Fixed illustration

.dockerignore

@@ -3,9 +3,7 @@
 .gitignore
 README.md
 LICENSE
-VERSION
 *.log
 *.tmp
 .env
 docker-compose.yaml
-Dockerfile.minimal

.env

@@ -1,4 +1,5 @@
-# Socat Proxy Configuration
-TARGET_HOST=
-TARGET_PORT=
-SOCKET_PATH=
+TARGET_HOST= # Target hostname/IP to proxy to
+TARGET_PORT= # Target port to proxy to
+UNIX_SOCKET_NAME= # Name of the socket file
+UNIX_SOCKET_PATH= # Path to UNIX socket inside container
+HOST_SOCKET_PATH= # Host path for socket mounting

Dockerfile

@@ -1,11 +1,9 @@
 FROM alpine:latest
 
-# Install socat and netcat in a single RUN command and clean up cache
 RUN apk add --no-cache socat netcat-openbsd \
     && rm -rf /var/cache/apk/* /tmp/*
 
-# Create socket directory and copy/set permissions in single layers
-COPY entrypoint.sh /entrypoint.sh
+COPY entrypoint.sh VERSION /
 RUN mkdir -p /socket \
     && chmod +x /entrypoint.sh
 

README.MD

@@ -2,17 +2,43 @@
 
 A lightweight Docker container that creates a UNIX socket proxy to TCP connections using socat and Alpine Linux.
 
+> [!NOTE]
+>_Github repo is a mirror of https://git.djeex.fr/Djeex/socat-proxy. You'll find full package, history and release note there._
+
+## 📑 Table of Contents
+
+- [🚀 Features](#-features)
+- [🔧 How It Works](#-how-it-works)
+- [📋 Use Case](#-use-case)
+- [🛠️ Configuration](#️-configuration)
+  - [Environment Variables](#environment-variables)
+- [🚢 Quick Start](#-quick-start)
+  - [Using Docker Compose (Recommended)](#using-docker-compose-recommended)
+  - [Using Docker Run](#using-docker-run)
+- [💡 Deployment example for Beszel](#-example-secure-docker-socket-access-for-host-mode-containers)
+
 ## 🚀 Features
 
-- **Lightweight**: Based on Alpine Linux (~10-15MB image)
 - **Configurable**: Environment variable driven configuration
 - **Socket Management**: Automatic UNIX socket creation and cleanup
 - **Production Ready**: Includes proper error handling and logging
-- **Multi-variant**: Standard and minimal Docker images available
 
-## 📋 Use Cases example
+## 🔧 How It Works
 
-- Proxy Docker socket from a docker proxy to a container in host mode
+1. **Socket Check**: Verifies if UNIX socket exists at startup
+2. **Cleanup**: Removes existing socket file/folder if present
+3. **Socket Creation**: Creates new UNIX socket using `nc -lU`
+4. **Proxy Start**: Starts socat to proxy UNIX socket to TCP endpoint
+
+## 📋 Use Case
+
+Proxy Docker socket from a docker proxy to a container in host mode without directly exposing socket to host. For example:
+
+[Beszel](https://beszel.dev/) is a monitoring tool that requires `network_mode: host` to function properly. This creates a security challenge: Beszel needs access to the Docker socket, but it cannot reach a containerized docker-socket-proxy due to the network isolation. Running docker-socket-proxy in host mode or exposing port to host would also be highly insecure.
+
+**Socat-proxy solves this problem** by creating a secure bridge between host-mode containers and containerized socket proxies. It exposes a UNIX socket file on the host filesystem that Beszel can access, while securely forwarding all Docker API requests to the socket-proxy running on the bridge network.
+
+![](https://git.djeex.fr/Djeex/socat-proxy/raw/branch/main/illustration/socat-proxy.svg)
 
