Docker
Starting with 0.27, you can now also deploy soketi on ARM-based devices using Docker.
soketi is also available via pre-built Docker images. To get started, you may simply run one of our available images:
Alpine-based Images
Since Alpine does not support BoringSSL, Soketi cannot serve native SSL through Alpine images. Learn why and use instead the Debian-based images. You can still use your proxy SSL in front of soketi.
Whenever a release, commit, or master merge is performed on the soketi GitHub repository, an image containing the required code to run the application in Docker is published to quay.io/soketi/soketi
.
The image tags use the following naming conventions:
[git_version]
represent the soketi version released to the Git repository. This usually is x.x.x
, unless it's a commit or the master branch. For commits, the value is the SHA hash of the commit. When using the master branch image, the value is latest
.
Currently, the only supported [node_version]
is 16-alpine
. This will be augmented in the future with additional Node versions.
The following example versions are valid:
0.34.1-16-alpine
(points to0.34.1
)0.34-16-alpine
(points to the latest0.34.x
)0-16-alpine
(points to the latest0.x
)latest-16-alpine
(points to the latest0.x
branch)
Distroless-based Image
Since Distroless does not support BoringSSL, Soketi cannot serve native SSL through Alpine images. Learn why and use instead the Debian-based images. You can still use your proxy SSL in front of soketi.
Thanks to a pull request by community member @nsmith5, distroless-based images are available starting with the 0.18.0
version.
The advantage of using a distroless container is that in the case of a remote code execution vulnerability the attacker cannot open a shell because there are no shells installed in the container. This makes an attack against the server much harder to achieve, but can also make running something like
kubectl exec <your soketi pod> -- /bin/bash
harder to debug since, again, there is no shell available within the container.
Distroless image tagging follows the same convention as the Alpine-based images, but the tags are suffixed with -distroless
instead of -alpine
.
We recommend using the distroless images in production to avoid any security issues involving remote code execution. However, keep in mind that debugging is not enabled and it might be harder to debug live containers / pods.
Last updated