I'm working on a server hosting project in clients need to be able to access an xterm virtual terminal of their docker container which would allow them to interact with the running process.
For that to be possible, i exposed the dockerd API on the local network, which in turn makes it fully available to the webserver. Clients on the local network can access the ws attach endpoint but also the rest of the API, which is a side effect i surely don't want.
My issue is that i now need to make the websocket attach endpoint reachable to outside clients, without exposing the full api. Is this possible, and if so how?
Here's a diagram of what i think would be the ideal structure to achieve
