mirror of
https://github.com/Tecnativa/docker-socket-proxy
synced 2025-01-05 05:10:54 +00:00
Create a docker group on startup with the correct GID
This allows haproxy to read the socket, whilst running as a non-privileged user. The container itself needs to run as root to create the group, but haproxy itself changes its own group after startup.
This commit is contained in:
parent
104914f212
commit
c73447028f
@ -30,4 +30,10 @@ ENV ALLOW_RESTARTS=0 \
|
|||||||
TASKS=0 \
|
TASKS=0 \
|
||||||
VERSION=1 \
|
VERSION=1 \
|
||||||
VOLUMES=0
|
VOLUMES=0
|
||||||
|
|
||||||
|
COPY docker-entrypoint.sh /docker-entrypoint.sh
|
||||||
|
ENTRYPOINT [ "/docker-entrypoint.sh" ]
|
||||||
|
|
||||||
COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
|
COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
|
||||||
|
|
||||||
|
CMD ["haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg"]
|
||||||
|
10
docker-entrypoint.sh
Executable file
10
docker-entrypoint.sh
Executable file
@ -0,0 +1,10 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
# Create a group with the same gid as the docker socket
|
||||||
|
export DOCKER_GID=$(stat -c "%g" $SOCKET_PATH)
|
||||||
|
addgroup -g $DOCKER_GID docker
|
||||||
|
|
||||||
|
# Run the original entrypoint - Our work here is done.
|
||||||
|
exec /usr/local/bin/docker-entrypoint.sh $@
|
@ -4,6 +4,9 @@ global
|
|||||||
pidfile /run/haproxy.pid
|
pidfile /run/haproxy.pid
|
||||||
maxconn 4000
|
maxconn 4000
|
||||||
|
|
||||||
|
user haproxy
|
||||||
|
group docker
|
||||||
|
|
||||||
# Turn on stats unix socket
|
# Turn on stats unix socket
|
||||||
server-state-file /var/lib/haproxy/server-state
|
server-state-file /var/lib/haproxy/server-state
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user