{"id":626,"date":"2024-07-22T12:36:41","date_gmt":"2024-07-22T12:36:41","guid":{"rendered":"https:\/\/dockerpros.com\/?p=626"},"modified":"2024-07-22T12:36:41","modified_gmt":"2024-07-22T12:36:41","slug":"buenas-practicas-para-asegurar-contenedores-docker-en-produccion","status":"publish","type":"post","link":"https:\/\/dockerpros.com\/es\/security\/best-practices-for-securing-docker-containers-in-production\/","title":{"rendered":"Best Practices for Securing Docker Containers in Production"},"content":{"rendered":"<h1>Securing Docker Containers: An Advanced Guide<\/h1>\n<p>As organizations continue to adopt containerization for its agility and efficiency, securing Docker containers becomes a paramount concern. Docker simplifies the process of deploying applications but also introduces security challenges that demand a comprehensive approach. This article delves into advanced strategies for securing Docker containers, emphasizing best practices, essential tools, and methodologies to mitigate risks associated with containerization.<\/p>\n<h2>Understanding Docker Security Basics<\/h2>\n<p>Before diving into advanced security practices, it\u2019s crucial to understand Docker\u2019s architecture and the inherent security features and vulnerabilities it presents.<\/p>\n<h3>Docker Architecture<\/h3>\n<p>Docker is built around a client-server architecture, consisting of three main components:<\/p>\n<ol>\n<li><strong>Docker <span class=\"glossaryai-tooltip glossary-term-667\"><span class=\"glossaryai-link\"><a href=\"https:\/\/dockerpros.com\/es\/wiki\/daemon\/\" target=\"_blank\">demonio<\/a><\/span><span class=\"gai-content-hidden glossaryai-tooltip-content\"><span class=\"gai-tooltip-body\"><span class=\"glossaryai-tooltip-text\">Un demonio es un proceso en segundo plano en inform\u00e1tica que se ejecuta de manera aut\u00f3noma, realizando tareas sin intervenci\u00f3n del usuario. Generalmente gestiona funciones a nivel de sistema o de aplicaci\u00f3n, mejorando la eficiencia.<span class=\"glossaryai-more-link\"> <a href=\"https:\/\/dockerpros.com\/es\/wiki\/daemon\/\">More \u00bb<\/a><\/span><\/span><\/span><\/span><\/span><\/strong>: The core <span class=\"glossaryai-tooltip glossary-term-681\"><span class=\"glossaryai-link\"><a href=\"https:\/\/dockerpros.com\/es\/wiki\/service\/\" target=\"_blank\">servicio<\/a><\/span><span class=\"gai-content-hidden glossaryai-tooltip-content\"><span class=\"gai-tooltip-body\"><span class=\"glossaryai-tooltip-text\">Service refers to the act of providing assistance or support to fulfill specific needs or requirements. In various domains, it encompasses customer service, technical support, and professional services, emphasizing efficiency and user satisfaction.<span class=\"glossaryai-more-link\"> <a href=\"https:\/\/dockerpros.com\/es\/wiki\/service\/\">More \u00bb<\/a><\/span><\/span><\/span><\/span><\/span> que gestiona contenedores.<\/li>\n<li><strong>Docker Client<\/strong>: The command-line interface (CLI) that interacts with the Docker <span class=\"glossaryai-tooltip glossary-term-667\"><span class=\"glossaryai-link\"><a href=\"https:\/\/dockerpros.com\/es\/wiki\/daemon\/\" target=\"_blank\">servicio<\/a><\/span><span class=\"gai-content-hidden glossaryai-tooltip-content\"><span class=\"gai-tooltip-body\"><span class=\"glossaryai-tooltip-text\">Un demonio es un proceso en segundo plano en inform\u00e1tica que se ejecuta de manera aut\u00f3noma, realizando tareas sin intervenci\u00f3n del usuario. Generalmente gestiona funciones a nivel de sistema o de aplicaci\u00f3n, mejorando la eficiencia.<span class=\"glossaryai-more-link\"> <a href=\"https:\/\/dockerpros.com\/es\/wiki\/daemon\/\">More \u00bb<\/a><\/span><\/span><\/span><\/span><\/span>.<\/li>\n<li><strong><span class=\"glossaryai-tooltip glossary-term-736\"><span class=\"glossaryai-link\"><a href=\"https:\/\/dockerpros.com\/es\/wiki\/docker-registry\/\" target=\"_blank\">Registro de Docker<\/a><\/span><span class=\"gai-content-hidden glossaryai-tooltip-content\"><span class=\"gai-tooltip-body\"><span class=\"glossaryai-tooltip-text\">A Docker Registry is a storage and distribution system for Docker images. It allows developers to upload, manage, and share container images, facilitating efficient deployment in diverse environments.<span class=\"glossaryai-more-link\"> <a href=\"https:\/\/dockerpros.com\/es\/wiki\/docker-registry\/\">More \u00bb<\/a><\/span><\/span><\/span><\/span><\/span><\/strong>: A <span class=\"glossaryai-tooltip glossary-term-659\"><span class=\"glossaryai-link\"><a href=\"https:\/\/dockerpros.com\/es\/wiki\/repository\/\" target=\"_blank\">repositorio<\/a><\/span><span class=\"gai-content-hidden glossaryai-tooltip-content\"><span class=\"gai-tooltip-body\"><span class=\"glossaryai-tooltip-text\">Un repositorio es una ubicaci\u00f3n centralizada donde se almacenan, gestionan y mantienen datos, c\u00f3digo o documentos. Facilita el control de versiones, la colaboraci\u00f3n y el intercambio eficiente de recursos entre los usuarios.<span class=\"glossaryai-more-link\"> <a href=\"https:\/\/dockerpros.com\/es\/wiki\/repository\/\">More \u00bb<\/a><\/span><\/span><span class=\"gai-tooltip-video-wrapper\"><span class=\"gai-tooltip-video\" data-src=\"https:\/\/www.youtube.com\/embed\/_OXj8BGxNPY?rel=0&#038;modestbranding=1\"><\/span><\/span><\/span><\/span><\/span> for storing and distributing Docker images.<\/li>\n<\/ol>\n<p>While Docker abstracts application dependencies and environments, this separation also creates potential attack vectors.<\/p>\n<h3>Aislaci\u00f3n de contenedores<\/h3>\n<p>Los contenedores Docker comparten el kernel del sistema operativo host pero mantienen espacios de usuario aislados. Esta aislaci\u00f3n proporciona un nivel de seguridad; sin embargo, las vulnerabilidades en el kernel pueden ser explotadas, afectando a todos los contenedores. Comprender este modelo de responsabilidad compartida es crucial para asegurar los contenedores.<\/p>\n<h2>Advanced Security Practices<\/h2>\n<p>Con una comprensi\u00f3n s\u00f3lida de la arquitectura de Docker, exploremos pr\u00e1cticas de seguridad avanzadas que pueden ayudar a mitigar riesgos.<\/p>\n<h3>1. Utilice im\u00e1genes base m\u00ednimas<\/h3>\n<p>Al construir im\u00e1genes de Docker, es esencial comenzar con im\u00e1genes base m\u00ednimas para reducir la superficie de ataque. <\/p>\n<ul>\n<li><strong>Alpine Linux<\/strong>: Una opci\u00f3n popular por su naturaleza ligera y simplicidad.<\/li>\n<li><strong>Im\u00e1genes Distroless\n\nLas im\u00e1genes Distroless son im\u00e1genes de contenedor optimizadas que contienen solo la aplicaci\u00f3n y sus dependencias de tiempo de ejecuci\u00f3n, sin paquetes de sistema operativo adicionales como shells, administradores de paquetes o herramientas de desarrollo. Estas im\u00e1genes est\u00e1n dise\u00f1adas para ser m\u00e1s peque\u00f1as, m\u00e1s seguras y m\u00e1s eficientes que las im\u00e1genes de contenedor tradicionales.\n\nLas im\u00e1genes Distroless son mantenidas por Google y est\u00e1n disponibles para varios lenguajes de programaci\u00f3n y entornos de ejecuci\u00f3n, incluyendo Java, Node.js, Python, Go, Rust, y m\u00e1s. Estas im\u00e1genes se basan en Alpine Linux, que es una distribuci\u00f3n Linux ligera y segura.\n\nAlgunos de los beneficios de usar im\u00e1genes Distroless incluyen:\n\n1. Tama\u00f1o reducido: Las im\u00e1genes Distroless son significativamente m\u00e1s peque\u00f1as que las im\u00e1genes de contenedor tradicionales, lo que resulta en tiempos de descarga m\u00e1s r\u00e1pidos y un uso reducido de almacenamiento.\n\n2. Mayor seguridad: Al eliminar paquetes y herramientas innecesarios, las im\u00e1genes Distroless reducen la superficie de ataque y minimizan el riesgo de vulnerabilidades de seguridad.\n\n3. Mejor rendimiento: Con menos componentes, las im\u00e1genes Distroless pueden iniciarse m\u00e1s r\u00e1pidamente y consumir menos recursos del sistema.