1
0
mirror of https://github.com/Tecnativa/docker-socket-proxy synced 2025-01-05 05:10:54 +00:00

Create a docker group on startup with the correct GID

This allows haproxy to read the socket, whilst running as a non-privileged user.

The container itself needs to run as root to create the group, but haproxy itself changes its own group after startup.
This commit is contained in:
Jake Howard 2022-11-29 09:15:34 +00:00
parent 104914f212
commit c73447028f
No known key found for this signature in database
GPG Key ID: 57AFB45680EDD477
3 changed files with 19 additions and 0 deletions

View File

@ -30,4 +30,10 @@ ENV ALLOW_RESTARTS=0 \
TASKS=0 \ TASKS=0 \
VERSION=1 \ VERSION=1 \
VOLUMES=0 VOLUMES=0
COPY docker-entrypoint.sh /docker-entrypoint.sh
ENTRYPOINT [ "/docker-entrypoint.sh" ]
COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
CMD ["haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg"]

10
docker-entrypoint.sh Executable file
View File

@ -0,0 +1,10 @@
#!/bin/sh
set -e
# Create a group with the same gid as the docker socket
export DOCKER_GID=$(stat -c "%g" $SOCKET_PATH)
addgroup -g $DOCKER_GID docker
# Run the original entrypoint - Our work here is done.
exec /usr/local/bin/docker-entrypoint.sh $@

View File

@ -4,6 +4,9 @@ global
pidfile /run/haproxy.pid pidfile /run/haproxy.pid
maxconn 4000 maxconn 4000
user haproxy
group docker
# Turn on stats unix socket # Turn on stats unix socket
server-state-file /var/lib/haproxy/server-state server-state-file /var/lib/haproxy/server-state