1
0
mirror of https://github.com/Tecnativa/docker-socket-proxy synced 2024-12-30 10:28:10 +00:00

Merge pull request #106 from sammcj/master

feat: add options for allowing stop and start
This commit is contained in:
Pedro M. Baeza 2023-11-27 18:46:29 +01:00 committed by GitHub
commit ea893f64f5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 7 additions and 0 deletions

View File

@ -2,6 +2,8 @@ FROM haproxy:2.2-alpine
EXPOSE 2375 EXPOSE 2375
ENV ALLOW_RESTARTS=0 \ ENV ALLOW_RESTARTS=0 \
ALLOW_STOP=0 \
ALLOW_START=0 \
AUTH=0 \ AUTH=0 \
BUILD=0 \ BUILD=0 \
COMMIT=0 \ COMMIT=0 \

View File

@ -125,6 +125,9 @@ extremely critical but can expose some information that your service does not ne
- `COMMIT` - `COMMIT`
- `CONFIGS` - `CONFIGS`
- `CONTAINERS` - `CONTAINERS`
- `ALLOW_START` (containers/`id`/`start`)
- `ALLOW_STOP` (containers/`id`/`stop`)
- `ALLOW_RESTARTS` (containers/`id`/`stop`|`restart`|`kill`)
- `DISTRIBUTION` - `DISTRIBUTION`
- `EXEC` - `EXEC`
- `GRPC` - `GRPC`

View File

@ -47,6 +47,8 @@ frontend dockerfrontend
bind :2375 bind :2375
http-request deny unless METH_GET || { env(POST) -m bool } http-request deny unless METH_GET || { env(POST) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/((stop)|(restart)|(kill)) } { env(ALLOW_RESTARTS) -m bool } http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/((stop)|(restart)|(kill)) } { env(ALLOW_RESTARTS) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/start } { env(ALLOW_START) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/stop } { env(ALLOW_STOP) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/auth } { env(AUTH) -m bool } http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/auth } { env(AUTH) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/build } { env(BUILD) -m bool } http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/build } { env(BUILD) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/commit } { env(COMMIT) -m bool } http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/commit } { env(COMMIT) -m bool }