iamthefij
/
docker-socket-proxy
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
2 Commits 1 Branch 0 Tags 416 KiB
HAProxy 78.8%
Dockerfile 17.9%
Shell 3.3%
Go to file
Jairo Llopis 53d9ee0732 Support any API version prefix 2017-03-29 13:11:26 +02:00
hooks 🎉 Hello world 2017-03-29 13:06:56 +02:00
Dockerfile 🎉 Hello world 2017-03-29 13:06:56 +02:00
LICENSE.txt 🎉 Hello world 2017-03-29 13:06:56 +02:00
README.md 🎉 Hello world 2017-03-29 13:06:56 +02:00
haproxy.cfg Support any API version prefix 2017-03-29 13:11:26 +02:00

README.md

Docker Socket Readonly Proxy

What?

This is a readonly proxy for the Docker Socket.

Why?

Giving access to your Docker socket could mean giving root access to your host, or even to your whole swarm, but some services require hooking into that socket to react to events, etc. Using this proxy lets you block anything you consider those services should not do.

How?

We use the official Alpine-based HAProxy image with a small configuration file.

It blocks access to the Docker socket API according to the environment variables you set. It returns a HTTP 403 Forbidden status for those dangerous requests that should never happen.

Usage

Feedback

Please send any feedback (issues, questions) to the issue tracker.