is a cloud native edge router, a reverse proxy and load balancer for HTTP and TCP-based applications.
| docker.md (traefik-v2.3.2.src) | : | docker.md (traefik-v2.3.3.src) |
|---|
| | |
| skipping to change at line 148 | | skipping to change at line 148 |
|---|
| Traefik requires access to the docker socket to get its dynamic configuration. | | Traefik requires access to the docker socket to get its dynamic configuration. |
| | |
| You can specify which Docker API Endpoint to use with the directive [`endpoint`]
(#endpoint). | | You can specify which Docker API Endpoint to use with the directive [`endpoint`]
(#endpoint). |
| | |
| !!! warning "Security Note" | | !!! warning "Security Note" |
| | |
| Accessing the Docker API without any restriction is a security concern: | | Accessing the Docker API without any restriction is a security concern: |
| If Traefik is attacked, then the attacker might get access to the underlying
host. | | If Traefik is attacked, then the attacker might get access to the underlying
host. |
| {: #security-note } | | {: #security-note } |
| | |
|
| As explained in the Docker documentation: ([Docker Daemon Attack Surface pag
e](https://docs.docker.com/engine/security/security/#docker-daemon-attack-surfac
e)): | | As explained in the Docker documentation: ([Docker Daemon Attack Surface pag
e](https://docs.docker.com/engine/security/#docker-daemon-attack-surface)): |
| | |
| !!! quote | | !!! quote |
| [...] only **trusted** users should be allowed to control your Docker da
emon [...] | | [...] only **trusted** users should be allowed to control your Docker da
emon [...] |
| | |
| ??? success "Solutions" | | ??? success "Solutions" |
| | |
| Expose the Docker socket over TCP or SSH, instead of the default Unix so
cket file. | | Expose the Docker socket over TCP or SSH, instead of the default Unix so
cket file. |
| It allows different implementation levels of the [AAA (Authentication, A
uthorization, Accounting) concepts](https://en.wikipedia.org/wiki/AAA_(computer_
security)), depending on your security assessment: | | It allows different implementation levels of the [AAA (Authentication, A
uthorization, Accounting) concepts](https://en.wikipedia.org/wiki/AAA_(computer_
security)), depending on your security assessment: |
| | |
| - Authentication with Client Certificates as described in ["Protect the
Docker daemon socket."](https://docs.docker.com/engine/security/https/) | | - Authentication with Client Certificates as described in ["Protect the
Docker daemon socket."](https://docs.docker.com/engine/security/https/) |
| | | |
| End of changes. 1 change blocks. |
|---|
| 1 lines changed or deleted | | 1 lines changed or added |
|---|
"Fossies" - the Fresh Open Source Software Archive 