\n\n4. Cumplimiento de pol\u00edticas de seguridad: Muchas organizaciones tienen pol\u00edticas de seguridad que requieren el uso de im\u00e1genes de contenedor m\u00ednimas y seguras. Las im\u00e1genes Distroless pueden ayudar a cumplir con estos requisitos.\n\nPara usar im\u00e1genes Distroless, puedes especificarlas en tu archivo Dockerfile en lugar de las im\u00e1genes base tradicionales. Por ejemplo, para una aplicaci\u00f3n Java, puedes usar la siguiente l\u00ednea en tu Dockerfile:\n\n```\nFROM gcr.io\/distroless\/java:11\n```\n\nEsto descargar\u00e1 la imagen Distroless para Java 11 y la usar\u00e1 como base para tu contenedor.\n\nEs importante tener en cuenta que las im\u00e1genes Distroless no incluyen herramientas de depuraci\u00f3n o shells interactivos, lo que puede dificultar la soluci\u00f3n de problemas en algunos casos. Sin embargo, puedes agregar herramientas de depuraci\u00f3n espec\u00edficas a tu imagen si es necesario.\n\nEn resumen, las im\u00e1genes Distroless son una opci\u00f3n atractiva para crear contenedores m\u00e1s peque\u00f1os, seguros y eficientes para tus aplicaciones. Al eliminar componentes innecesarios, estas im\u00e1genes pueden ayudarte a mejorar la seguridad, el rendimiento y el cumplimiento de tus despliegues de contenedores.<\/strong>: Im\u00e1genes que contienen \u00fanicamente la aplicaci\u00f3n y sus dependencias de tiempo de ejecuci\u00f3n, eliminando binarios y bibliotecas innecesarios.<\/li>\n<\/ul>\n<p>El uso de im\u00e1genes base m\u00ednimas minimiza las vulnerabilidades y reduce el tama\u00f1o general de tus im\u00e1genes Docker, lo que conduce a un menor consumo de recursos.<\/p>\n<h3>2. Implementar el escaneo de im\u00e1genes\n\nEl escaneo de im\u00e1genes es un paso crucial en el proceso de seguridad de contenedores. Ayuda a identificar vulnerabilidades y malware en las im\u00e1genes de contenedor antes de que se desplieguen en producci\u00f3n. Aqu\u00ed hay algunos pasos para implementar el escaneo de im\u00e1genes:\n\n1. Elige una herramienta de escaneo de im\u00e1genes: Hay varias herramientas de escaneo de im\u00e1genes disponibles, como Clair, Anchore y Trivy. Elige una herramienta que se adapte a tus necesidades y requisitos.\n\n2. Configura la herramienta de escaneo: Una vez que hayas elegido una herramienta de escaneo, config\u00farala seg\u00fan tus necesidades. Esto puede implicar configurar la herramienta para escanear im\u00e1genes de un registro espec\u00edfico o configurar alertas para vulnerabilidades cr\u00edticas.\n\n3. Integra el escaneo en tu flujo de trabajo de CI\/CD: Para garantizar que todas las im\u00e1genes se escaneen antes de desplegarse, integra el escaneo en tu flujo de trabajo de integraci\u00f3n continua y despliegue continuo (CI\/CD). Esto se puede hacer agregando un paso de escaneo a tu tuber\u00eda de CI\/CD.\n\n4. Revisa y act\u00faa sobre los resultados del escaneo: Una vez que se complete el escaneo, revisa los resultados y toma las medidas apropiadas. Esto puede implicar parchear vulnerabilidades, actualizar im\u00e1genes o descartar im\u00e1genes que contengan malware.\n\n5. Monitorea y actualiza regularmente: El escaneo de im\u00e1genes no es una tarea \u00fanica. Monitorea y actualiza regularmente tus im\u00e1genes para garantizar que permanezcan seguras con el tiempo.\n\nAl implementar el escaneo de im\u00e1genes, puedes reducir significativamente el riesgo de vulnerabilidades y malware en tus im\u00e1genes de contenedor, mejorando as\u00ed la seguridad general de tu entorno de contenedores.<\/h3>\n<p>Continuo <span class=\"glossaryai-tooltip glossary-term-651\"><span class=\"glossaryai-link\"><a href=\"https:\/\/dockerpros.com\/es\/wiki\/image\/\" target=\"_blank\">imagen<\/a><\/span><span class=\"gai-content-hidden glossaryai-tooltip-content\"><span class=\"gai-tooltip-body\"><span class=\"glossaryai-tooltip-text\">An image is a visual representation of an object or scene, typically composed of pixels in digital formats. It can convey information, evoke emotions, and facilitate communication across various media.<span class=\"glossaryai-more-link\"> <a href=\"https:\/\/dockerpros.com\/es\/wiki\/image\/\">More \u00bb<\/a><\/span><\/span><\/span><\/span><\/span> escanear vulnerabilidades es vital. Integra herramientas como <strong>Claro<\/strong>, <strong>Trivy<\/strong>, o <strong>Anchore<\/strong> en tu pipeline de CI\/CD.<\/p>\n<ul>\n<li><strong>Claro<\/strong>: Un proyecto de c\u00f3digo abierto que detecta vulnerabilidades en <span class=\"glossaryai-tooltip glossary-term-650\"><span class=\"glossaryai-link\"><a href=\"https:\/\/dockerpros.com\/es\/wiki\/container\/\" target=\"_blank\">contenedor<\/a><\/span><span class=\"gai-content-hidden glossaryai-tooltip-content\"><span class=\"gai-tooltip-body\"><span class=\"glossaryai-tooltip-text\">Containers are lightweight, portable units that encapsulate software and its dependencies, enabling consistent execution across different environments. They leverage OS-level virtualization for efficiency.<span class=\"glossaryai-more-link\"> <a href=\"https:\/\/dockerpros.com\/es\/wiki\/container\/\">More \u00bb<\/a><\/span><\/span><\/span><\/span><\/span> im\u00e1genes. <\/li>\n<li><strong>Trivy<\/strong>Un esc\u00e1ner de vulnerabilidades simple y completo para contenedores.<\/li>\n<li><strong>Anchore<\/strong>: Ofrece comprobaciones de cumplimiento basadas en pol\u00edticas e informes detallados de vulnerabilidades.<\/li>\n<\/ul>\n<p>Automate the scanning process to ensure that every <span class=\"glossaryai-tooltip glossary-term-651\"><span class=\"glossaryai-link\"><a href=\"https:\/\/dockerpros.com\/es\/wiki\/image\/\" target=\"_blank\">imagen<\/a><\/span><span class=\"gai-content-hidden glossaryai-tooltip-content\"><span class=\"gai-tooltip-body\"><span class=\"glossaryai-tooltip-text\">An image is a visual representation of an object or scene, typically composed of pixels in digital formats. It can convey information, evoke emotions, and facilitate communication across various media.<span class=\"glossaryai-more-link\"> <a href=\"https:\/\/dockerpros.com\/es\/wiki\/image\/\">More \u00bb<\/a><\/span><\/span><\/span><\/span><\/span> is vetted before deployment. This practice helps catch vulnerabilities early in the development cycle.<\/p>\n<h3>3. Utilice Docker Bench para la Seguridad<\/h3>\n<p><strong>Docker Bench for Security<\/strong> is an open-source script that checks for dozens of common best practices for securing Docker containers. The tool evaluates:<\/p>\n<ul>\n<li><span class=\"glossaryai-tooltip glossary-term-650\"><span class=\"glossaryai-link\"><a href=\"https:\/\/dockerpros.com\/es\/wiki\/container\/\" target=\"_blank\">Container<\/a><\/span><span class=\"gai-content-hidden glossaryai-tooltip-content\"><span class=\"gai-tooltip-body\"><span class=\"glossaryai-tooltip-text\">Containers are lightweight, portable units that encapsulate software and its dependencies, enabling consistent execution across different environments. They leverage OS-level virtualization for efficiency.<span class=\"glossaryai-more-link\"> <a href=\"https:\/\/dockerpros.com\/es\/wiki\/container\/\">More \u00bb<\/a><\/span><\/span><\/span><\/span><\/span> configurations<\/li>\n<li>Docker <span class=\"glossaryai-tooltip glossary-term-667\"><span class=\"glossaryai-link\"><a href=\"https:\/\/dockerpros.com\/es\/wiki\/daemon\/\" target=\"_blank\">servicio<\/a><\/span><span class=\"gai-content-hidden glossaryai-tooltip-content\"><span class=\"gai-tooltip-body\"><span class=\"glossaryai-tooltip-text\">Un demonio es un proceso en segundo plano en inform\u00e1tica que se ejecuta de manera aut\u00f3noma, realizando tareas sin intervenci\u00f3n del usuario. Generalmente gestiona funciones a nivel de sistema o de aplicaci\u00f3n, mejorando la eficiencia.