This is a fork of https://github.com/Tecnativa/docker-socket-proxy with added https support and updated haproxy, to a few line of this README.md and the haproxy.cfg config still applies the Apache-2.0 license.
You grant and revoke access to certain features of the Docker API through environment variables.
Normally the variables match the URL prefix (i.e. AUTH blocks access to /auth/*
parts of the API, etc.).
Possible values for these variables:
0to revoke access.1to grant access.
These API sections are mostly harmless and almost required for any service that uses the API, so they are granted by default.
EVENTSPINGVERSION
These API sections are considered security-critical, and thus access is revoked by default. Maximum caution when enabling these.
AUTHSECRETSPOST: When disabled, onlyGETandHEADoperations are allowed, meaning any section of the API is read-only.NOPOSTAllows ALL (with ALL I mean ALL) GET requests to the socket (so no POST, HEAD, etc.) - so full read-only access
You will possibly need to grant access to some of these API sections, which are not so extremely critical but can expose some information that your service does not need.
ALLOW_POWER(containers/id/start|stop|kill|restart)ALLOW_RESTART(containers/id/restart)ALLOW_START(containers/id/start)ALLOW_STOP(containers/id/stop)ALLOW_Kill(containers/id/kill)BUILDCOMMITCONFIGSCONTAINERSDISTRIBUTIONEXECGRPCIMAGESINFONETWORKSNODESPLUGINSSERVICESSESSIONSWARMSYSTEMTASKSVOLUMES