Problem
The provided docker-compose.yml uses the Docker Socket Proxy with EXEC: 0, which blocks all exec-related Docker API calls. The Shell/Terminal feature (backend /exec WS endpoint, frontend terminal UI) cannot work in this security mode.
Impact
- Out of the box, Shell/Terminal is broken in compose usage.
- Users may be confused why the UI feature exists if it is always disabled by default.
Recommendation
- Make Shell feature an opt-in feature flag (
ENABLE_SHELL).
- If disabled, hide Shell UI/buttons and disable related endpoints.
- If enabled, clearly document the security model and required proxy settings (EXEC=1 needed).
- Consider requiring authentication when enabling Shell on LAN/WAN.
Problem
The provided docker-compose.yml uses the Docker Socket Proxy with
EXEC: 0, which blocks all exec-related Docker API calls. The Shell/Terminal feature (backend/execWS endpoint, frontend terminal UI) cannot work in this security mode.Impact
Recommendation
ENABLE_SHELL).