fluencelabs/docker-socket-proxy
1
0
Fork 0
mirror of https://github.com/fluencelabs/docker-socket-proxy synced 2025-04-25 17:32:14 +00:00
Code Issues Projects Releases Wiki Activity

Add DELETE methods for networks, containers, images and volumes

Browse Source
This commit is contained in:
folex 2019-09-20 15:53:39 +03:00
parent a80f7123c0
commit 1ad9dd2551
2 changed files with 20 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Dockerfile
View File

@ -43,7 +43,11 @@ ENV ALLOW_RESTARTS=0 \
NETWORKS_CREATE=0 \ NETWORKS_CREATE=0 \
NETWORKS_PRUNE=0 \ NETWORKS_PRUNE=0 \
NETWORKS_CONNECT=0 \ NETWORKS_CONNECT=0 \
NETWORKS_DISCONNECT=0 NETWORKS_DISCONNECT=0 \
NETWORKS_DELETE=0 \
CONTAINERS_DELETE=0 \
IMAGES_DELETE=0 \
VOLUMES_DELETE=0
COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg

23
haproxy.cfg
View File

@ -28,20 +28,20 @@ defaults
load-server-state-from-file global load-server-state-from-file global
# Use provided example error pages # Use provided example error pages
errorfile 400 /usr/local/etc/haproxy/errors/400.http # errorfile 400 /usr/local/etc/haproxy/errors/400.http
errorfile 403 /usr/local/etc/haproxy/errors/403.http # errorfile 403 /usr/local/etc/haproxy/errors/403.http
errorfile 408 /usr/local/etc/haproxy/errors/408.http # errorfile 408 /usr/local/etc/haproxy/errors/408.http
errorfile 500 /usr/local/etc/haproxy/errors/500.http # errorfile 500 /usr/local/etc/haproxy/errors/500.http
errorfile 502 /usr/local/etc/haproxy/errors/502.http # errorfile 502 /usr/local/etc/haproxy/errors/502.http
errorfile 503 /usr/local/etc/haproxy/errors/503.http # errorfile 503 /usr/local/etc/haproxy/errors/503.http
errorfile 504 /usr/local/etc/haproxy/errors/504.http # errorfile 504 /usr/local/etc/haproxy/errors/504.http
backend dockerbackend backend dockerbackend
server dockersocket /var/run/docker.sock server dockersocket /var/run/docker.sock
frontend dockerfrontend frontend dockerfrontend
bind :2375 bind :2375
http-request deny unless METH_GET || { env(POST) -m bool } http-request deny unless METH_GET || METH_POST { env(POST) -m bool } || METH_DELETE { env(DELETE) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/auth } { env(AUTH) -m bool } http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/auth } { env(AUTH) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/build } { env(BUILD) -m bool } http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/build } { env(BUILD) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/commit } { env(COMMIT) -m bool } http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/commit } { env(COMMIT) -m bool }
@ -84,5 +84,12 @@ frontend dockerfrontend
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/networks/prune } { env(NETWORKS_PRUNE) -m bool } http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/networks/prune } { env(NETWORKS_PRUNE) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/networks/[a-zA-Z0-9_.-]+/connect } { env(NETWORKS_CONNECT) -m bool } http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/networks/[a-zA-Z0-9_.-]+/connect } { env(NETWORKS_CONNECT) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/networks/[a-zA-Z0-9_.-]+/disconnect } { env(NETWORKS_DISCONNECT) -m bool } http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/networks/[a-zA-Z0-9_.-]+/disconnect } { env(NETWORKS_DISCONNECT) -m bool }
# DELETE requests
http-request allow if METH_DELETE { path,url_dec -m reg -i ^(/v[\d\.]+)?/networks/[a-zA-Z0-9_.-]+ } { env(NETWORKS_DELETE) -m bool }
http-request allow if METH_DELETE { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+ } { env(CONTAINERS_DELETE) -m bool }
http-request allow if METH_DELETE { path,url_dec -m reg -i ^(/v[\d\.]+)?/images/[a-zA-Z0-9_.-]+ } { env(IMAGES_DELETE) -m bool }
http-request allow if METH_DELETE { path,url_dec -m reg -i ^(/v[\d\.]+)?/volumes/[a-zA-Z0-9_.-]+ } { env(VOLUMES_DELETE) -m bool }
http-request deny http-request deny
default_backend dockerbackend default_backend dockerbackend