 ## 🛠️ Configuration
 
@@ -22,50 +48,109 @@ A lightweight Docker container that creates a UNIX socket proxy to TCP connectio
 |----------|---------|-------------|---------|
 | `TARGET_HOST` | - | Target hostname/IP to proxy to | `socket-proxy-beszel` |
 | `TARGET_PORT` | - | Target port to proxy to | `2375` |
-| `UNIX_SOCKET_PATH` | - | Path to UNIX socket inside container | `/socket/docker.sock` |
-| `SOCKET_PATH` | - | Host path for socket mounting | `/your/container/sock/` |
+| `UNIX_SOCKET_NAME` | - | Name of the socket file | `docker.sock` |
+| `UNIX_SOCKET_PATH` | - | Path to UNIX socket inside container | `/socket` |
+| `HOST_SOCKET_PATH` | - | Host path for socket mounting | `/docker/beszel-agent/sock` |
+| `DEBUG_LEVEL` | - | Level of logs verbose | `0`,`1`,`2`,`3`  |
 
 ## 🚢 Quick Start
 
 ### Using Docker Compose (Recommended)
 
-1. Clone the repository:
+1. Create a `.env` file with your configuration:
 ```bash
-git clone https://git.djeex.fr/Djeex/socat-proxy
-cd socat-proxy
+TARGET_HOST= #your target host
+TARGET_PORT= #your target host port
+UNIX_SOCKET_NAME= #your socket file name
+UNIX_SOCKET_PATH= #your socket folder path inside socat-proxy
+HOST_SOCKET_PATH= #your socket folder path inside your host
+DEBUG_LEVEL=1
 ```
 
-2. Configure environment variables in `.env` file:
-```bash
-TARGET_HOST= #  Target hostname/IP to proxy to
-TARGET_PORT= # Target port to proxy to
-UNIX_SOCKET_PATH= # Path to UNIX socket inside container
-HOST_SOCKET_PATH= # Host path for socket mounting
+2. Create a `compose.yml` file:
+```yaml
+services:
+  socat-proxy:
+    image: git.djeex.fr/djeex/socat-proxy:latest
+    environment:
+      - TARGET_HOST=${TARGET_HOST}
+      - TARGET_PORT=${TARGET_PORT}
+      - UNIX_SOCKET_NAME=${UNIX_SOCKET_NAME}
+      - UNIX_SOCKET_PATH=${UNIX_SOCKET_PATH}
+      - HOST_SOCKET_PATH=${HOST_SOCKET_PATH}
+      - DEBUG_LEVEL=${DEBUG_LEVEL}
+    volumes:
+      - ${HOST_SOCKET_PATH}:${UNIX_SOCKET_PATH}
+    restart: unless-stopped
 ```
 
 3. Start the service:
 ```bash
-docker-compose up -d
+docker compose up -d
 ```
 
 ### Using Docker Run
 
