-
Notifications
You must be signed in to change notification settings - Fork 629
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Simon L <szaimen@e.mail.de>
- Loading branch information
Showing
14 changed files
with
236 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
# Inspiration: https://github.com/Tecnativa/docker-socket-proxy/blob/master/Dockerfile | ||
FROM haproxy:2.4.24-alpine3.18 | ||
|
||
RUN set -ex; \ | ||
apk add --no-cache date; \ | ||
chmod 777 -R /run/; \ | ||
chmod 777 -R /var/lib/haproxy | ||
|
||
EXPOSE 2375 | ||
ENV ALLOW_RESTARTS=1 \ | ||
AUTH=1 \ | ||
BUILD=0 \ | ||
COMMIT=0 \ | ||
CONFIGS=0 \ | ||
CONTAINERS=1 \ | ||
DISTRIBUTION=0 \ | ||
EVENTS=1 \ | ||
EXEC=0 \ | ||
GRPC=0 \ | ||
IMAGES=1 \ | ||
INFO=1 \ | ||
LOG_LEVEL=info \ | ||
NETWORKS=1 \ | ||
NODES=0 \ | ||
PING=1 \ | ||
PLUGINS=0 \ | ||
POST=0 \ | ||
SECRETS=0 \ | ||
SERVICES=1 \ | ||
SESSION=0 \ | ||
SOCKET_PATH=/var/run/docker.sock \ | ||
SWARM=0 \ | ||
SYSTEM=0 \ | ||
TASKS=0 \ | ||
VERSION=1 \ | ||
VOLUMES=1 | ||
COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg | ||
|
||
USER haproxy:root |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
# Inspiration: https://github.com/Tecnativa/docker-socket-proxy/blob/master/haproxy.cfg | ||
|
||
global | ||
log stdout format raw daemon "${LOG_LEVEL}" | ||
|
||
pidfile /run/haproxy.pid | ||
maxconn 4000 | ||
|
||
# Turn on stats unix socket | ||
server-state-file /var/lib/haproxy/server-state | ||
|
||
defaults | ||
mode http | ||
log global | ||
option httplog | ||
option dontlognull | ||
option http-server-close | ||
option redispatch | ||
retries 3 | ||
timeout http-request 10s | ||
timeout queue 1m | ||
timeout connect 10s | ||
timeout client 10m | ||
timeout server 10m | ||
timeout http-keep-alive 10s | ||
timeout check 10s | ||
maxconn 3000 | ||
|
||
# Allow seamless reloads | ||
load-server-state-from-file global | ||
|
||
# Use provided example error pages | ||
errorfile 400 /usr/local/etc/haproxy/errors/400.http | ||
errorfile 403 /usr/local/etc/haproxy/errors/403.http | ||
errorfile 408 /usr/local/etc/haproxy/errors/408.http | ||
errorfile 500 /usr/local/etc/haproxy/errors/500.http | ||
errorfile 502 /usr/local/etc/haproxy/errors/502.http | ||
errorfile 503 /usr/local/etc/haproxy/errors/503.http | ||
errorfile 504 /usr/local/etc/haproxy/errors/504.http | ||
|
||
backend dockerbackend | ||
server dockersocket $SOCKET_PATH | ||
|
||
frontend dockerfrontend | ||
bind :2375 | ||
http-request deny unless METH_GET || { env(POST) -m bool } | ||
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/((stop)|(restart)|(kill)) } { env(ALLOW_RESTARTS) -m bool } | ||
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/auth } { env(AUTH) -m bool } | ||
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/build } { env(BUILD) -m bool } | ||
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/commit } { env(COMMIT) -m bool } | ||
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/configs } { env(CONFIGS) -m bool } | ||
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers } { env(CONTAINERS) -m bool } | ||
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/distribution } { env(DISTRIBUTION) -m bool } | ||
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/events } { env(EVENTS) -m bool } | ||
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/exec } { env(EXEC) -m bool } | ||
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/grpc } { env(GRPC) -m bool } | ||
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/images } { env(IMAGES) -m bool } | ||
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/info } { env(INFO) -m bool } | ||
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/networks } { env(NETWORKS) -m bool } | ||
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/nodes } { env(NODES) -m bool } | ||
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/_ping } { env(PING) -m bool } | ||
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/plugins } { env(PLUGINS) -m bool } | ||
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/secrets } { env(SECRETS) -m bool } | ||
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/services } { env(SERVICES) -m bool } | ||
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/session } { env(SESSION) -m bool } | ||
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/swarm } { env(SWARM) -m bool } | ||
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/system } { env(SYSTEM) -m bool } | ||
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/tasks } { env(TASKS) -m bool } | ||
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/version } { env(VERSION) -m bool } | ||
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/volumes } { env(VOLUMES) -m bool } | ||
http-request deny | ||
default_backend dockerbackend |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
document.addEventListener("DOMContentLoaded", function(event) { | ||
// Docker socket proxy | ||
document.getElementById("docker-socket-proxy").disabled = true; | ||
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters