diff --git a/Dockerfile b/Dockerfile index 0a6d35e95813fabad4ba19b437764d1619fbbffa..8d7a62b22b7837ecbbbe4688ae0c419be9c96d99 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,8 @@ FROM haproxy:1.9-alpine EXPOSE 2375 -ENV AUTH=0 \ +ENV ALLOW_RESTARTS=0 \ + AUTH=0 \ BUILD=0 \ COMMIT=0 \ CONFIGS=0 \ diff --git a/haproxy.cfg b/haproxy.cfg index 3a5c67758b049c61e35b2d442dc28b8116aa2303..fa85fb47b71d60960b0b8519981e98cff4a21166 100644 --- a/haproxy.cfg +++ b/haproxy.cfg @@ -42,6 +42,7 @@ backend dockerbackend frontend dockerfrontend bind :2375 http-request deny unless METH_GET || { env(POST) -m bool } + http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[^/]+/((stop)|(restart)|(kill)) } ! { env(ALLOW_RESTARTS) -m bool } http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/auth } ! { env(AUTH) -m bool } http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/build } ! { env(BUILD) -m bool } http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/commit } ! { env(COMMIT) -m bool }