Secure Treafik by using socket proxy for docker socket

proxy/docker-compose.yaml

@@ -16,8 +16,9 @@ services:
       - "--providers.docker=true"
       - "--providers.docker.exposedbydefault=false"
       - "--providers.docker.network=web"
+      - "--providers.docker.endpoint=tcp://docker-socket-proxy:2375"
       #- "--log.level=DEBUG"
-      - "--accesslog=true"
+      #- "--accesslog=true"
       - "--entrypoints.web.address=:80"
       - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
       - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
@@ -33,8 +34,8 @@ services:
       - "443:443"
     networks:
       - web
+      - proxy
     volumes:
-      - "/var/run/docker.sock:/var/run/docker.sock:ro"
       - ${VOLUMES_PATH}/letsencrypt:/letsencrypt
       - $PWD/tls.toml:/etc/traefik/tls.toml
     labels:
@@ -50,6 +51,16 @@ services:
       - "traefik.http.middlewares.auth.basicauth.users=${HTPASSWD}"
       - "docker.group=proxy"
 
+  docker-socket-proxy:
+    image: tecnativa/docker-socket-proxy
+    restart: unless-stopped
+    volumes: 
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    environment:
+      CONTAINERS: 1
+    networks:
+      - proxy
+
 
 #  whoami:
 #    image: containous/whoami
@@ -67,4 +78,4 @@ services:
 networks:
   web:
     external: true
-
+  proxy: