docker-socket-proxy icon indicating copy to clipboard operation
docker-socket-proxy copied to clipboard

Published 20 hours ago verified publisher icon Tecnativa

I'd need finer-grained restrictions

Open funkyfuture opened this issue 5 years ago • 8 comments

ciao, thanks for this simple solution. i'd have a use-case though where only access to the endpoints containers/json and …/{id}/json (inspection), but not …/create or …/{id}/stop etc., would be needed.

it'd be therefore desirable to use environment variables like CONTAINER_LIST and CONTAINER_INSPECT to override the CONTAINER value.

funkyfuture avatar May 10 '19 14:05 funkyfuture

Thanks for your time on opening this issue. :blush:

Usually CONTAINERS=1 POST=0 should be enough for your case, where you allow access to containers/*, but only allow GET and HEAD operations.

Please reopen if I missed something.

yajo avatar May 13 '19 07:05 yajo

well, my examples weren't the best. but there are other endpoints for GET requests, like export that are desirable to forbid.

funkyfuture avatar May 13 '19 11:05 funkyfuture

OK, let me reopen. :wink:

TBH most likely I'm not gonna work to fix this, since it doesn't affect the usage I do for this image. However if anybody wants to open a PR, feel free to do so! :blush:

yajo avatar May 13 '19 13:05 yajo

#14 seems like a step in the right direction for that, but a standalone binary that generates the config as entrypoint would be preferable.

funkyfuture avatar May 13 '19 13:05 funkyfuture