mirror of
https://github.com/Tecnativa/docker-socket-proxy
synced 2024-12-30 10:28:10 +00:00
Merge pull request #106 from sammcj/master
feat: add options for allowing stop and start
This commit is contained in:
commit
ea893f64f5
@ -2,6 +2,8 @@ FROM haproxy:2.2-alpine
|
|||||||
|
|
||||||
EXPOSE 2375
|
EXPOSE 2375
|
||||||
ENV ALLOW_RESTARTS=0 \
|
ENV ALLOW_RESTARTS=0 \
|
||||||
|
ALLOW_STOP=0 \
|
||||||
|
ALLOW_START=0 \
|
||||||
AUTH=0 \
|
AUTH=0 \
|
||||||
BUILD=0 \
|
BUILD=0 \
|
||||||
COMMIT=0 \
|
COMMIT=0 \
|
||||||
|
@ -125,6 +125,9 @@ extremely critical but can expose some information that your service does not ne
|
|||||||
- `COMMIT`
|
- `COMMIT`
|
||||||
- `CONFIGS`
|
- `CONFIGS`
|
||||||
- `CONTAINERS`
|
- `CONTAINERS`
|
||||||
|
- `ALLOW_START` (containers/`id`/`start`)
|
||||||
|
- `ALLOW_STOP` (containers/`id`/`stop`)
|
||||||
|
- `ALLOW_RESTARTS` (containers/`id`/`stop`|`restart`|`kill`)
|
||||||
- `DISTRIBUTION`
|
- `DISTRIBUTION`
|
||||||
- `EXEC`
|
- `EXEC`
|
||||||
- `GRPC`
|
- `GRPC`
|
||||||
|
@ -47,6 +47,8 @@ frontend dockerfrontend
|
|||||||
bind :2375
|
bind :2375
|
||||||
http-request deny unless METH_GET || { env(POST) -m bool }
|
http-request deny unless METH_GET || { env(POST) -m bool }
|
||||||
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/((stop)|(restart)|(kill)) } { env(ALLOW_RESTARTS) -m bool }
|
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/((stop)|(restart)|(kill)) } { env(ALLOW_RESTARTS) -m bool }
|
||||||
|
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/start } { env(ALLOW_START) -m bool }
|
||||||
|
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/stop } { env(ALLOW_STOP) -m bool }
|
||||||
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/auth } { env(AUTH) -m bool }
|
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/auth } { env(AUTH) -m bool }
|
||||||
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/build } { env(BUILD) -m bool }
|
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/build } { env(BUILD) -m bool }
|
||||||
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/commit } { env(COMMIT) -m bool }
|
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/commit } { env(COMMIT) -m bool }
|
||||||
|
Loading…
Reference in New Issue
Block a user