 ```bash
-docker build -t socat-proxy .
-
 docker run -d \
   --name socat-proxy \
-  -e TARGET_HOST=your-target-host \
-  -e TARGET_PORT=your-target-port \
-  -e UNIX_SOCKET_PATH=your-unix-socket-path \
-  -e HOST_SOCKET_PATH=your-socket-host-path \
-  -v /your-origin-socket-path:/socket \
-  socat-proxy
+  -e TARGET_HOST= #your target host \
+  -e TARGET_PORT= #your target host port \
+  -e UNIX_SOCKET_NAME= #your socket file name \
+  -e UNIX_SOCKET_PATH= #your socket folder path inside socat-proxy \
+  -e HOST_SOCKET_PATH= #your socket folder path inside your host\
+  -e DEBUG_LEVEL=1 \
+  -v ${HOST_SOCKET_PATH}:${UNIX_SOCKET_PATH}$ \
+  git.djeex.fr/djeex/socat-proxy:latest
 ```
 
-## 🔧 How It Works
 
-1. **Socket Check**: Verifies if UNIX socket exists at startup
-2. **Cleanup**: Removes existing socket file/folder if present
-3. **Socket Creation**: Creates new UNIX socket using `nc -lU`
-4. **Proxy Start**: Starts socat to proxy UNIX socket to TCP endpoint
+## 💡 Deployment example for Beszel
+
+```yaml
+services:
+  socat-proxy:
+    image: git.djeex.fr/djeex/socat-proxy:latest
+    container_name: socat-proxy-beszel
+    environment:
+      - TARGET_HOST=${TARGET_HOST}
+      - TARGET_PORT=${TARGET_PORT}
+      - UNIX_SOCKET_PATH=${UNIX_SOCKET_PATH}
+      - HOST_SOCKET_PATH=${HOST_SOCKET_PATH}
+      - UNIX_SOCKET_NAME=${UNIX_SOCKET_NAME}
+    volumes:
+      - ${HOST_SOCKET_PATH}:${UNIX_SOCKET_PATH}
+    restart: unless-stopped
+    depends_on:
+      - ${TARGET_HOST}
+
+  socket-proxy:
+    image: lscr.io/linuxserver/socket-proxy:latest
+    container_name: ${TARGET_HOST}
+    security_opt:
+      - no-new-privileges:true
+    environment:
+      - CONTAINERS=1
+      - INFO=1
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    restart: unless-stopped
+    read_only: true
+    tmpfs:
+      - /run
+
+  beszel-agent:
+    image: henrygd/beszel-agent:latest
+    container_name: beszel-agent
+    restart: unless-stopped
+    network_mode: host
+    security_opt:
+      - no-new-privileges:true
+    volumes:
+      - ${HOST_SOCKET_PATH}/${UNIX_SOCKET_NAME}:/var/run/docker.sock:ro
+    environment:
+      - #... your Beszel environment var 
+    depends_on:
+      - socat-proxy
+```
+

VERSION

@@ -1 +1 @@
-0.1
+1.0.0

docker-compose.yaml

@@ -1,21 +1,13 @@
-version: '3.8'
-
+---
 services:
   socat-proxy:
     build: .
     environment:
-      - TARGET_HOST=${TARGET_HOST:}
-      - TARGET_PORT=${TARGET_PORT:}
+      - TARGET_HOST=${TARGET_HOST}
+      - TARGET_PORT=${TARGET_PORT}
+      - UNIX_SOCKET_NAME=${UNIX_SOCKET_NAME}
       - UNIX_SOCKET_PATH=${UNIX_SOCKET_PATH}
+      - HOST_SOCKET_PATH=${HOST_SOCKET_PATH}
     volumes:
-      - ${HOST_SOCKET_PATH:-/tmp/docker-proxy}:/socket
-    networks:
-      - proxy-network
+      - ${HOST_SOCKET_PATH}:${UNIX_SOCKET_PATH}
     restart: unless-stopped
-
-volumes:
-  socket_volume:
-
-networks:
-  proxy-network:
-    external: false

entrypoint.sh

@@ -1,100 +1,145 @@
 #!/bin/sh
 set -e
 
-# Set default values if not provided
-TARGET_HOST=${TARGET_HOST}
-TARGET_PORT=${TARGET_PORT}
-UNIX_SOCKET_PATH=${UNIX_SOCKET_PATH}
-UNIX_SOCKET_NAME=$(basename "$UNIX_SOCKET_PATH")
-HOST_SOCKET_PATH=${HOST_SOCKET_PATH}
+CYAN="\033[1;36m"
+NC="\033[0m"
+
+DEBUG_LEVEL=${DEBUG_LEVEL:-1}
+UNIX_SOCKET_PATH=${UNIX_SOCKET_PATH%/}
+HOST_SOCKET_PATH=${HOST_SOCKET_PATH%/}
+