<span class=\"glossaryai-more-link\"> <a href=\"https:\/\/dockerpros.com\/es\/wiki\/daemon\/\">More \u00bb<\/a><\/span><\/span><\/span><\/span><\/span> configurations<\/li>\n<li><span class=\"glossaryai-tooltip glossary-term-651\"><span class=\"glossaryai-link\"><a href=\"https:\/\/dockerpros.com\/es\/wiki\/image\/\" target=\"_blank\">Image<\/a><\/span><span class=\"gai-content-hidden glossaryai-tooltip-content\"><span class=\"gai-tooltip-body\"><span class=\"glossaryai-tooltip-text\">An image is a visual representation of an object or scene, typically composed of pixels in digital formats. It can convey information, evoke emotions, and facilitate communication across various media.<span class=\"glossaryai-more-link\"> <a href=\"https:\/\/dockerpros.com\/es\/wiki\/image\/\">More \u00bb<\/a><\/span><\/span><\/span><\/span><\/span> configurations<\/li>\n<\/ul>\n<p>Running Docker Bench regularly can help ensure compliance with established security benchmarks, such as the CIS Docker Benchmark.<\/p>\n<h3>4. Implementar la seguridad de la red<\/h3>\n<p>Docker supports several networking options, including bridge, host, and overlay networks. Proper <span class=\"glossaryai-tooltip glossary-term-661\"><span class=\"glossaryai-link\"><a href=\"https:\/\/dockerpros.com\/es\/wiki\/network\/\" target=\"_blank\">red<\/a><\/span><span class=\"gai-content-hidden glossaryai-tooltip-content\"><span class=\"gai-tooltip-body\"><span class=\"glossaryai-tooltip-text\">Una red, en inform\u00e1tica, es un conjunto de dispositivos interconectados que se comunican y comparten recursos. Permite el intercambio de datos, facilita la colaboraci\u00f3n y mejora la eficiencia operativa.<span class=\"glossaryai-more-link\"> <a href=\"https:\/\/dockerpros.com\/es\/wiki\/network\/\">More \u00bb<\/a><\/span><\/span><\/span><\/span><\/span> configuration can significantly enhance <span class=\"glossaryai-tooltip glossary-term-650\"><span class=\"glossaryai-link\"><a href=\"https:\/\/dockerpros.com\/es\/wiki\/container\/\" target=\"_blank\">contenedor<\/a><\/span><span class=\"gai-content-hidden glossaryai-tooltip-content\"><span class=\"gai-tooltip-body\"><span class=\"glossaryai-tooltip-text\">Containers are lightweight, portable units that encapsulate software and its dependencies, enabling consistent execution across different environments. They leverage OS-level virtualization for efficiency.<span class=\"glossaryai-more-link\"> <a href=\"https:\/\/dockerpros.com\/es\/wiki\/container\/\">More \u00bb<\/a><\/span><\/span><\/span><\/span><\/span> seguridad.<\/p>\n<h4>a. Usar Redes Personalizadas<\/h4>\n<p>Instead of using the default <span class=\"glossaryai-tooltip glossary-term-662\"><span class=\"glossaryai-link\"><a href=\"https:\/\/dockerpros.com\/es\/wiki\/bridge-network\/\" target=\"_blank\">bridge network<\/a><\/span><span class=\"gai-content-hidden glossaryai-tooltip-content\"><span class=\"gai-tooltip-body\"><span class=\"glossaryai-tooltip-text\">Bridge Network facilita la interoperabilidad entre varios ecosistemas de blockchain, permitiendo transferencias de activos y comunicaci\u00f3n sin interrupciones. Su arquitectura optimiza la escalabilidad y la accesibilidad para los usuarios en todas las redes.<span class=\"glossaryai-more-link\"> <a href=\"https:\/\/dockerpros.com\/es\/wiki\/bridge-network\/\">More \u00bb<\/a><\/span><\/span><\/span><\/span><\/span>, create custom networks for better isolation. Custom networks allow you to define which containers can communicate with each other, reducing the attack surface.<\/p>\n<p>Ejemplo:<\/p>\n<pre><code class=\"language-bash\"><span class=\"glossaryai-tooltip glossary-term-1163\"><span class=\"glossaryai-link\"><a href=\"https:\/\/dockerpros.com\/es\/wiki\/docker-network-create\/\" target=\"_blank\">docker network create<\/a><\/span><span class=\"gai-content-hidden glossaryai-tooltip-content\"><span class=\"gai-tooltip-body\"><span class=\"glossaryai-tooltip-text\">The `docker network create` command enables users to establish custom networks for containerized applications. This facilitates efficient communication and isolation between containers, enhancing application performance and security.<span class=\"glossaryai-more-link\"> <a href=\"https:\/\/dockerpros.com\/es\/wiki\/docker-network-create\/\">More \u00bb<\/a><\/span><\/span><\/span><\/span><\/span> mi_red_personalizada<\/code><\/pre>\n<h4>b. Network Policies<\/h4>\n<p>Usa herramientas como <strong>calic\u00f3<\/strong> or <strong>Tejer<\/strong> to implement <span class=\"glossaryai-tooltip glossary-term-661\"><span class=\"glossaryai-link\"><a href=\"https:\/\/dockerpros.com\/es\/wiki\/network\/\" target=\"_blank\">red<\/a><\/span><span class=\"gai-content-hidden glossaryai-tooltip-content\"><span class=\"gai-tooltip-body\"><span class=\"glossaryai-tooltip-text\">Una red, en inform\u00e1tica, es un conjunto de dispositivos interconectados que se comunican y comparten recursos. Permite el intercambio de datos, facilita la colaboraci\u00f3n y mejora la eficiencia operativa.<span class=\"glossaryai-more-link\"> <a href=\"https:\/\/dockerpros.com\/es\/wiki\/network\/\">More \u00bb<\/a><\/span><\/span><\/span><\/span><\/span> policies that restrict traffic between containers. <\/p>\n<p>For instance, with Calico, you can define rules that allow only certain types of traffic, effectively minimizing the risk of lateral movement in case of a breach.<\/p>\n<h3>5. Limit Container Privileges<\/h3>\n<p>Ejecutar contenedores con privilegios elevados puede <span class=\"glossaryai-tooltip glossary-term-676\"><span class=\"glossaryai-link\"><a href=\"https:\/\/dockerpros.com\/es\/wiki\/expose\/\" target=\"_blank\">exponer<\/a><\/span><span class=\"gai-content-hidden glossaryai-tooltip-content\"><span class=\"gai-tooltip-body\"><span class=\"glossaryai-tooltip-text\">\"EXPOSE\" es una herramienta eficaz utilizada en diversos campos, incluida la ciberseguridad y el desarrollo de software, para identificar vulnerabilidades y deficiencias en los sistemas, garantizando que se implementen medidas de seguridad robustas.<span class=\"glossaryai-more-link\"> <a href=\"https:\/\/dockerpros.com\/es\/wiki\/expose\/\">More \u00bb<\/a><\/span><\/span><\/span><\/span><\/span> your host system to significant risks. Ensure containers <span class=\"glossaryai-tooltip glossary-term-672\"><span class=\"glossaryai-link\"><a href=\"https:\/\/dockerpros.com\/es\/wiki\/run\/\" target=\"_blank\">run<\/a><\/span><span class=\"gai-content-hidden glossaryai-tooltip-content\"><span class=\"gai-tooltip-body\"><span class=\"glossaryai-tooltip-text\">\"RUN\" refers to a command in various programming languages and operating systems to execute a specified program or script. It initiates processes, providing a controlled environment for task execution.<span class=\"glossaryai-more-link\"> <a href=\"https:\/\/dockerpros.com\/es\/wiki\/run\/\">More \u00bb<\/a><\/span><\/span><\/span><\/span><\/span> with the least privileges necessary.<\/p>\n<h4>a. Utilice espacios de nombres de usuario<\/h4>\n<p>User namespaces allow you to map <span class=\"glossaryai-tooltip glossary-term-650\"><span class=\"glossaryai-link\"><a href=\"https:\/\/dockerpros.com\/es\/wiki\/container\/\" target=\"_blank\">contenedor<\/a><\/span><span class=\"gai-content-hidden glossaryai-tooltip-content\"><span class=\"gai-tooltip-body\"><span class=\"glossaryai-tooltip-text\">Containers are lightweight, portable units that encapsulate software and its dependencies, enabling consistent execution across different environments. They leverage OS-level virtualization for efficiency.<span class=\"glossaryai-more-link\"> <a href=\"https:\/\/dockerpros.com\/es\/wiki\/container\/\">More \u00bb<\/a><\/span><\/span><\/span><\/span><\/span> users to host users. This feature enhances security by ensuring that even if a <span class=\"glossaryai-tooltip glossary-term-650\"><span class=\"glossaryai-link\"><a href=\"https:\/\/dockerpros.com\/es\/wiki\/container\/\" target=\"_blank\">contenedor<\/a><\/span><span class=\"gai-content-hidden glossaryai-tooltip-content\"><span class=\"gai-tooltip-body\"><span class=\"glossaryai-tooltip-text\">Containers are lightweight, portable units that encapsulate software and its dependencies, enabling consistent execution across different environments. They leverage OS-level virtualization for efficiency.