fluencelabs/docker-socket-proxy
1
0
Fork 0
mirror of https://github.com/fluencelabs/docker-socket-proxy synced 2025-04-24 17:02:16 +00:00
Code Issues Projects Releases Wiki Activity

Update readme

Browse Source
This commit is contained in:
folex 2019-09-19 16:28:58 +03:00
parent 5f95f518f3
commit 077e91ac67
2 changed files with 35 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
README.md
View File

@ -119,27 +119,31 @@ by default. Maximum caution when enabling these.
#### Not always needed
You will possibly need to grant access to some of these API sections, which are
not so extremely critical but can expose some information that your service
does not need.
You will possibly need to grant access to some of these API sections, which
can expose some information that your service does not need.
- `BUILD`
- `COMMIT`
- `CONFIGS`
- `CONTAINERS`
- `DISTRIBUTION`
- `EXEC`
- `IMAGES`
- `INFO`
- `NETWORKS`
- `NODES`
- `PLUGINS`
- `SERVICES`
- `SESSION`
- `SWARM`
- `SYSTEM`
- `TASKS`
- `VOLUMES`
| GET | POST |
|:---------------|:----------------------|
| `BUILD` | `ALLOW_RESTARTS` |
| `COMMIT` | `CONTAINERS_PRUNE` |
| `CONFIGS` | `CONTAINERS_CREATE` |
| `CONTAINERS` | `CONTAINERS_RESIZE` |
| `DISTRIBUTION` | `CONTAINERS_START` |
| `EXEC` | `CONTAINERS_UPDATE` |
| `IMAGES` | `CONTAINERS_RENAME` |
| `INFO` | `CONTAINERS_PAUSE` |
| `NETWORKS` | `CONTAINERS_UNPAUSE` |
| `NODES` | `CONTAINERS_ATTACH` |
| `PLUGINS` | `CONTAINERS_WAIT` |
| `SERVICES` | `CONTAINERS_EXEC` |
| `SESSION` | `VOLUMES_CREATE` |
| `SWARM` | `VOLUMES_PRUNE` |
| `SYSTEM` | `NETWORKS_CREATE` |
| `TASKS` | `NETWORKS_PRUNE` |
| `VOLUMES` | `NETWORKS_CONNECT` |
| | `NETWORKS_DISCONNECT` |
`ALLOW_RESTARTS` allows to `kill`, `stop` and `restart` containers
## Logging

22
haproxy.cfg
View File

@ -69,20 +69,20 @@ frontend dockerfrontend
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/create } { env(CONTAINERS_CREATE) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/prune } { env(CONTAINERS_PRUNE) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/((stop)|(restart)|(kill)) } { env(ALLOW_RESTARTS) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/resize } { env(CONTAINERS_RESIZE) -m bool}
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/start } { env(CONTAINERS_START) -m bool}
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/update } { env(CONTAINERS_UPDATE) -m bool}
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/rename } { env(CONTAINERS_RENAME) -m bool}
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/pause } { env(CONTAINERS_PAUSE) -m bool}
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/unpause } { env(CONTAINERS_UNPAUSE) -m bool}
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/attach } { env(CONTAINERS_ATTACH) -m bool}
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/wait } { env(CONTAINERS_WAIT) -m bool}
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/exec } { env(CONTAINERS_EXEC) -m bool}
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/resize } { env(CONTAINERS_RESIZE) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/start } { env(CONTAINERS_START) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/update } { env(CONTAINERS_UPDATE) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/rename } { env(CONTAINERS_RENAME) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/pause } { env(CONTAINERS_PAUSE) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/unpause } { env(CONTAINERS_UNPAUSE) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/attach } { env(CONTAINERS_ATTACH) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/wait } { env(CONTAINERS_WAIT) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/exec } { env(CONTAINERS_EXEC) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/volumes/create } { env(VOLUMES_CREATE) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/volumes/prune } { env(VOLUMES_PRUNE) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/networks/create } { env(NETWORKS_CREATE) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/networks/prune } { env(NETWORKS_PRUNE) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/networks/[a-zA-Z0-9_.-]+/connect } { env(NETWORKS_CONNECT) -m bool}
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/networks/[a-zA-Z0-9_.-]+/disconnect } { env(NETWORKS_DISCONNECT) -m bool}
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/networks/[a-zA-Z0-9_.-]+/connect } { env(NETWORKS_CONNECT) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/networks/[a-zA-Z0-9_.-]+/disconnect } { env(NETWORKS_DISCONNECT) -m bool }
http-request deny
default_backend dockerbackend