eliott/authentik
1
0
Fork 0
mirror of https://github.com/goauthentik/authentik synced 2026-04-27 18:07:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

website/docs: update info about docker socket mount (#18344)

Browse Source 
* Update info about docker socket mounting

* Apply suggestions from code review

Co-authored-by: Dominic R <dominic@sdko.org>
Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/docs/install-config/install/docker-compose.mdx

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

---------

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Dominic R <dominic@sdko.org>
Co-authored-by: Jens L. <jens@goauthentik.io>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
This commit is contained in:
Dewi Roberts
2025-11-25 12:10:27 +00:00
committed by GitHub
parent 1c1e9af22b
commit 5b9f97deb4
2 changed files with 19 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
website/docs/add-secure-apps/outposts/integrations/docker.md
View File

@@ -41,7 +41,7 @@ authentik requires the following permissions from the Docker API:
## Docker Socket Proxy
Mapping the Docker socket to a container comes with some inherent security risks. Applications inside these containers have unfettered access to the full Docker API, which can be used to gain unauthorized access to sensitive Docker functions.
Mounting the Docker socket to a container comes with some inherent security risks. Applications inside these containers have unfettered access to the full Docker API, which can be used to gain unauthorized access to sensitive Docker functions.
It can also result in possible root escalation on the host system.
@@ -49,7 +49,9 @@ To prevent this, many people use projects like [docker-socket-proxy](https://doc
See [permissions](#permissions) for the list of APIs that authentik needs access to.
Note: Connections from authentik to Docker socket proxy must be made over HTTP, not TCP, e.g. `http://<docker-socket-proxy hostname/container name>:<port>`.
:::warning
Connections from authentik to Docker socket proxy must be made over HTTP, not TCP, e.g. `http://<docker-socket-proxy hostname or container name>:<port>`.
:::
## Remote hosts (TLS)
@@ -66,7 +68,7 @@ Create an integration with `Docker CA` as _TLS Verification Certificate_ and `Do
authentik can connect to remote Docker hosts using SSH. To configure this, create a new SSH keypair using these commands:
```
```shell
# Generate the keypair itself, using RSA keys in the PEM format
ssh-keygen -t rsa -f authentik -N "" -m pem
# Generate a certificate from the private key, required by authentik.