<span class=\"glossaryai-more-link\"> <a href=\"https:\/\/dockerpros.com\/es\/wiki\/container\/\">More \u00bb<\/a><\/span><\/span><\/span><\/span><\/span> is compromised, the attacker has limited access to the host&#8217;s user privileges.<\/p>\n<p>To enable user namespaces, <span class=\"glossaryai-tooltip glossary-term-674\"><span class=\"glossaryai-link\"><a href=\"https:\/\/dockerpros.com\/es\/wiki\/add\/\" target=\"_blank\">a\u00f1adir<\/a><\/span><span class=\"gai-content-hidden glossaryai-tooltip-content\"><span class=\"gai-tooltip-body\"><span class=\"glossaryai-tooltip-text\">La instrucci\u00f3n ADD en Docker es un comando utilizado en Dockerfiles para copiar archivos y directorios desde una m\u00e1quina anfitriona hacia una imagen de Docker durante el proceso de construcci\u00f3n. No solo facilita la transferencia de archivos locales, sino que tambi\u00e9n proporciona funcionalidades adicionales, como extraer autom\u00e1ticamente archivos comprimidos y obtener archivos remotos a trav\u00e9s de HTTP o HTTPS.<span class=\"glossaryai-more-link\"> <a href=\"https:\/\/dockerpros.com\/es\/wiki\/add\/\">More \u00bb<\/a><\/span><\/span><\/span><\/span><\/span> the following line to your Docker <span class=\"glossaryai-tooltip glossary-term-667\"><span class=\"glossaryai-link\"><a href=\"https:\/\/dockerpros.com\/es\/wiki\/daemon\/\" target=\"_blank\">servicio<\/a><\/span><span class=\"gai-content-hidden glossaryai-tooltip-content\"><span class=\"gai-tooltip-body\"><span class=\"glossaryai-tooltip-text\">Un demonio es un proceso en segundo plano en inform\u00e1tica que se ejecuta de manera aut\u00f3noma, realizando tareas sin intervenci\u00f3n del usuario. Generalmente gestiona funciones a nivel de sistema o de aplicaci\u00f3n, mejorando la eficiencia.<span class=\"glossaryai-more-link\"> <a href=\"https:\/\/dockerpros.com\/es\/wiki\/daemon\/\">More \u00bb<\/a><\/span><\/span><\/span><\/span><\/span> configuraci\u00f3n<\/p>\n<pre><code class=\"language-json\">{\n  \"userns-remap\": \"predeterminado\"\n}<\/code><\/pre>\n<h4>b. Set Capabilities<\/h4>\n<p>Docker provides a way to fine-tune the capabilities assigned to containers. By default, containers <span class=\"glossaryai-tooltip glossary-term-672\"><span class=\"glossaryai-link\"><a href=\"https:\/\/dockerpros.com\/es\/wiki\/run\/\" target=\"_blank\">run<\/a><\/span><span class=\"gai-content-hidden glossaryai-tooltip-content\"><span class=\"gai-tooltip-body\"><span class=\"glossaryai-tooltip-text\">\"RUN\" refers to a command in various programming languages and operating systems to execute a specified program or script. It initiates processes, providing a controlled environment for task execution.<span class=\"glossaryai-more-link\"> <a href=\"https:\/\/dockerpros.com\/es\/wiki\/run\/\">More \u00bb<\/a><\/span><\/span><\/span><\/span><\/span> with a set of capabilities that could be excessive for their needs. Use the <code>--cap-drop<\/code> and <code>--agregar-capacidad<\/code> Banderas para limitar capacidades.<\/p>\n<p>Ejemplo:<\/p>\n<pre><code class=\"language-bash\">Docker es una plataforma de c\u00f3digo abierto que permite automatizar el despliegue de aplicaciones dentro de contenedores de software. Proporciona una capa adicional de abstracci\u00f3n y automatizaci\u00f3n de virtualizaci\u00f3n a nivel de sistema operativo en Linux.\n\nLos contenedores Docker empaquetan una aplicaci\u00f3n con todas sus dependencias en un formato estandarizado que puede ejecutarse en cualquier entorno Linux. Esto facilita enormemente el desarrollo, el testing y el despliegue de aplicaciones, ya que se eliminan los problemas de \"funciona en mi m\u00e1quina\".\n\nAlgunas de las caracter\u00edsticas clave de Docker son:\n\n- Aislamiento: Cada contenedor se ejecuta de forma aislada, con su propio sistema de archivos, procesos, etc.\n\n- Portabilidad: Los contenedores pueden ejecutarse en cualquier entorno Linux sin necesidad de modificarlos.\n\n- Ligereza: Los contenedores comparten el kernel del sistema operativo anfitri\u00f3n, lo que los hace mucho m\u00e1s ligeros que las m\u00e1quinas virtuales tradicionales.\n\n- Escalabilidad: Es muy f\u00e1cil escalar horizontalmente una aplicaci\u00f3n ejecutando m\u00faltiples instancias de un contenedor.\n\nDocker se ha convertido en una herramienta fundamental en el desarrollo de aplicaciones modernas, especialmente en el contexto de la arquitectura de microservicios y la computaci\u00f3n en la nube. <span class=\"glossaryai-tooltip glossary-term-672\"><span class=\"glossaryai-link\"><a href=\"https:\/\/dockerpros.com\/es\/wiki\/run\/\" target=\"_blank\">run<\/a><\/span><span class=\"gai-content-hidden glossaryai-tooltip-content\"><span class=\"gai-tooltip-body\"><span class=\"glossaryai-tooltip-text\">\"RUN\" refers to a command in various programming languages and operating systems to execute a specified program or script. It initiates processes, providing a controlled environment for task execution.<span class=\"glossaryai-more-link\"> <a href=\"https:\/\/dockerpros.com\/es\/wiki\/run\/\">More \u00bb<\/a><\/span><\/span><\/span><\/span><\/span> --cap-drop ALL --cap-add NET_BIND_SERVICE my_container<\/code><\/pre>\n<h3>6. Implementar l\u00edmites de recursos<\/h3>\n<p>Docker te permite establecer l\u00edmites de recursos en los contenedores para prevenir ataques de agotamiento de recursos.<\/p>\n<p>Use el <code>--memoria<\/code> and <code>--cpu<\/code> flags to limit the amount of memory and CPU a <span class=\"glossaryai-tooltip glossary-term-650\"><span class=\"glossaryai-link\"><a href=\"https:\/\/dockerpros.com\/es\/wiki\/container\/\" target=\"_blank\">contenedor<\/a><\/span><span class=\"gai-content-hidden glossaryai-tooltip-content\"><span class=\"gai-tooltip-body\"><span class=\"glossaryai-tooltip-text\">Containers are lightweight, portable units that encapsulate software and its dependencies, enabling consistent execution across different environments. They leverage OS-level virtualization for efficiency.<span class=\"glossaryai-more-link\"> <a href=\"https:\/\/dockerpros.com\/es\/wiki\/container\/\">More \u00bb<\/a><\/span><\/span><\/span><\/span><\/span> can use. This practice not only enhances security but also improves application performance.<\/p>\n<p>Ejemplo:<\/p>\n<pre><code class=\"language-bash\">docker run --memory=\"512m\" --cpus=\"1.0\" my_container<\/code><\/pre>\n<h3>7. Asegurar el demonio de Docker<\/h3>\n<p>El Docker <span class=\"glossaryai-tooltip glossary-term-667\"><span class=\"glossaryai-link\"><a href=\"https:\/\/dockerpros.com\/es\/wiki\/daemon\/\" target=\"_blank\">servicio<\/a><\/span><span class=\"gai-content-hidden glossaryai-tooltip-content\"><span class=\"gai-tooltip-body\"><span class=\"glossaryai-tooltip-text\">Un demonio es un proceso en segundo plano en inform\u00e1tica que se ejecuta de manera aut\u00f3noma, realizando tareas sin intervenci\u00f3n del usuario. Generalmente gestiona funciones a nivel de sistema o de aplicaci\u00f3n, mejorando la eficiencia.<span class=\"glossaryai-more-link\"> <a href=\"https:\/\/dockerpros.com\/es\/wiki\/daemon\/\">More \u00bb<\/a><\/span><\/span><\/span><\/span><\/span> is a privileged process; securing it is crucial to maintaining the security of your containers.<\/p>\n<h4>a. Utilice TLS para Docker API<\/h4>\n<p>To encrypt communications with the Docker <span class=\"glossaryai-tooltip glossary-term-1249\"><span class=\"glossaryai-link\"><a href=\"https:\/\/dockerpros.com\/es\/wiki\/api\/\" target=\"_blank\">API<\/a><\/span><span class=\"gai-content-hidden glossaryai-tooltip-content\"><span class=\"gai-tooltip-body\"><span class=\"glossaryai-tooltip-text\">Una API, o Interfaz de Programaci\u00f3n de Aplicaciones, permite que las aplicaciones de software se comuniquen e interact\u00faen entre s\u00ed. Define protocolos y herramientas para construir software y facilitar la integraci\u00f3n.