/docker.sock:/var/run/docker.sock"
+    environment:
+      - LOG_LEVEL=info # debug,info,notice,warning,err,crit,alert,emerg
+      ## Variables match the URL prefix (i.e. AUTH blocks access to /auth/* parts of the API, etc.).
+      # 0 to revoke access.
+      # 1 to grant access.
+      ## Granted by Default
+      - EVENTS=1
+      - PING=1
+      - VERSION=1
+      ## Revoked by Default
+      # Security critical
+      - AUTH=0
+      - SECRETS=0
+      - POST=1 # Ouroboros
+      # Not always needed
+      - BUILD=0
+      - COMMIT=0
+      - CONFIGS=0
+      - CONTAINERS=1 # Traefik, portainer, etc.
+      - DISTRIBUTION=0
+      - EXEC=1
+      - IMAGES=1 # Portainer
+      - INFO=1 # Portainer
+      - NETWORKS=1 # Portainer
+      - NODES=0
+      - PLUGINS=0
+      - SERVICES=1 # Portainer
+      - SESSION=0
+      - SWARM=0
+      - SYSTEM=0
+      - TASKS=1 # Portaienr
+      - VOLUMES=1 # Portainer
diff --git a/config/docker/2023/oldyml-files/gl/portainer.yml b/config/docker/2023/oldyml-files/gl/portainer.yml
new file mode 100644
index 0000000..565b806
--- /dev/null
+++ b/config/docker/2023/oldyml-files/gl/portainer.yml
@@ -0,0 +1,66 @@
+version: "3.7"
+########################### NETWORKS
+# There is no need to create any networks outside this docker-compose file.
+# You may customize the network subnets (192.168.90.0/24 and 91.0/24) below as you please.
+# Docker Compose version 3.5 or higher required to define networks this way.
+networks:
+  proxy:
+    name: proxy
+    driver: bridge
+    ipam:
+      config:
+        - subnet: $PROXY_SUBNET
+          gateway: $PROXY_GATEWAY 
+#  default:
+#    driver: bridge
+  socket_proxy:
+    name: socket_proxy
+    driver: bridge
+    ipam:
+      config:
+        - subnet: $SOCKET_PROXY_SUBNET
+          gateway: $SOCKET_PROXY_GATEWAY
+
+########################### SERVICES
+volumes:
+  portainer-data:
+    driver: local
+services:
+  # Portainer - WebUI for Containers
+  portainer:
+    container_name: mgmt-portainer
+    image: portainer/portainer-ce:latest
+    restart: unless-stopped
+    command: -H $DOCKER_ENDPOINT # Use Docker Socket Proxy instead for improved security
+    networks:
+      proxy:
+#        ipv4_address: $PORTAINER_IP0
+      socket_proxy:
+ #       ipv4_address: $PORTAINER_IP1
+    security_opt:
+      - no-new-privileges:true        
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - portainer-data:/data
+    ports:
+      - '9000:9000'
+#      - '9001:9000'
+#      - '9443:9443'
+#      - '8000:8000'
+ 
+    volumes:
+ #     - /var/run/docker.sock:/var/run/docker.sock
+      - portainer-data:/data
+      #- $DOCKERDIR/appdata/portainer/data:/data # Change to local directory if you want to save/transfer config locally
+    environment:
+      - TZ=$TZ
+#    labels:
+    #  - "traefik.enable=true"
+      ## HTTP Routers
+    #  - "traefik.http.routers.portainer-rtr.entrypoints=https"
+    #  - "traefik.http.routers.portainer-rtr.rule=Host(`portainer.$DOMAINNAME0`)"
+      ## Middlewares
+    #  - "traefik.http.routers.portainer-rtr.middlewares=chain-authelia@file"
+      ## HTTP Services
+    #  - "traefik.http.routers.portainer-rtr.service=portainer-svc"
+    #  - "traefik.http.services.portainer-svc.loadbalancer.server.port=9000"
diff --git a/config/docker/2023/oldyml-files/gl/portainer_mgmt.yml b/config/docker/2023/oldyml-files/gl/portainer_mgmt.yml
new file mode 100644
index 0000000..ea63c5e
--- /dev/null
+++ b/config/docker/2023/oldyml-files/gl/portainer_mgmt.yml
@@ -0,0 +1,66 @@
+version: "3.7"
+########################### NETWORKS
+# There is no need to create any networks outside this docker-compose file.
+# You may customize the network subnets (192.168.90.0/24 and 91.0/24) below as you please.
+# Docker Compose version 3.5 or higher required to define networks this way.
+networks:
+  proxy:
+    name: proxy
+    driver: bridge
+    ipam:
+      config:
+        - subnet: $PROXY_SUBNET
+          gateway: $PROXY_GATEWAY 
+#  default:
+#    driver: bridge
+#  socket_proxy:
+#    name: socket_proxy
+#    driver: bridge
+#    ipam:
+#      config:
+#        - subnet: $SOCKET_PROXY_SUBNET
+#          gateway: $SOCKET_PROXY_GATEWAY
+
+########################### SERVICES
+volumes:
+  portainer-data:
+    driver: local
+services:
+  # Portainer - WebUI for Containers
+  portainer:
+    container_name: mgmt-portainer
+    image: portainer/portainer-ce:latest
+    restart: unless-stopped
+ #   command: -H $DOCKER_ENDPOINT # Use Docker Socket Proxy instead for improved security
+    networks:
+      proxy:
+#        ipv4_address: $PORTAINER_IP0
+ #     socket_proxy:
+ #       ipv4_address: $PORTAINER_IP1
+    security_opt:
+      - no-new-privileges:true        
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - portainer-data:/data
+    ports:
+#      - '9000:9000'
+      - '9001:9000'
+#      - '9443:9443'
+#      - '8000:8000'
+ 
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - portainer-data:/data
+      #- $DOCKERDIR/appdata/portainer/data:/data # Change to local directory if you want to save/transfer config locally
+    environment:
+      - TZ=$TZ
+#    labels:
+    #  - "traefik.enable=true"
+      ## HTTP Routers
+    #  - "traefik.http.routers.portainer-rtr.entrypoints=https"
+    #  - "traefik.http.routers.portainer-rtr.rule=Host(`portainer.$DOMAINNAME0`)"
+      ## Middlewares
+    #  - "traefik.http.routers.portainer-rtr.middlewares=chain-authelia@file"
+      ## HTTP Services
+    #  - "traefik.http.routers.portainer-rtr.service=portainer-svc"
+    #  - "traefik.http.services.portainer-svc.loadbalancer.server.port=9000"