I was recently thinking about setting up a transparent squid proxy at router level, I'm curious if it could be useful in this context.
psychowood
joined 11 months ago
Do you mean I should monitor my email server running on a XP?
I mean, we trust Root Certification Authorities, which are basically self-proclamed-as-trusted entities. At least CF became widespread and is community-trusted :)
I considered it, seems nice.
Problem is that they recommend a 12 physical cores and 12GB which is a waste for the usual selfhosted lab.
Since I was feeling bad for giving the wrong answer in another comment, I spin up a docker socket proxy and did some test :)
The main points are:
- add DOCKER_HOST variable pointing to your tcp socket
- add CONTAINERS=1 variable in docker-socker-proxy to allow reading containers, otherwise it will fails silently (unless you run glances with -d) with a 403
Here's a sample compose file, adjust to your needs. Please note that the tcp socket is not exposed outside of admin_net network and that glances does not have access to the docker.sock socket:
version: '3.3'
services:
admin-glances:
container_name: glances
restart: always
ports:
- '61208:61208'
environment:
- GLANCES_OPT=-w
- DOCKER_HOST=tcp://dockerproxy:2375
volumes:
- './glances/glances.conf:/glances/conf/glances.conf'
# - '/var/run/docker.sock:/var/run/docker.sock:ro'
pid: host
image: 'nicolargo/glances:latest-full'
networks:
admin_net:
admin-docker-socket-proxy:
container_name: dockerproxy
hostname: dockerproxy
image: tecnativa/docker-socket-proxy
environment:
- CONTAINERS=1
volumes:
- '/var/run/docker.sock:/var/run/docker.sock:ro'
# ports:
# - '2375:2375'
networks:
admin_net:
networks:
admin_net:
name: admin_net
Thanks, very interesting read. I've been to ESXi for 15 years more or less (first box was an atom miniitx vanilla board) but you really made me interested in PVE. As if I needed another project...