<span class=\"glossaryai-more-link\"> <a href=\"https:\/\/dockerpros.com\/es\/wiki\/api\/\">More \u00bb<\/a><\/span><\/span><\/span><\/span><\/span>, configure the Docker <span class=\"glossaryai-tooltip glossary-term-667\"><span class=\"glossaryai-link\"><a href=\"https:\/\/dockerpros.com\/es\/wiki\/daemon\/\" target=\"_blank\">servicio<\/a><\/span><span class=\"gai-content-hidden glossaryai-tooltip-content\"><span class=\"gai-tooltip-body\"><span class=\"glossaryai-tooltip-text\">Un demonio es un proceso en segundo plano en inform\u00e1tica que se ejecuta de manera aut\u00f3noma, realizando tareas sin intervenci\u00f3n del usuario. Generalmente gestiona funciones a nivel de sistema o de aplicaci\u00f3n, mejorando la eficiencia.<span class=\"glossaryai-more-link\"> <a href=\"https:\/\/dockerpros.com\/es\/wiki\/daemon\/\">More \u00bb<\/a><\/span><\/span><\/span><\/span><\/span> to use TLS. This setup will ensure that only authorized users can interact with the Docker <span class=\"glossaryai-tooltip glossary-term-667\"><span class=\"glossaryai-link\"><a href=\"https:\/\/dockerpros.com\/es\/wiki\/daemon\/\" target=\"_blank\">servicio<\/a><\/span><span class=\"gai-content-hidden glossaryai-tooltip-content\"><span class=\"gai-tooltip-body\"><span class=\"glossaryai-tooltip-text\">Un demonio es un proceso en segundo plano en inform\u00e1tica que se ejecuta de manera aut\u00f3noma, realizando tareas sin intervenci\u00f3n del usuario. Generalmente gestiona funciones a nivel de sistema o de aplicaci\u00f3n, mejorando la eficiencia.<span class=\"glossaryai-more-link\"> <a href=\"https:\/\/dockerpros.com\/es\/wiki\/daemon\/\">More \u00bb<\/a><\/span><\/span><\/span><\/span><\/span>.<\/p>\n<p>Generate certificates for the server and clients, then configure the Docker <span class=\"glossaryai-tooltip glossary-term-667\"><span class=\"glossaryai-link\"><a href=\"https:\/\/dockerpros.com\/es\/wiki\/daemon\/\" target=\"_blank\">servicio<\/a><\/span><span class=\"gai-content-hidden glossaryai-tooltip-content\"><span class=\"gai-tooltip-body\"><span class=\"glossaryai-tooltip-text\">Un demonio es un proceso en segundo plano en inform\u00e1tica que se ejecuta de manera aut\u00f3noma, realizando tareas sin intervenci\u00f3n del usuario. Generalmente gestiona funciones a nivel de sistema o de aplicaci\u00f3n, mejorando la eficiencia.<span class=\"glossaryai-more-link\"> <a href=\"https:\/\/dockerpros.com\/es\/wiki\/daemon\/\">More \u00bb<\/a><\/span><\/span><\/span><\/span><\/span> de la siguiente manera:<\/p>\n<pre><code class=\"language-bash\">dockerd --tlsverify --tlscacert=ca.pem --tlscert=server-cert.pem --tlskey=server-key.pem<\/code><\/pre>\n<h4>b. Habilitar la autenticaci\u00f3n de usuarios<\/h4>\n<p>Limit access to the Docker <span class=\"glossaryai-tooltip glossary-term-667\"><span class=\"glossaryai-link\"><a href=\"https:\/\/dockerpros.com\/es\/wiki\/daemon\/\" target=\"_blank\">servicio<\/a><\/span><span class=\"gai-content-hidden glossaryai-tooltip-content\"><span class=\"gai-tooltip-body\"><span class=\"glossaryai-tooltip-text\">Un demonio es un proceso en segundo plano en inform\u00e1tica que se ejecuta de manera aut\u00f3noma, realizando tareas sin intervenci\u00f3n del usuario. Generalmente gestiona funciones a nivel de sistema o de aplicaci\u00f3n, mejorando la eficiencia.<span class=\"glossaryai-more-link\"> <a href=\"https:\/\/dockerpros.com\/es\/wiki\/daemon\/\">More \u00bb<\/a><\/span><\/span><\/span><\/span><\/span> by implementing user authentication. Use <strong>La funci\u00f3n integrada de Docker <code>--icc=false<\/code><\/strong> (inter-container communication) and <strong><code>--remapeo-de-namespaces-de-usuario<\/code><\/strong> features to enhance security.<\/p>\n<h3>8. Monitoreo y Auditor\u00eda<\/h3>\n<p>Continuous monitoring and auditing are critical for maintaining <span class=\"glossaryai-tooltip glossary-term-650\"><span class=\"glossaryai-link\"><a href=\"https:\/\/dockerpros.com\/es\/wiki\/container\/\" target=\"_blank\">contenedor<\/a><\/span><span class=\"gai-content-hidden glossaryai-tooltip-content\"><span class=\"gai-tooltip-body\"><span class=\"glossaryai-tooltip-text\">Containers are lightweight, portable units that encapsulate software and its dependencies, enabling consistent execution across different environments. They leverage OS-level virtualization for efficiency.<span class=\"glossaryai-more-link\"> <a href=\"https:\/\/dockerpros.com\/es\/wiki\/container\/\">More \u00bb<\/a><\/span><\/span><\/span><\/span><\/span> seguridad. <\/p>\n<h4>a. Utilice herramientas de monitoreo de registros<\/h4>\n<p>Herramientas como <strong>alce <span class=\"glossaryai-tooltip glossary-term-682\"><span class=\"glossaryai-link\"><a href=\"https:\/\/dockerpros.com\/es\/wiki\/stack\/\" target=\"_blank\">Stack<\/a><\/span><span class=\"gai-content-hidden glossaryai-tooltip-content\"><span class=\"gai-tooltip-body\"><span class=\"glossaryai-tooltip-text\">A stack is a data structure that operates on a Last In, First Out (LIFO) principle, where the most recently added element is the first to be removed. It supports two primary operations: push and pop.<span class=\"glossaryai-more-link\"> <a href=\"https:\/\/dockerpros.com\/es\/wiki\/stack\/\">More \u00bb<\/a><\/span><\/span><\/span><\/span><\/span><\/strong> (Elasticsearch, Logstash, Kibana) or <strong>Fluentd<\/strong> can help aggregate and visualize logs from containers for real-time monitoring.<\/p>\n<h4>b. Implement Intrusion Detection Systems<\/h4>\n<p>Integra sistemas de detecci\u00f3n de intrusiones (IDS) como <strong>OSSEC<\/strong> or <strong>Wazuh es una plataforma de c\u00f3digo abierto para la detecci\u00f3n de intrusiones, el monitoreo de integridad y la respuesta a incidentes de seguridad. Ofrece capacidades de an\u00e1lisis de registros, detecci\u00f3n de amenazas y cumplimiento normativo para sistemas y aplicaciones. Wazuh es altamente escalable y puede implementarse en entornos locales, en la nube o en entornos h\u00edbridos.<\/strong> to monitor file integrity and detect suspicious activity within containers.<\/p>\n<h3>9. Implement Runtime Security<\/h3>\n<p>Runtime security allows you to monitor and control <span class=\"glossaryai-tooltip glossary-term-650\"><span class=\"glossaryai-link\"><a href=\"https:\/\/dockerpros.com\/es\/wiki\/container\/\" target=\"_blank\">contenedor<\/a><\/span><span class=\"gai-content-hidden glossaryai-tooltip-content\"><span class=\"gai-tooltip-body\"><span class=\"glossaryai-tooltip-text\">Containers are lightweight, portable units that encapsulate software and its dependencies, enabling consistent execution across different environments. They leverage OS-level virtualization for efficiency.<span class=\"glossaryai-more-link\"> <a href=\"https:\/\/dockerpros.com\/es\/wiki\/container\/\">More \u00bb<\/a><\/span><\/span><\/span><\/span><\/span> behavior in real-time. Tools like <strong>Falco<\/strong> and <strong>Sysdig<\/strong> puede ayudar a detectar comportamiento an\u00f3malo y aplicar pol\u00edticas de seguridad en tiempo de ejecuci\u00f3n.<\/p>\n<ul>\n<li><strong>Falco<\/strong>: Un proyecto de c\u00f3digo abierto que monitorea el comportamiento de los contenedores y te alerta sobre actividades sospechosas basadas en reglas predefinidas.<\/li>\n<li><strong>Sysdig<\/strong>: A commercial tool that offers deep visibility into <span class=\"glossaryai-tooltip glossary-term-650\"><span class=\"glossaryai-link\"><a href=\"https:\/\/dockerpros.com\/es\/wiki\/container\/\" target=\"_blank\">contenedor<\/a><\/span><span class=\"gai-content-hidden glossaryai-tooltip-content\"><span class=\"gai-tooltip-body\"><span class=\"glossaryai-tooltip-text\">Containers are lightweight, portable units that encapsulate software and its dependencies, enabling consistent execution across different environments. They leverage OS-level virtualization for efficiency.