khanh.pndc/nextcloud-docs
1
0
Fork 0
mirror of https://github.com/nextcloud/documentation.git synced 2025-12-14 00:19:22 +07:00
Code Issues Packages Projects Releases Wiki Activity
Files
macos-vfs-update
nextcloud-docs/developer_manual/exapp_development/faq/DockerSocketProxy.rst
Joas Schilling d47918e6bf fix: Add marker to positions that need adjusting on branch off 
Signed-off-by: Joas Schilling <coding@schilljs.com>
2025-01-31 16:00:27 +01:00

59 lines
2.3 KiB
ReStructuredText
Raw Permalink Blame History

Docker Socket Proxy
===================
The recommended way to setup the AppAPI Deploy daemon
is to use our `Docker Socket Proxy implementation <https://github.com/nextcloud/docker-socket-proxy>`_.
Nextcloud AppAPI DSP
--------------------
Nextcloud AppAPI DSP (Docker Socket Proxy) is a simple Docker container that provides a secure way to access the Docker Engine API and ExApps.
It is secured with haproxy Basic authentication.
There are two parts of reverse proxy configuration:
- HaProxy config for `Docker Engine API <https://github.com/nextcloud/docker-socket-proxy/blob/main/haproxy.cfg.template>`_
- HaProxy config for `ExApps <https://github.com/nextcloud/docker-socket-proxy/blob/main/haproxy_ex_apps.cfg.template>`_
.. note::
For remote Docker Socket Proxy setup, it should expose the ports on the host.
.. _faq_nextcloud-aio-docker-socket-proxy:
Nextcloud AIO
-------------
Nextcloud AIO implements its own `Docker Socket Proxy container <https://github.com/nextcloud/all-in-one/tree/main/Containers/docker-socket-proxy>`_;
you just need to tick the checkbox in the AIO configuration interface to enable it.
AppAPI automatically creates the default Deploy daemon configuration for Nextcloud AIO.
See `Nextcloud in Docker AIO (all-in-one) <https://docs.nextcloud.com/server/latest/admin_manual/exapps_management/DeployConfigurations.html#nextcloud-in-docker-aio-all-in-one>`_ for more details.
.. TODO ON RELEASE: Update version number above on release
.. note::
Nextcloud AIO is not limited to its default Deploy daemon.
You can setup any other Deploy daemon (local or remote) for use in AppAPI.
Other implementations
---------------------
Our implementation is inspired by `Tecnativa Docker Socket Proxy <https://github.com/Tecnativa/docker-socket-proxy>`_.
By default, it restricts access to the required by AppAPI Docker Engine APIs.
In this case, you will have to enable these APIs via the environment variables:
- ``IMAGES=1``
- ``CONTAINER=1``
- ``POST=1``
.. note::
For local Deploy daemon setup, other implementations of Docker Socket Proxy may be enough.
But for remote Deploy daemon setup, we recommend using our DSP,
as `we allow <https://github.com/nextcloud/docker-socket-proxy/blob/main/haproxy.cfg.template>`_ only the Docker Engine APIs we actually use in AppAPI,
and it is additionally secured with haproxy authentication.
Reference in New Issue View Git Blame Copy Permalink