Skip to content

feat: add SOCKET_PROXY_PORT environment variable#46

Closed
upmcplanetracker wants to merge 1 commit into
linuxserver:mainfrom
upmcplanetracker:main
Closed

feat: add SOCKET_PROXY_PORT environment variable#46
upmcplanetracker wants to merge 1 commit into
linuxserver:mainfrom
upmcplanetracker:main

Conversation

@upmcplanetracker

@upmcplanetracker upmcplanetracker commented Jun 9, 2026

Copy link
Copy Markdown

Added new env SOCKET_PROXY_PORT that defaults to 2375 but is user changeable in rootless podman environments with Network=host as well as other cases.

linuxserver.io

  • [x ] I have read the contributing guideline and understand that I have made the correct modifications

Description:

This PR adds an optional SOCKET_PROXY_PORT environment variable to the docker-entrypoint.sh script. It allows users to override the default port (2375). If the variable is not set, it defaults to 2375 to ensure full backward compatibility.

Benefits of this PR and context:

This change is primarily to support network=host deployment configurations. When running in host networking mode, standard Docker -p or PublishPort mappings are ignored. Users are currently forced to use the hardcoded 2375 port, which leads to conflicts if other services on the host are already using it. This change provides the flexibility needed for hardened or complex production environments. This also addresses the request originally opened in issue #44.

How Has This Been Tested?

I tested this by pulling the image and manually overriding the docker-entrypoint.sh logic on a local NUC. I verified that:

  • Setting SOCKET_PROXY_PORT=9999 correctly updates the HAProxy configuration file to bind to port 9999.
  • Leaving the variable unset defaults the configuration to 2375 as expected.
  • IPv6 handling remains intact with the new port variable.
  • The container starts and proxies the Docker socket correctly under both default and custom port configurations.

Source / References:

Requested in issue: #44

@upmcplanetracker
Update docker-entrypoint.sh
73bb7e4 
Added new env SOCKET_PROXY_PORT that defaults to 2375 but is user changeable
github-actions[bot]
github-actions Bot reviewed Jun 9, 2026
View reviewed changes

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for opening this pull request! Be sure to follow the pull request template!

@aptalca

aptalca commented Jun 9, 2026

Copy link
Copy Markdown
Member

network=host is a really bad idea from a security perspective. For this container we don't even recommend port mapping on the host.

You're really supposed to put this container in a user defined bridge network along with the other container that needs access, isolated from anything else. The connection should go through that isolated network only.

@LinuxServer-CI LinuxServer-CI moved this from PRs to Done in Issue & PR Tracker Jun 9, 2026
@upmcplanetracker

upmcplanetracker commented Jun 9, 2026
edited
Loading

Copy link
Copy Markdown
Author

Thank you for reviewing it.
You have a good point re: security there and the setup to minimize security issues. I'll close the PR.
I appreciate the work you do on this repo. I've found it to be a very helpful container for me across my two servers.

@upmcplanetracker upmcplanetracker mentioned this pull request Jun 9, 2026
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

Issue & PR Tracker
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@upmcplanetracker @aptalca @LinuxServer-CI