"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "docs/content/providers/docker.md" between
traefik-v2.3.2.src.tar.gz and traefik-v2.3.3.src.tar.gz

About: Traefik is a cloud native edge router, a reverse proxy and load balancer for HTTP and TCP-based applications.

docker.md  (traefik-v2.3.2.src):docker.md  (traefik-v2.3.3.src)
skipping to change at line 148 skipping to change at line 148
Traefik requires access to the docker socket to get its dynamic configuration. Traefik requires access to the docker socket to get its dynamic configuration.
You can specify which Docker API Endpoint to use with the directive [`endpoint`] (#endpoint). You can specify which Docker API Endpoint to use with the directive [`endpoint`] (#endpoint).
!!! warning "Security Note" !!! warning "Security Note"
Accessing the Docker API without any restriction is a security concern: Accessing the Docker API without any restriction is a security concern:
If Traefik is attacked, then the attacker might get access to the underlying host. If Traefik is attacked, then the attacker might get access to the underlying host.
{: #security-note } {: #security-note }
As explained in the Docker documentation: ([Docker Daemon Attack Surface pag e](https://docs.docker.com/engine/security/security/#docker-daemon-attack-surfac e)): As explained in the Docker documentation: ([Docker Daemon Attack Surface pag e](https://docs.docker.com/engine/security/#docker-daemon-attack-surface)):
!!! quote !!! quote
[...] only **trusted** users should be allowed to control your Docker da emon [...] [...] only **trusted** users should be allowed to control your Docker da emon [...]
??? success "Solutions" ??? success "Solutions"
Expose the Docker socket over TCP or SSH, instead of the default Unix so cket file. Expose the Docker socket over TCP or SSH, instead of the default Unix so cket file.
It allows different implementation levels of the [AAA (Authentication, A uthorization, Accounting) concepts](https://en.wikipedia.org/wiki/AAA_(computer_ security)), depending on your security assessment: It allows different implementation levels of the [AAA (Authentication, A uthorization, Accounting) concepts](https://en.wikipedia.org/wiki/AAA_(computer_ security)), depending on your security assessment:
- Authentication with Client Certificates as described in ["Protect the Docker daemon socket."](https://docs.docker.com/engine/security/https/) - Authentication with Client Certificates as described in ["Protect the Docker daemon socket."](https://docs.docker.com/engine/security/https/)
 End of changes. 1 change blocks. 
1 lines changed or deleted 1 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)