+FULL_HOST_SOCKET_PATH="$HOST_SOCKET_PATH/$UNIX_SOCKET_NAME"
+FULL_UNIX_SOCKET_PATH="$UNIX_SOCKET_PATH/$UNIX_SOCKET_NAME"
+
+VERSION=$(cat VERSION)
+
+echo -e "${CYAN}╭────────────────────────────────────────────────╮${NC}"
+echo -e "${CYAN}│${NC}            Socat-proxy - Version ${VERSION}${NC}         ${CYAN}│${NC}"
+echo -e "${CYAN}├────────────────────────────────────────────────┤${NC}"
+echo -e "${CYAN}│${NC} Source: https://git.djeex.fr/Djeex/socat-proxy ${CYAN}│${NC}"
+echo -e "${CYAN}│${NC} Mirror: https://github.com/Djeex/socat-proxy   ${CYAN}│${NC}"
+echo -e "${CYAN}╰────────────────────────────────────────────────╯${NC}"
+
 
 # Validate required environment variables
 if [ -z "$TARGET_HOST" ]; then
-    echo "ERROR: TARGET_HOST environment variable is required"
+    echo "[✗] TARGET_HOST environment variable is required"
     exit 1
 fi
 
 if [ -z "$TARGET_PORT" ]; then
-    echo "ERROR: TARGET_PORT environment variable is required"
+    echo "[✗] TARGET_PORT environment variable is required"
+    exit 1
+fi
+
+if [ -z "$UNIX_SOCKET_NAME" ]; then
+    echo "[✗] UNIX_SOCKET_NAME environment variable is required"
     exit 1
 fi
 
 if [ -z "$UNIX_SOCKET_PATH" ]; then
-    echo "ERROR: UNIX_SOCKET_PATH environment variable is required"
+    echo "[✗] UNIX_SOCKET_PATH environment variable is required"
     exit 1
 fi
 
 if [ -z "$HOST_SOCKET_PATH" ]; then
-    echo "ERROR: HOST_SOCKET_PATH environment variable is required"
+    echo "[✗] HOST_SOCKET_PATH environment variable is required"
     exit 1
 fi
 
-echo "Starting socat proxy..."
-echo "UNIX socket: $UNIX_SOCKET_PATH"
-echo "TCP target: $TARGET_HOST:$TARGET_PORT"
-echo "HOST path: $HOST_SOCKET_PATH"
-echo "Full socket path: $FULL_SOCKET_PATH"
+echo "[~] Starting socat proxy..."
+echo "[i] TCP target: $TARGET_HOST:$TARGET_PORT"
+echo "[i] HOST path: $HOST_SOCKET_PATH"
+echo "[i] Full host socket path: $FULL_HOST_SOCKET_PATH"
+echo "[i] Full socket path: $FULL_UNIX_SOCKET_PATH"
 
 # Check if socket file/folder exists and handle it
-FULL_SOCKET_PATH="$HOST_SOCKET_PATH/$UNIX_SOCKET_NAME"
-if [ -e "$FULL_SOCKET_PATH" ]; then
-    echo "Socket file/folder $FULL_SOCKET_PATH exists, removing it..."
-    if rm -rf "$FULL_SOCKET_PATH"; then
-        echo "SUCCESS: Removed existing socket $FULL_SOCKET_PATH"
+if [ -e "$FULL_UNIX_SOCKET_PATH" ]; then
+    echo "[~] Socket file/folder $FULL_UNIX_SOCKET_PATH exists, removing it..."
+    if rm -rf "$FULL_UNIX_SOCKET_PATH"; then
+        echo "[✓] Removed existing socket $FULL_UNIX_SOCKET_PATH"
     else
-        echo "ERROR: Failed to remove existing socket $FULL_SOCKET_PATH"
+        echo "[✗] Failed to remove existing socket $FULL_UNIX_SOCKET_PATH"
         exit 1
     fi
 fi
 
-echo "Creating socket directory structure..."
+echo "[~] Creating socket directory structure..."
 # Create directory if needed
-if mkdir -p "$HOST_SOCKET_PATH"; then
-    echo "SUCCESS: Created directory $HOST_SOCKET_PATH"
+if mkdir -p "$UNIX_SOCKET_PATH"; then
+    echo "[✓] Created directory $UNIX_SOCKET_PATH"
 else
-    echo "ERROR: Failed to create directory $HOST_SOCKET_PATH"
+    echo "[✗] Failed to create directory $UNIX_SOCKET_PATH"
     exit 1
 fi
 
-echo "Creating socket with netcat..."
-# Create socket with nc -lU in background and then kill it to create the socket file
-if timeout 1 nc -lU "$FULL_SOCKET_PATH" 2>/dev/null || true; then
