all-in-one/Containers/docker-socket-proxy/haproxy.cfg

# Inspiration: https://github.com/Tecnativa/docker-socket-proxy/blob/master/haproxy.cfg

defaults
    timeout connect 10s
    timeout client 10s
    timeout server 10s

frontend http
    mode http
    bind :2375
    http-request deny unless { src 127.0.0.1 } || { src ::1 } || { src NC_IPV4_PLACEHOLDER } || { src NC_IPV6_PLACEHOLDER }
    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/((start)|(stop)|(restart)|(kill)) }
    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers }
    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/images }
    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/info }
    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/networks }
    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/_ping }
    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/volumes }
    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/version }
    http-request deny
    default_backend dockerbackend

backend dockerbackend
    mode http
    server dockersocket /var/run/docker.sock
address review Signed-off-by: Simon L <szaimen@e.mail.de> 2023-08-30 21:13:08 +08:00			`# Inspiration: https://github.com/Tecnativa/docker-socket-proxy/blob/master/haproxy.cfg`

add docker-socket-proxy as option Signed-off-by: Simon L <szaimen@e.mail.de> 2023-08-24 20:09:21 +08:00			`defaults`
			`timeout connect 10s`
restore lost changes Signed-off-by: Simon L <szaimen@e.mail.de> 2023-08-30 20:59:08 +08:00			`timeout client 10s`
			`timeout server 10s`
add docker-socket-proxy as option Signed-off-by: Simon L <szaimen@e.mail.de> 2023-08-24 20:09:21 +08:00
restore lost changes Signed-off-by: Simon L <szaimen@e.mail.de> 2023-08-30 20:59:08 +08:00			`frontend http`
			`mode http`
add docker-socket-proxy as option Signed-off-by: Simon L <szaimen@e.mail.de> 2023-08-24 20:09:21 +08:00			`bind :2375`
restore lost changes Signed-off-by: Simon L <szaimen@e.mail.de> 2023-08-30 20:59:08 +08:00			`http-request deny unless { src 127.0.0.1 } \|\| { src ::1 } \|\| { src NC_IPV4_PLACEHOLDER } \|\| { src NC_IPV6_PLACEHOLDER }`
			`http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/((start)\|(stop)\|(restart)\|(kill)) }`
			`http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers }`
			`http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/images }`
			`http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/info }`
			`http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/networks }`
			`http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/_ping }`
			`http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/volumes }`
			`http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/version }`
add docker-socket-proxy as option Signed-off-by: Simon L <szaimen@e.mail.de> 2023-08-24 20:09:21 +08:00			`http-request deny`
			`default_backend dockerbackend`
restore lost changes Signed-off-by: Simon L <szaimen@e.mail.de> 2023-08-30 20:59:08 +08:00
			`backend dockerbackend`
			`mode http`
			`server dockersocket /var/run/docker.sock`