<span class=\"glossaryai-more-link\"> <a href=\"https:\/\/dockerpros.com\/es\/wiki\/container\/\">More \u00bb<\/a><\/span><\/span><\/span><\/span><\/span> behavior with security features.<\/li>\n<\/ul>\n<h3>10. Utilice la Gesti\u00f3n de Secretos<\/h3>\n<p>Docker provides the ability to manage sensitive data such as <span class=\"glossaryai-tooltip glossary-term-1249\"><span class=\"glossaryai-link\"><a href=\"https:\/\/dockerpros.com\/es\/wiki\/api\/\" target=\"_blank\">API<\/a><\/span><span class=\"gai-content-hidden glossaryai-tooltip-content\"><span class=\"gai-tooltip-body\"><span class=\"glossaryai-tooltip-text\">Una API, o Interfaz de Programaci\u00f3n de Aplicaciones, permite que las aplicaciones de software se comuniquen e interact\u00faen entre s\u00ed. Define protocolos y herramientas para construir software y facilitar la integraci\u00f3n.<span class=\"glossaryai-more-link\"> <a href=\"https:\/\/dockerpros.com\/es\/wiki\/api\/\">More \u00bb<\/a><\/span><\/span><\/span><\/span><\/span> keys, passwords, and tokens. Instead of hardcoding secrets into images, use Docker Secrets to manage sensitive data effectively.<\/p>\n<p>Para crear y usar un <span class=\"glossaryai-tooltip glossary-term-687\"><span class=\"glossaryai-link\"><a href=\"https:\/\/dockerpros.com\/es\/wiki\/secret\/\" target=\"_blank\">secreto<\/a><\/span><span class=\"gai-content-hidden glossaryai-tooltip-content\"><span class=\"gai-tooltip-body\"><span class=\"glossaryai-tooltip-text\">El concepto de \"secreto\" abarca informaci\u00f3n retenida de otros, a menudo por razones de privacidad, seguridad o confidencialidad. Comprender sus implicaciones es crucial en campos como la protecci\u00f3n de datos y la teor\u00eda de la comunicaci\u00f3n.<span class=\"glossaryai-more-link\"> <a href=\"https:\/\/dockerpros.com\/es\/wiki\/secret\/\">More \u00bb<\/a><\/span><\/span><\/span><\/span><\/span>:<\/p>\n<pre><code class=\"language-bash\">echo \"my_secret_password\" | docker <span class=\"glossaryai-tooltip glossary-term-687\"><span class=\"glossaryai-link\"><a href=\"https:\/\/dockerpros.com\/es\/wiki\/secret\/\" target=\"_blank\">secreto<\/a><\/span><span class=\"gai-content-hidden glossaryai-tooltip-content\"><span class=\"gai-tooltip-body\"><span class=\"glossaryai-tooltip-text\">El concepto de \"secreto\" abarca informaci\u00f3n retenida de otros, a menudo por razones de privacidad, seguridad o confidencialidad. Comprender sus implicaciones es crucial en campos como la protecci\u00f3n de datos y la teor\u00eda de la comunicaci\u00f3n.<span class=\"glossaryai-more-link\"> <a href=\"https:\/\/dockerpros.com\/es\/wiki\/secret\/\">More \u00bb<\/a><\/span><\/span><\/span><\/span><\/span> create my_secret -\n<span class=\"glossaryai-tooltip glossary-term-1148\"><span class=\"glossaryai-link\"><a href=\"https:\/\/dockerpros.com\/es\/wiki\/docker-service-create\/\" target=\"_blank\">docker servicio crear<\/a><\/span><span class=\"gai-content-hidden glossaryai-tooltip-content\"><span class=\"gai-tooltip-body\"><span class=\"glossaryai-tooltip-text\">El comando `docker service create` permite a los usuarios crear y desplegar un nuevo servicio en un Docker Swarm. Permite escalar, balancear la carga y gestionar aplicaciones contenerizadas a trav\u00e9s de m\u00faltiples nodos.<span class=\"glossaryai-more-link\"> <a href=\"https:\/\/dockerpros.com\/es\/wiki\/docker-service-create\/\">More \u00bb<\/a><\/span><\/span><\/span><\/span><\/span> --secret mi_secreto mi_servicio<\/code><\/pre>\n<h3>11. Apply the Principle of Least Privilege<\/h3>\n<p>Always adhere to the principle of least privilege (PoLP) when designing your containerized applications. Ensure that both users and processes within containers have the minimum level of access required to perform their tasks.<\/p>\n<h3>12. Actualizar y aplicar parches regularmente<\/h3>\n<p>Regularly update Docker and your <span class=\"glossaryai-tooltip glossary-term-650\"><span class=\"glossaryai-link\"><a href=\"https:\/\/dockerpros.com\/es\/wiki\/container\/\" target=\"_blank\">contenedor<\/a><\/span><span class=\"gai-content-hidden glossaryai-tooltip-content\"><span class=\"gai-tooltip-body\"><span class=\"glossaryai-tooltip-text\">Containers are lightweight, portable units that encapsulate software and its dependencies, enabling consistent execution across different environments. They leverage OS-level virtualization for efficiency.<span class=\"glossaryai-more-link\"> <a href=\"https:\/\/dockerpros.com\/es\/wiki\/container\/\">More \u00bb<\/a><\/span><\/span><\/span><\/span><\/span> images to mitigate known vulnerabilities. Automate updates where possible and build a culture of security within your development teams.<\/p>\n<h2>Conclusi\u00f3n<\/h2>\n<p>Securing Docker containers requires a multi-layered approach that encompasses best practices, tools, and continuous vigilance. By implementing advanced security strategies such as using minimal base images, <span class=\"glossaryai-tooltip glossary-term-651\"><span class=\"glossaryai-link\"><a href=\"https:\/\/dockerpros.com\/es\/wiki\/image\/\" target=\"_blank\">imagen<\/a><\/span><span class=\"gai-content-hidden glossaryai-tooltip-content\"><span class=\"gai-tooltip-body\"><span class=\"glossaryai-tooltip-text\">An image is a visual representation of an object or scene, typically composed of pixels in digital formats. It can convey information, evoke emotions, and facilitate communication across various media.<span class=\"glossaryai-more-link\"> <a href=\"https:\/\/dockerpros.com\/es\/wiki\/image\/\">More \u00bb<\/a><\/span><\/span><\/span><\/span><\/span> scanning, <span class=\"glossaryai-tooltip glossary-term-661\"><span class=\"glossaryai-link\"><a href=\"https:\/\/dockerpros.com\/es\/wiki\/network\/\" target=\"_blank\">red<\/a><\/span><span class=\"gai-content-hidden glossaryai-tooltip-content\"><span class=\"gai-tooltip-body\"><span class=\"glossaryai-tooltip-text\">Una red, en inform\u00e1tica, es un conjunto de dispositivos interconectados que se comunican y comparten recursos. Permite el intercambio de datos, facilita la colaboraci\u00f3n y mejora la eficiencia operativa.<span class=\"glossaryai-more-link\"> <a href=\"https:\/\/dockerpros.com\/es\/wiki\/network\/\">More \u00bb<\/a><\/span><\/span><\/span><\/span><\/span> security, and runtime monitoring, organizations can significantly reduce their exposure to risks.<\/p>\n<p>Como el <span class=\"glossaryai-tooltip glossary-term-650\"><span class=\"glossaryai-link\"><a href=\"https:\/\/dockerpros.com\/es\/wiki\/container\/\" target=\"_blank\">contenedor<\/a><\/span><span class=\"gai-content-hidden glossaryai-tooltip-content\"><span class=\"gai-tooltip-body\"><span class=\"glossaryai-tooltip-text\">Containers are lightweight, portable units that encapsulate software and its dependencies, enabling consistent execution across different environments. They leverage OS-level virtualization for efficiency.<span class=\"glossaryai-more-link\"> <a href=\"https:\/\/dockerpros.com\/es\/wiki\/container\/\">More \u00bb<\/a><\/span><\/span><\/span><\/span><\/span> landscape continues to evolve, staying informed about the latest security developments and adapting your security practices accordingly is essential. With a proactive approach to Docker <span class=\"glossaryai-tooltip glossary-term-650\"><span class=\"glossaryai-link\"><a href=\"https:\/\/dockerpros.com\/es\/wiki\/container\/\" target=\"_blank\">contenedor<\/a><\/span><span class=\"gai-content-hidden glossaryai-tooltip-content\"><span class=\"gai-tooltip-body\"><span class=\"glossaryai-tooltip-text\">Containers are lightweight, portable units that encapsulate software and its dependencies, enabling consistent execution across different environments. They leverage OS-level virtualization for efficiency.