Docker Socket Proxy Support in Cloudron
-
wrote on Nov 7, 2024, 11:36 PM last edited by
I try to use AppAPI and deploy with default configuration that configure the host of docket socket proxy in nextcloud-appapi-dsp:2375
When I try to connect the daemon then it seems it fails
Is this procedure supported in Cloudron?
-
Not sure what AppAPI is but you want nextcloud to talk to deploy containers via Docker? This seems like a big security risk, no? Nextcloud can delete other apps and inspect all other containers etc completely breaking isolation.
-
wrote on Nov 9, 2024, 12:38 AM last edited by
Actually it's a new feature in NC 30, please refer to this documentation https://docs.nextcloud.com/server/latest/admin_manual/ai/app_api_and_external_apps.html
-
I had a quick look but this is essentially launching containers via docker API and exposing the docker socket to nextcloud (PHP). I think at Cloudron level, we can't support this. I recommend setting up a separate VM with docker and then connect nextcloud to run containers there with TLS . See https://github.com/nextcloud/docker-socket-proxy?tab=readme-ov-file#docker-with-tls . This way nextcloud doesn't interfere with other containers. it's quite a big security risk to expose docker socket to apps.
-
N nebulon marked this topic as a question on Nov 9, 2024, 9:40 PM
-
N nebulon has marked this topic as solved on Nov 9, 2024, 9:40 PM