r0b0tn11k
CCoder.com
•Created by r0b0tn11k on 2/6/2025 in #help
Coder proxied access to Docker Engine docker.sock
Thanks.
9 replies
CCoder.com
•Created by r0b0tn11k on 2/6/2025 in #help
Coder proxied access to Docker Engine docker.sock
I think we may be talking about the very same thing but I'm just trying to piece that together in my head.
To confirm, if I'm running Coder Server inside a Docker container, the bind mount to
/var/run/docker.sock is optional, and if I want to spin up Docker container based workspaces, I can instead use the Docker provisioner TF to define how to consume the Docker API with:
9 replies
CCoder.com
•Created by r0b0tn11k on 2/6/2025 in #help
Coder proxied access to Docker Engine docker.sock
Hey Atif, I mean for running Coder server within Docker.
I see that it currently needs write access to
/var/run/docker.sock which is generally not recommended. Docker socket access can also be exposed through a TCP connection, which effectively prevents someone from issuing Docker Engine API commands directly via a socket, which can promote container breakout scenarios. For example; Traefik, Portainer and other apps that want to interact with the Docker socket can use the tcp://machine:2375 notation . I wanted to understand if it was possible use this instead of direct socket access9 replies