<span class=\"glossaryai-more-link\"> <a href=\"https:\/\/dockerpros.com\/es\/wiki\/container\/\">More \u00bb<\/a><\/span><\/span><\/span><\/span><\/span> security, organizations can harness the full potential of containerization while minimizing risks.<\/p>\n<p>Al revisar y mejorar continuamente su postura de seguridad, puede garantizar que sus contenedores Docker permanezcan robustos, resilientes y seguros en un panorama de amenazas en constante cambio.<\/p>","protected":false},"excerpt":{"rendered":"<p>Implement least privilege principles by restricting <span class=\"glossaryai-tooltip glossary-term-650\"><span class=\"glossaryai-link\"><a href=\"https:\/\/dockerpros.com\/es\/wiki\/container\/\" target=\"_blank\">contenedor<\/a><\/span><span class=\"gai-content-hidden glossaryai-tooltip-content\"><span class=\"gai-tooltip-body\"><span class=\"glossaryai-tooltip-text\">Containers are lightweight, portable units that encapsulate software and its dependencies, enabling consistent execution across different environments. They leverage OS-level virtualization for efficiency.<span class=\"glossaryai-more-link\"> <a href=\"https:\/\/dockerpros.com\/es\/wiki\/container\/\">More \u00bb<\/a><\/span><\/span><\/span><\/span><\/span> permissions. Regularly update images, scan for vulnerabilities, and utilize tools like Docker Bench for security audits to enhance <span class=\"glossaryai-tooltip glossary-term-650\"><span class=\"glossaryai-link\"><a href=\"https:\/\/dockerpros.com\/es\/wiki\/container\/\" target=\"_blank\">contenedor<\/a><\/span><span class=\"gai-content-hidden glossaryai-tooltip-content\"><span class=\"gai-tooltip-body\"><span class=\"glossaryai-tooltip-text\">Containers are lightweight, portable units that encapsulate software and its dependencies, enabling consistent execution across different environments. They leverage OS-level virtualization for efficiency.<span class=\"glossaryai-more-link\"> <a href=\"https:\/\/dockerpros.com\/es\/wiki\/container\/\">More \u00bb<\/a><\/span><\/span><\/span><\/span><\/span> safety.<\/p>","protected":false},"author":1,"featured_media":1075,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[21],"tags":[],"class_list":["post-626","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Best Practices for Securing Docker Containers in Production - Dockerpros<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/dockerpros.com\/es\/seguridad\/buenas-practicas-para-asegurar-contenedores-docker-en-produccion\/\" \/>\n<meta property=\"og:locale\" content=\"es_ES\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Best Practices for Securing Docker Containers in Production - Dockerpros\" \/>\n<meta property=\"og:description\" content=\"Implement least privilege principles by restricting container permissions. Regularly update images, scan for vulnerabilities, and utilize tools like Docker Bench for security audits to enhance container safety.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/dockerpros.com\/es\/seguridad\/buenas-practicas-para-asegurar-contenedores-docker-en-produccion\/\" \/>\n<meta property=\"og:site_name\" content=\"Dockerpros\" \/>\n<meta property=\"article:published_time\" content=\"2024-07-22T12:36:41+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/dockerpros.com\/wp-content\/uploads\/2024\/07\/best-practices-for-securing-docker-containers-in-production_626.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"600\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"dockerpros\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"dockerpros\" \/>\n\t<meta name=\"twitter:label2\" content=\"Tiempo de lectura\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/dockerpros.com\/de\/sicherheit\/bewahrte-verfahren-zur-absicherung-von-docker-containern-im-produktivbetrieb\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/dockerpros.com\/de\/sicherheit\/bewahrte-verfahren-zur-absicherung-von-docker-containern-im-produktivbetrieb\/\"},\"author\":{\"name\":\"dockerpros\",\"@id\":\"https:\/\/dockerpros.com\/#\/schema\/person\/a9b4c3d7f7a8e2b072e77d47b382a3a4\"},\"headline\":\"Best Practices for Securing Docker Containers in Production\",\"datePublished\":\"2024-07-22T12:36:41+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/dockerpros.com\/de\/sicherheit\/bewahrte-verfahren-zur-absicherung-von-docker-containern-im-produktivbetrieb\/\"},\"wordCount\":1113,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/dockerpros.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/dockerpros.com\/de\/sicherheit\/bewahrte-verfahren-zur-absicherung-von-docker-containern-im-produktivbetrieb\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/dockerpros.com\/wp-content\/uploads\/2024\/07\/best-practices-for-securing-docker-containers-in-production_626.jpg\",\"articleSection\":[\"Security\"],\"inLanguage\":\"es\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/dockerpros.com\/de\/sicherheit\/bewahrte-verfahren-zur-absicherung-von-docker-containern-im-produktivbetrieb\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/dockerpros.com\/de\/sicherheit\/bewahrte-verfahren-zur-absicherung-von-docker-containern-im-produktivbetrieb\/\",\"url\":\"https:\/\/dockerpros.com\/de\/sicherheit\/bewahrte-verfahren-zur-absicherung-von-docker-containern-im-produktivbetrieb\/\",\"name\":\"Best Practices for Securing Docker Containers in Production - Dockerpros\",\"isPartOf\":{\"@id\":\"https:\/\/dockerpros.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/dockerpros.com\/de\/sicherheit\/bewahrte-verfahren-zur-absicherung-von-docker-containern-im-produktivbetrieb\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/dockerpros.com\/de\/sicherheit\/bewahrte-verfahren-zur-absicherung-von-docker-containern-im-produktivbetrieb\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/dockerpros.com\/wp-content\/uploads\/2024\/07\/best-practices-for-securing-docker-containers-in-production_626.jpg\",\"datePublished\":\"2024-07-22T12:36:41+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/dockerpros.com\/de\/sicherheit\/bewahrte-verfahren-zur-absicherung-von-docker-containern-im-produktivbetrieb\/#breadcrumb\"},\"inLanguage\":\"es\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/dockerpros.com\/de\/sicherheit\/bewahrte-verfahren-zur-absicherung-von-docker-containern-im-produktivbetrieb\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"es\",\"@id\":\"https:\/\/dockerpros.com\/de\/sicherheit\/bewahrte-verfahren-zur-absicherung-von-docker-containern-im-produktivbetrieb\/#primaryimage\",\"url\":\"https:\/\/dockerpros.com\/wp-content\/uploads\/2024\/07\/best-practices-for-securing-docker-containers-in-production_626.jpg\",\"contentUrl\":\"https:\/\/dockerpros.com\/wp-content\/uploads\/2024\/07\/best-practices-for-securing-docker-containers-in-production_626.jpg\",\"width\":800,\"height\":600,\"caption\":\"best-practices-for-securing-docker-containers-in-production-2\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/dockerpros.com\/de\/sicherheit\/bewahrte-verfahren-zur-absicherung-von-docker-containern-im-produktivbetrieb\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/dockerpros.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Best Practices for Securing Docker Containers in Production\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/dockerpros.com\/#website\",\"url\":\"https:\/\/dockerpros.com\/\",\"name\":\"Dockerpros\",\"description\":\"DockerPros \u2013 Your Ultimate Docker Resource Hub\",\"publisher\":{\"@id\":\"https:\/\/dockerpros.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/dockerpros.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"es\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/dockerpros.com\/#organization\",\"name\":\"Dockerpros\",\"url\":\"https:\/\/dockerpros.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"es\",\"@id\":\"https:\/\/dockerpros.