1
0
mirror of https://github.com/Tecnativa/docker-socket-proxy synced 2025-01-05 05:10:54 +00:00

Merge branch 'Tecnativa:master' into master

This commit is contained in:
Owen Valentine 2023-12-22 16:16:57 +02:00 committed by GitHub
commit 1cb2c62e55
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 22 additions and 9 deletions

View File

@ -11,7 +11,7 @@ repos:
language: fail language: fail
files: "\\.rej$" files: "\\.rej$"
- repo: https://github.com/pre-commit/mirrors-prettier - repo: https://github.com/pre-commit/mirrors-prettier
rev: v2.7.1 rev: v3.0.3
hooks: hooks:
- id: prettier - id: prettier
additional_dependencies: additional_dependencies:
@ -20,7 +20,7 @@ repos:
args: args:
- --plugin=@prettier/plugin-xml - --plugin=@prettier/plugin-xml
- repo: https://github.com/myint/autoflake - repo: https://github.com/myint/autoflake
rev: v1.4 rev: v2.2.1
hooks: hooks:
- id: autoflake - id: autoflake
args: args:
@ -31,21 +31,21 @@ repos:
- --remove-duplicate-keys - --remove-duplicate-keys
- --remove-unused-variables - --remove-unused-variables
- repo: https://github.com/asottile/pyupgrade - repo: https://github.com/asottile/pyupgrade
rev: v2.34.0 rev: v3.13.0
hooks: hooks:
- id: pyupgrade - id: pyupgrade
- repo: https://github.com/psf/black - repo: https://github.com/psf/black
rev: 22.3.0 rev: 23.9.1
hooks: hooks:
- id: black - id: black
- repo: https://github.com/timothycrosley/isort - repo: https://github.com/timothycrosley/isort
rev: 5.10.1 rev: 5.12.0
hooks: hooks:
- id: isort - id: isort
args: args:
- --settings=. - --settings=.
- repo: https://github.com/pycqa/flake8 - repo: https://github.com/pycqa/flake8
rev: 3.9.2 rev: 6.1.0
hooks: hooks:
- &flake8 - &flake8
id: flake8 id: flake8
@ -60,7 +60,7 @@ repos:
- --extend-ignore=F401 - --extend-ignore=F401
files: /__init__\.py$ files: /__init__\.py$
- repo: https://github.com/pre-commit/pre-commit-hooks - repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.3.0 rev: v4.4.0
hooks: hooks:
- id: check-case-conflict - id: check-case-conflict
- id: check-executables-have-shebangs - id: check-executables-have-shebangs

View File

@ -2,6 +2,8 @@ FROM haproxy:2.2-alpine
EXPOSE 2375 EXPOSE 2375
ENV ALLOW_RESTARTS=0 \ ENV ALLOW_RESTARTS=0 \
ALLOW_STOP=0 \
ALLOW_START=0 \
AUTH=0 \ AUTH=0 \
BUILD=0 \ BUILD=0 \
COMMIT=0 \ COMMIT=0 \

View File

@ -125,6 +125,9 @@ extremely critical but can expose some information that your service does not ne
- `COMMIT` - `COMMIT`
- `CONFIGS` - `CONFIGS`
- `CONTAINERS` - `CONTAINERS`
- `ALLOW_START` (containers/`id`/`start`)
- `ALLOW_STOP` (containers/`id`/`stop`)
- `ALLOW_RESTARTS` (containers/`id`/`stop`|`restart`|`kill`)
- `DISTRIBUTION` - `DISTRIBUTION`
- `EXEC` - `EXEC`
- `GRPC` - `GRPC`
@ -230,7 +233,7 @@ env DOCKER_IMAGE_NAME=my_custom_image poetry run pytest
## Logging ## Logging
You can set the logging level or severity level of the messages to be logged with the You can set the logging level or severity level of the messages to be logged with the
environment variable `LOG_LEVEL`. Defaul value is info. Possible values are: debug, environment variable `LOG_LEVEL`. Default value is info. Possible values are: debug,
info, notice, warning, err, crit, alert and emerg. info, notice, warning, err, crit, alert and emerg.
## Supported API versions ## Supported API versions

View File

@ -39,10 +39,16 @@ defaults
backend dockerbackend backend dockerbackend
server dockersocket $SOCKET_PATH server dockersocket $SOCKET_PATH
backend docker-events
server dockersocket $SOCKET_PATH
timeout server 0
frontend dockerfrontend frontend dockerfrontend
bind :2375 bind :::2375 v4v6
http-request deny unless METH_GET || { env(POST) -m bool } http-request deny unless METH_GET || { env(POST) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/((stop)|(restart)|(kill)) } { env(ALLOW_RESTARTS) -m bool } http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/((stop)|(restart)|(kill)) } { env(ALLOW_RESTARTS) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/start } { env(ALLOW_START) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/stop } { env(ALLOW_STOP) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/auth } { env(AUTH) -m bool } http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/auth } { env(AUTH) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/build } { env(BUILD) -m bool } http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/build } { env(BUILD) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/commit } { env(COMMIT) -m bool } http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/commit } { env(COMMIT) -m bool }
@ -68,3 +74,5 @@ frontend dockerfrontend
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/volumes } { env(VOLUMES) -m bool } http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/volumes } { env(VOLUMES) -m bool }
http-request deny http-request deny
default_backend dockerbackend default_backend dockerbackend
use_backend docker-events if { path,url_dec -m reg -i ^(/v[\d\.]+)?/events }