arno
/
docker-socket-proxy
mirror of https://github.com/Tecnativa/docker-socket-proxy
1
0
Fork 0
Code Issues Releases Wiki Activity
Proxy over your Docker socket to restrict which requests it accepts
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
3 Branches
3 Tags
307 KiB
 
 
 
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '17ff117058'
${ noResults }
Go to file
Jairo Llopis 17ff117058
🎉 Hello world 		7 years ago
hooks 🎉 Hello world 7 years ago
Dockerfile 🎉 Hello world 7 years ago
LICENSE.txt 🎉 Hello world 7 years ago
README.md 🎉 Hello world 7 years ago
haproxy.cfg 🎉 Hello world 7 years ago

README.md

Docker Socket Readonly Proxy

What?

This is a readonly proxy for the Docker Socket.

Why?

Giving access to your Docker socket could mean giving root access to your host, or even to your whole swarm, but some services require hooking into that socket to react to events, etc. Using this proxy lets you block anything you consider those services should not do.

How?

We use the official Alpine-based HAProxy image with a small configuration file.

It blocks access to the Docker socket API according to the environment variables you set. It returns a HTTP 403 Forbidden status for those dangerous requests that should never happen.

Usage

Feedback

Please send any feedback (issues, questions) to the issue tracker.