-    echo "SUCCESS: Socket created at $FULL_SOCKET_PATH"
+echo "[~] Creating socket with netcat..."
+# Create socket file by touching it, then remove it (this creates the path but leaves it clean for socat)
+touch "$FULL_UNIX_SOCKET_PATH"
+rm "$FULL_UNIX_SOCKET_PATH"
+echo "[✓] Socket path prepared at $FULL_UNIX_SOCKET_PATH"
+
+# Debug: Check if socket file exists and its permissions
+if [ -S "$FULL_UNIX_SOCKET_PATH" ]; then
+    echo "[✓] Socket file exists and is a socket"
+    ls -la "$FULL_UNIX_SOCKET_PATH"
 else
-    echo "WARNING: Socket creation with netcat had issues, but continuing..."
+    echo "[!] Socket file does not exist or is not a socket"
+    ls -la "$UNIX_SOCKET_PATH"
 fi
 
-echo "Testing connection to target..."
+echo "[~] Testing connection to target..."
 # Test if we can reach the target before starting socat
 if ! nc -z "$TARGET_HOST" "$TARGET_PORT" 2>/dev/null; then
-    echo "WARNING: Cannot connect to $TARGET_HOST:$TARGET_PORT - socat will retry automatically"
+    echo "[!] Cannot connect to $TARGET_HOST:$TARGET_PORT - socat will retry automatically"
 else
-    echo "SUCCESS: Connection to $TARGET_HOST:$TARGET_PORT is working"
+    echo "[✓] Connection to $TARGET_HOST:$TARGET_PORT is working"
 fi
 
 # Signal handler for graceful shutdown
 cleanup() {
-    echo "Received SIGTERM, shutting down gracefully..."
+    echo "[!] Received SIGTERM, shutting down gracefully..."
     if [ ! -z "$SOCAT_PID" ]; then
-        echo "Stopping socat process (PID: $SOCAT_PID)..."
+        echo "[~] Stopping socat process (PID: $SOCAT_PID)..."
         kill "$SOCAT_PID" 2>/dev/null || true
         wait "$SOCAT_PID" 2>/dev/null || true
     fi
-    echo "Cleanup completed, exiting..."
+    echo "[~] Cleanup completed, exiting..."
     exit 0
 }
 
 # Set up signal trap
 trap cleanup SIGTERM SIGINT
 
-echo "Starting socat proxy..."
-# Start socat with verbose logging and redirect to stdout/stderr
-if socat -d -d UNIX-LISTEN:$UNIX_SOCKET_PATH,fork,unlink-early TCP:$TARGET_HOST:$TARGET_PORT & then
+echo "[~] Starting socat proxy..."
+# Start socat with configurable verbosity
+DEBUG_FLAGS=""
+if [ "$DEBUG_LEVEL" -eq 1 ]; then
+    DEBUG_FLAGS="-d"
+elif [ "$DEBUG_LEVEL" -eq 2 ]; then
+    DEBUG_FLAGS="-d -d"
+elif [ "$DEBUG_LEVEL" -eq 3 ]; then
+    DEBUG_FLAGS="-d -d -d"
+fi
+
+echo "[i] Using debug level: $DEBUG_LEVEL ($DEBUG_FLAGS)"
+
+if socat $DEBUG_FLAGS UNIX-LISTEN:$FULL_UNIX_SOCKET_PATH,fork,unlink-early TCP:$TARGET_HOST:$TARGET_PORT & then
     SOCAT_PID=$!
-    echo "SUCCESS: Socat started with PID: $SOCAT_PID"
-    echo "Container is ready and running..."
+    echo "[✓] Socat started with PID: $SOCAT_PID"
+    echo "[i] Socat command: socat -d -d UNIX-LISTEN:$FULL_UNIX_SOCKET_PATH,fork,unlink-early TCP:$TARGET_HOST:$TARGET_PORT"
+    echo "[~] Container is ready and running..."
+    
+    # Debug: Check socket after socat starts
+    sleep 2
+    if [ -S "$FULL_UNIX_SOCKET_PATH" ]; then
+        echo "[✓] Socat socket is active"
+        ls -la "$FULL_UNIX_SOCKET_PATH"
+    else
+        echo "[!] Socat socket not found"
+    fi
 else
-    echo "ERROR: Failed to start socat proxy"
+    echo "[✗] Failed to start socat proxy"
     exit 1
 fi
 
@@ -103,6 +148,5 @@ while kill -0 "$SOCAT_PID" 2>/dev/null; do
     sleep 1
 done
 
-echo "Socat process has stopped"
-exit 1
-
+echo "[✗] Socat process has stopped"
+exit 1