mirror of
https://github.com/Tecnativa/docker-socket-proxy
synced 2024-11-27 10:28:18 +00:00
Added explicit "allow restarts" permission.
This commit is contained in:
parent
3a1d5bb03a
commit
5a7bc8fd17
@ -1,7 +1,8 @@
|
||||
FROM haproxy:1.9-alpine
|
||||
|
||||
EXPOSE 2375
|
||||
ENV AUTH=0 \
|
||||
ENV ALLOW_RESTARTS=0 \
|
||||
AUTH=0 \
|
||||
BUILD=0 \
|
||||
COMMIT=0 \
|
||||
CONFIGS=0 \
|
||||
|
@ -42,6 +42,7 @@ backend dockerbackend
|
||||
frontend dockerfrontend
|
||||
bind :2375
|
||||
http-request deny unless METH_GET || { env(POST) -m bool }
|
||||
http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[^/]+/((stop)|(restart)|(kill)) } ! { env(ALLOW_RESTARTS) -m bool }
|
||||
http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/auth } ! { env(AUTH) -m bool }
|
||||
http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/build } ! { env(BUILD) -m bool }
|
||||
http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/commit } ! { env(COMMIT) -m bool }
|
||||
|
Loading…
Reference in New Issue
Block a user