version: "3.7" ########################### NETWORKS # There is no need to create any networks outside this docker-compose file. # You may customize the network subnets (192.168.90.0/24 and 91.0/24) below as you please. # Docker Compose version 3.5 or higher required to define networks this way. networks: proxy: name: proxy driver: bridge ipam: config: - subnet: $PROXY_SUBNET gateway: $PROXY_GATEWAY # default: # driver: bridge socket_proxy: name: socket_proxy driver: bridge ipam: config: - subnet: $SOCKET_PROXY_SUBNET gateway: $SOCKET_PROXY_GATEWAY ########################### SERVICES services: # Docker Socket Proxy - Security Enchanced Proxy for Docker Socket socket-proxy: container_name: socket-proxy image: ghcr.io/tecnativa/docker-socket-proxy:edge restart: always networks: socket_proxy: # ipv4_address: $SOCKET_PROXY_IP # You can specify a static IP privileged: true ports: # - "127.0.0.1:2375:2375" # Port 2375 should only ever get exposed to the internal network. When possible use this line. # I use the next line instead, as I want portainer to manage multiple docker endpoints within my home network. - "2375:2375" volumes: - "/var/run/docker.sock:/var/run/docker.sock" environment: - LOG_LEVEL=info # debug,info,notice,warning,err,crit,alert,emerg ## Variables match the URL prefix (i.e. AUTH blocks access to /auth/* parts of the API, etc.). # 0 to revoke access. # 1 to grant access. ## Granted by Default - EVENTS=1 - PING=1 - VERSION=1 ## Revoked by Default # Security critical - AUTH=0 - SECRETS=0 - POST=1 # Ouroboros # Not always needed - BUILD=0 - COMMIT=0 - CONFIGS=0 - CONTAINERS=1 # Traefik, portainer, etc. - DISTRIBUTION=0 - EXEC=1 - IMAGES=1 # Portainer - INFO=1 # Portainer - NETWORKS=1 # Portainer - NODES=0 - PLUGINS=0 - SERVICES=1 # Portainer - SESSION=0 - SWARM=0 - SYSTEM=0 - TASKS=1 # Portaienr - VOLUMES=1 # Portainer