Docker-Socket-Proxy

Overview

The Socket Proxy is a security-enhanced proxy which allows you to apply access rules to the Docker socket, limiting the attack surface for containers such as watchtower or Traefik that need to use it.

Runtime arguments

Network: bridge
Privileged: true
Extra Params: --read-only --tmpfs /run

Template configuration

Allow POSTVariable

When set to 0, only GET and HEAD operations are allowed, making API access read-only.

Target: POST
Default: 0|1

Allow Container StartsVariable

Allow starting containers.

Target: ALLOW_START
Default: 0|1

Allow Container StopsVariable

Allow stopping containers.

Target: ALLOW_STOP
Default: 0|1

Allow Container RestartsVariable

Allow restarting containers.

Target: ALLOW_RESTARTS
Default: 0|1

Allow Auth EndpointVariable

Allow access to the auth endpoint.

Target: AUTH
Default: 0|1

Allow Build EndpointVariable

Allow access to the build endpoint.

Target: BUILD
Default: 0|1

Allow Commit EndpointVariable

Allow access to the commit endpoint.

Target: COMMIT
Default: 0|1

Allow Configs EndpointVariable

Allow access to the configs endpoint.

Target: CONFIGS
Default: 0|1

Allow Containers EndpointVariable

Allow access to the containers endpoint.

Target: CONTAINERS
Default: 0|1

Allow Distribution EndpointVariable

Allow access to the distribution endpoint.

Target: DISTRIBUTION
Default: 0|1

Disable IPv6Variable

Set to 1 to prevent binding to the IPv6 interface for legacy systems that cannot support IPv6.

Target: DISABLE_IPV6
Default: 0|1

Allow Events EndpointVariable

Allow access to the events endpoint.

Target: EVENTS
Default: 1|0

Allow Exec EndpointVariable

Allow access to the exec endpoint.

Target: EXEC
Default: 0|1

Allow Images EndpointVariable

Allow access to the images endpoint.

Target: IMAGES
Default: 0|1

Allow Info EndpointVariable

Allow access to the info endpoint.

Target: INFO
Default: 0|1

Allow Networks EndpointVariable

Allow access to the networks endpoint.

Target: NETWORKS
Default: 0|1

Allow Nodes EndpointVariable

Allow access to the nodes endpoint.

Target: NODES
Default: 0|1

Allow Ping EndpointVariable

Allow access to the ping endpoint.

Target: PING
Default: 1|0

Allow Plugins EndpointVariable

Allow access to the plugins endpoint.

Target: PLUGINS
Default: 0|1

Allow Secrets EndpointVariable

Allow access to the secrets endpoint.

Target: SECRETS
Default: 0|1

Allow Services EndpointVariable

Allow access to the services endpoint.

Target: SERVICES
Default: 0|1

Allow Session EndpointVariable

Allow access to the session endpoint.

Target: SESSION
Default: 0|1

Allow Swarm EndpointVariable

Allow access to the swarm endpoint.

Target: SWARM
Default: 0|1

Allow System EndpointVariable

Allow access to the system endpoint.

Target: SYSTEM
Default: 0|1

Allow Tasks EndpointVariable

Allow access to the tasks endpoint.

Target: TASKS
Default: 0|1

Allow Version EndpointVariable

Allow access to the version endpoint.

Target: VERSION
Default: 1|0

Allow Volumes EndpointVariable

Allow access to the volumes endpoint.

Target: VOLUMES
Default: 0|1

Docker socketPathrw

Path to the Docker socket

Target: /var/run/docker.sock
Default: /var/run/docker.sock
Value: /var/run/docker.sock

Log LevelVariable

Set the log level for the proxy.

Target: LOG_LEVEL
Default: info|debug|notice|warning|err|crit|alert|emerg

Links

Template Support Docker Hub Project

Details

Repository

lscr.io/linuxserver/socket-proxy:latest

Registry

https://registry.hub.docker.com/r/lscr.io/linuxserver/socket-proxy

Last Updated2026-05-01

First Seen2025-06-07

Run Docker-Socket-Proxy on Unraid.

Docker-Socket-Proxy is listed in Community Apps for Unraid OS. Explore Unraid to build a flexible home server, NAS, or homelab.

Explore Unraid OS