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/dockerpros.com\/wp-content\/uploads\/2024\/07\/Dockerpros_logo_blanco.png\",\"contentUrl\":\"https:\/\/dockerpros.com\/wp-content\/uploads\/2024\/07\/Dockerpros_logo_blanco.png\",\"width\":532,\"height\":114,\"caption\":\"Dockerpros\"},\"image\":{\"@id\":\"https:\/\/dockerpros.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/dockerpros.com\/#\/schema\/person\/a9b4c3d7f7a8e2b072e77d47b382a3a4\",\"name\":\"dockerpros\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"es\",\"@id\":\"https:\/\/dockerpros.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/dockerpros.com\/wp-content\/litespeed\/avatar\/d13b9d4f101de1a7535b404e0c59affd.jpg?ver=1783601465\",\"contentUrl\":\"https:\/\/dockerpros.com\/wp-content\/litespeed\/avatar\/d13b9d4f101de1a7535b404e0c59affd.jpg?ver=1783601465\",\"caption\":\"dockerpros\"},\"sameAs\":[\"https:\/\/dockerpros.com\/\"],\"url\":\"https:\/\/dockerpros.com\/es\/author\/dockerpros\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Mejores Pr\u00e1cticas para Asegurar Contenedores Docker en Producci\u00f3n - Dockerpros","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/dockerpros.com\/es\/seguridad\/buenas-practicas-para-asegurar-contenedores-docker-en-produccion\/","og_locale":"es_ES","og_type":"article","og_title":"Best Practices for Securing Docker Containers in Production - Dockerpros","og_description":"Implement least privilege principles by restricting container permissions. Regularly update images, scan for vulnerabilities, and utilize tools like Docker Bench for security audits to enhance container safety.","og_url":"https:\/\/dockerpros.com\/es\/seguridad\/buenas-practicas-para-asegurar-contenedores-docker-en-produccion\/","og_site_name":"Dockerpros","article_published_time":"2024-07-22T12:36:41+00:00","og_image":[{"width":800,"height":600,"url":"https:\/\/dockerpros.com\/wp-content\/uploads\/2024\/07\/best-practices-for-securing-docker-containers-in-production_626.jpg","type":"image\/jpeg"}],"author":"dockerpros","twitter_card":"summary_large_image","twitter_misc":{"Escrito por":"dockerpros","Tiempo de lectura":"6 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/dockerpros.com\/de\/sicherheit\/bewahrte-verfahren-zur-absicherung-von-docker-containern-im-produktivbetrieb\/#article","isPartOf":{"@id":"https:\/\/dockerpros.com\/de\/sicherheit\/bewahrte-verfahren-zur-absicherung-von-docker-containern-im-produktivbetrieb\/"},"author":{"name":"dockerpros","@id":"https:\/\/dockerpros.com\/#\/schema\/person\/a9b4c3d7f7a8e2b072e77d47b382a3a4"},"headline":"Best Practices for Securing Docker Containers in Production","datePublished":"2024-07-22T12:36:41+00:00","mainEntityOfPage":{"@id":"https:\/\/dockerpros.com\/de\/sicherheit\/bewahrte-verfahren-zur-absicherung-von-docker-containern-im-produktivbetrieb\/"},"wordCount":1113,"commentCount":0,"publisher":{"@id":"https:\/\/dockerpros.com\/#organization"},"image":{"@id":"https:\/\/dockerpros.com\/de\/sicherheit\/bewahrte-verfahren-zur-absicherung-von-docker-containern-im-produktivbetrieb\/#primaryimage"},"thumbnailUrl":"https:\/\/dockerpros.com\/wp-content\/uploads\/2024\/07\/best-practices-for-securing-docker-containers-in-production_626.jpg","articleSection":["Security"],"inLanguage":"es","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/dockerpros.com\/de\/sicherheit\/bewahrte-verfahren-zur-absicherung-von-docker-containern-im-produktivbetrieb\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/dockerpros.com\/de\/sicherheit\/bewahrte-verfahren-zur-absicherung-von-docker-containern-im-produktivbetrieb\/","url":"https:\/\/dockerpros.com\/de\/sicherheit\/bewahrte-verfahren-zur-absicherung-von-docker-containern-im-produktivbetrieb\/","name":"Mejores Pr\u00e1cticas para Asegurar Contenedores Docker en Producci\u00f3n - Dockerpros","isPartOf":{"@id":"https:\/\/dockerpros.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/dockerpros.com\/de\/sicherheit\/bewahrte-verfahren-zur-absicherung-von-docker-containern-im-produktivbetrieb\/#primaryimage"},"image":{"@id":"https:\/\/dockerpros.com\/de\/sicherheit\/bewahrte-verfahren-zur-absicherung-von-docker-containern-im-produktivbetrieb\/#primaryimage"},"thumbnailUrl":"https:\/\/dockerpros.com\/wp-content\/uploads\/2024\/07\/best-practices-for-securing-docker-containers-in-production_626.jpg","datePublished":"2024-07-22T12:36:41+00:00","breadcrumb":{"@id":"https:\/\/dockerpros.com\/de\/sicherheit\/bewahrte-verfahren-zur-absicherung-von-docker-containern-im-produktivbetrieb\/#breadcrumb"},"inLanguage":"es","potentialAction":[{"@type":"ReadAction","target":["https:\/\/dockerpros.com\/de\/sicherheit\/bewahrte-verfahren-zur-absicherung-von-docker-containern-im-produktivbetrieb\/"]}]},{"@type":"ImageObject","inLanguage":"es","@id":"https:\/\/dockerpros.com\/de\/sicherheit\/bewahrte-verfahren-zur-absicherung-von-docker-containern-im-produktivbetrieb\/#primaryimage","url":"https:\/\/dockerpros.com\/wp-content\/uploads\/2024\/07\/best-practices-for-securing-docker-containers-in-production_626.jpg","contentUrl":"https:\/\/dockerpros.com\/wp-content\/uploads\/2024\/07\/best-practices-for-securing-docker-containers-in-production_626.jpg","width":800,"height":600,"caption":"best-practices-for-securing-docker-containers-in-production-2"},{"@type":"BreadcrumbList","@id":"https:\/\/dockerpros.com\/de\/sicherheit\/bewahrte-verfahren-zur-absicherung-von-docker-containern-im-produktivbetrieb\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/dockerpros.com\/"},{"@type":"ListItem","position":2,"name":"Best Practices for Securing Docker Containers in Production"}]},{"@type":"WebSite","@id":"https:\/\/dockerpros.com\/#website","url":"https:\/\/dockerpros.com\/","name":"Profesionales de Docker","description":"DockerPros \u2013 Tu centro definitivo de recursos Docker","publisher":{"@id":"https:\/\/dockerpros.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/dockerpros.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"es"},{"@type":"Organization","@id":"https:\/\/dockerpros.com\/#organization","name":"Profesionales de Docker","url":"https:\/\/dockerpros.com\/","logo":{"@type":"ImageObject","inLanguage":"es","@id":"https:\/\/dockerpros.com\/#\/schema\/logo\/image\/","url":"https:\/\/dockerpros.com\/wp-content\/uploads\/2024\/07\/Dockerpros_logo_blanco.png","contentUrl":"https:\/\/dockerpros.com\/wp-content\/uploads\/2024\/07\/Dockerpros_logo_blanco.png","width":532,"height":114,"caption":"Dockerpros"},"image":{"@id":"https:\/\/dockerpros.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/dockerpros.com\/#\/schema\/person\/a9b4c3d7f7a8e2b072e77d47b382a3a4","name":"profesionales de Docker","image":{"@type":"ImageObject","inLanguage":"es","@id":"https:\/\/dockerpros.com\/#\/schema\/person\/image\/","url":"https:\/\/dockerpros.com\/wp-content\/litespeed\/avatar\/d13b9d4f101de1a7535b404e0c59affd.jpg?ver=1783601465","contentUrl":"https:\/\/dockerpros.com\/wp-content\/litespeed\/avatar\/d13b9d4f101de1a7535b404e0c59affd.jpg?ver=1783601465","caption":"dockerpros"},"sameAs":["https:\/\/dockerpros.com\/"],"url":"https:\/\/dockerpros.com\/es\/author\/dockerpros\/"}]}},"_links":{"self":[{"href":"https:\/\/dockerpros.com\/es\/wp-json\/wp\/v2\/posts\/626","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dockerpros.com\/es\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dockerpros.com\/es\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dockerpros.com\/es\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dockerpros.com\/es\/wp-json\/wp\/v2\/comments?post=626"}],"version-history":[{"count":0,"href":"https:\/\/dockerpros.com\/es\/wp-json\/wp\/v2\/posts\/626\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dockerpros.com\/es\/wp-json\/wp\/v2\/media\/1075"}],"wp:attachment":[{"href":"https:\/\/dockerpros.com\/es\/wp-json\/wp\/v2\/media?parent=626"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dockerpros.com\/es\/wp-json\/wp\/v2\/categories?post=626"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dockerpros.com\/es\/wp-json\/wp\/v2\/tags?post=626"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}