Added explicit "allow restarts" permission.

5a7bc8fd · Andre Zoledziowski · Jairo Llopis · 3a1d5bb0 · 5a7bc8fd · 5a7bc8fd
Commit 5a7bc8fd authored Jan 21, 2019 by Andre Zoledziowski Committed by Jairo Llopis Jan 21, 2019
--- a/Dockerfile
+++ b/Dockerfile
 FROM haproxy:1.9-alpine

 EXPOSE 2375
-ENV AUTH=0 \
+ENV ALLOW_RESTARTS=0 \
+    AUTH=0 \
    BUILD=0 \
    COMMIT=0 \
    CONFIGS=0 \

--- a/haproxy.cfg
+++ b/haproxy.cfg
@@ -42,6 +42,7 @@ backend dockerbackend
 frontend dockerfrontend
    bind :2375
    http-request deny unless METH_GET || { env(POST) -m bool }
+    http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[^/]+/((stop)|(restart)|(kill)) } ! { env(ALLOW_RESTARTS) -m bool }
    http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/auth } ! { env(AUTH) -m bool }
    http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/build } ! { env(BUILD) -m bool }
    http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/commit } ! { env(COMMIT) -m bool }