``` yaml
version: "3.7"
services:
  socket-proxy:
    image: lscr.io/linuxserver/socket-proxy:latest
    container_name: socket-proxy
    restart: unless-stopped
    ports:
      - "127.0.0.1:2375:2375" # Exposes the proxy on localhost only (recommended for security)
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro # Mount the Docker socket in read-only mode
    environment:
      # Grant/revoke access to specific API sections (0 = revoke, 1 = grant)
      ALLOW_START: 0
      ALLOW_STOP: 0
      ALLOW_RESTART: 0
      ALLOW_BUILD: 0
      ALLOW_COMMIT: 0
      ALLOW_CONTAINERS: 1 # Allows listing/inspecting containers
      ALLOW_IMAGES: 1     # Allows listing/pulling images
      ALLOW_INFO: 1       # Allows getting Docker info
      ALLOW_PING: 1       # Allows pinging the Docker daemon
      SERVICES: 1         # Optional
      TASKS: 1            # Optional
      EVENTS: 1           # Optional
      VERSION: 1          # Optional
      CONTAINERS: 1       # Optional
      # Optional: Set your timezone
      TZ: Etc/UTC
    read_only: true # Enhance security by making the container's filesystem read-only
    tmpfs:
      - /run:rw # Necessary for the container to run
```