6675f2a169
- Updated Docker Compose files to use digest-pinned images for CI contexts. - Enhanced Dockerfile to pin Go tool installations and verify external downloads with SHA256 checksums. - Added Renovate configuration for tracking Go tool versions and digest updates. - Introduced a new design document outlining the architecture and data flow for dependency tracking. - Created tasks and requirements documentation to ensure compliance with the new digest pinning policy. - Updated security documentation to reflect the new digest pinning policy and exceptions.
20 lines
865 B
YAML
20 lines
865 B
YAML
version: '3.9'
|
|
|
|
services:
|
|
# Run this service on your REMOTE servers (not the one running Charon)
|
|
# to allow Charon to discover containers running there (legacy: CPMP).
|
|
docker-socket-proxy:
|
|
image: alpine/socat:latest@sha256:bd8d6a251eb7d1b8c08f7117e3e583e14ec86f43f25d2bf31a6e16ff5dc15f58
|
|
container_name: docker-socket-proxy
|
|
restart: unless-stopped
|
|
ports:
|
|
# Expose port 2375.
|
|
# ⚠️ SECURITY WARNING: Ensure this port is NOT accessible from the public internet!
|
|
# Use a VPN (Tailscale, WireGuard) or a private local network (LAN).
|
|
- "2375:2375"
|
|
volumes:
|
|
# Give the proxy access to the host's Docker socket
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
# Forward TCP traffic from port 2375 to the internal Docker socket
|
|
command: tcp-listen:2375,fork,reuseaddr unix-connect:/var/run/docker.sock
|