For my use case I am exposing the docker remote API (hosted on AWS) publicly so that users can attach their tty (xterm.js) to that of shell inside docker containers using web sockets as shown here.
Since the API is public there is nothing preventing the users from running commands on docker engine, like stopping or starting other containers ..etc.
- So how can I prevent users from running commands on docker engine
- And if possible how can I authenticate the users connecting to container via socket
Ok, I found the solution for the problem. It is possible to expose docker shell to external users safely with the help of web terminals like ttyd also there is docker image for ttdy
And thanks to David for pointing out flaws in my architecture.
✌️