luckberg/unraid-docker-manager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
58e4fbdbbe7fd3d8861194baee49effab4f26b5e
unraid-docker-manager/.planning/phases/07-socket-security/07-01-PLAN.md
T
Lucas Berger f539bcbba4 docs(07): create phase plan for Socket Security 
Phase 07: Socket Security
- 3 plan(s) in 2 wave(s)
- Wave 1: 07-01 (deploy proxy - checkpoint)
- Wave 2: 07-02 (migrate workflow), 07-03 (verify blocking) - parallel
- Ready for execution

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-03 08:45:04 -05:00

4.6 KiB
Raw Blame History

phase, plan, type, wave, depends_on, files_modified, autonomous, user_setup, must_haves
phase plan type wave depends_on files_modified autonomous user_setup must_haves
07-socket-security 01 execute 1
false
service why dashboard_config
docker-socket-proxy Filtered Docker API access for n8n
task location
Install docker-socket-proxy from Unraid Community Apps Unraid Apps tab > Search 'dockersocket'
task location
Configure environment variables Container settings
task location
Add proxy to n8n's Docker network Container network settings
truths artifacts key_links
docker-socket-proxy container is running
Proxy is on same Docker network as n8n
Proxy has Docker socket mounted
path provides contains
docker-socket-proxy container HAProxy-based Docker API filtering CONTAINERS=1, IMAGES=1, POST=1, ALLOW_START=1, ALLOW_STOP=1, ALLOW_RESTARTS=1
from to via pattern
n8n container docker-socket-proxy:2375 Docker network DNS same custom bridge network
Deploy docker-socket-proxy container via Unraid Community Apps.

Purpose: Establish the proxy infrastructure that n8n will connect to instead of direct Docker socket access. This is the foundation that Plan 02 will wire up. Output: Running docker-socket-proxy container with correct environment variables and network configuration.

<execution_context> @/home/luc/.claude/get-shit-done/workflows/execute-plan.md @/home/luc/.claude/get-shit-done/templates/summary.md </execution_context>

@.planning/PROJECT.md @.planning/ROADMAP.md @.planning/STATE.md @.planning/phases/07-socket-security/07-CONTEXT.md @.planning/phases/07-socket-security/07-RESEARCH.md Task 1: Install and Configure docker-socket-proxy User must install docker-socket-proxy via Unraid Community Apps UI. 
**Steps:**
1. Open Unraid web UI > Apps tab
2. Search for "dockersocket" (tecnativa/docker-socket-proxy template)
3. Click Install
4. Configure the following settings:

**Container Name:** docker-socket-proxy

**Environment Variables (enable these):**
- CONTAINERS=1 (enable /containers/* endpoints)
- IMAGES=1 (enable /images/* endpoints - needed for update command)
- POST=1 (enable POST/PUT/DELETE operations)
- ALLOW_START=1 (enable start action)
- ALLOW_STOP=1 (enable stop action)
- ALLOW_RESTARTS=1 (enable restart action)

**Keep defaults (already 0/disabled):**
- BUILD=0
- COMMIT=0
- EXEC=0
- SECRETS=0
- AUTH=0

**Network Configuration:**
- Find n8n's custom network name (check n8n container settings)
- Add docker-socket-proxy to that same network

5. Click Apply to create the container
6. Verify container is running (green status)
Provide the following information to continue: 1. Container name (should be "docker-socket-proxy") 2. Docker network name that both n8n and proxy are on 3. Confirm container is running docker-socket-proxy container is running on same network as n8n Provide: container name, network name, and confirm running status Task 2: Verify Proxy Connectivity None (verification only) Using the n8n API, test that the proxy is reachable from n8n's perspective. 
1. Use n8n API to get workflow and find an Execute Command node
2. Test proxy connectivity by checking if n8n can resolve docker-socket-proxy hostname
3. Make a test API call through the proxy to list containers

If proxy is not reachable, the network configuration needs adjustment.
Run curl from n8n to proxy: `curl -s 'http://docker-socket-proxy:2375/v1.47/containers/json?all=true'` should return container list JSON n8n can reach docker-socket-proxy:2375 and receive valid Docker API responses 1. docker-socket-proxy container is running in Unraid 2. Container has correct environment variables (CONTAINERS=1, IMAGES=1, POST=1, ALLOW_START=1, ALLOW_STOP=1, ALLOW_RESTARTS=1) 3. Proxy is on the same Docker network as n8n 4. n8n can reach docker-socket-proxy:2375

<success_criteria>

  • docker-socket-proxy container running with correct config
  • n8n and proxy share a Docker network
  • Test curl from n8n to proxy returns container list </success_criteria>
After completion, create `.planning/phases/07-socket-security/07-01-SUMMARY.md`
Reference in New Issue View Git Blame Copy Permalink