From 085fd0a23cf1a39a9d912797c73801b05b3c7135 Mon Sep 17 00:00:00 2001
From: Sam McLeod <sammcj@users.noreply.github.com>
Date: Sun, 26 Nov 2023 12:14:51 +1100
Subject: [PATCH] feat: add options for allowing stop and start

---
 README.md   | 3 +++
 haproxy.cfg | 2 ++
 2 files changed, 5 insertions(+)

diff --git a/README.md b/README.md
index e2a5cb9..a9de927 100644
--- a/README.md
+++ b/README.md
@@ -125,6 +125,9 @@ extremely critical but can expose some information that your service does not ne
 -   `COMMIT`
 -   `CONFIGS`
 -   `CONTAINERS`
+-   `ALLOW_START` (containers/`id`/`start`)
+-   `ALLOW_STOP` (containers/`id`/`stop`)
+-   `ALLOW_RESTARTS` (containers/`id`/`stop`|`restart`|`kill`)
 -   `DISTRIBUTION`
 -   `EXEC`
 -   `GRPC`
diff --git a/haproxy.cfg b/haproxy.cfg
index 0fff4bb..bfa961f 100644
--- a/haproxy.cfg
+++ b/haproxy.cfg
@@ -47,6 +47,8 @@ frontend dockerfrontend
     bind :2375
     http-request deny unless METH_GET || { env(POST) -m bool }
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/((stop)|(restart)|(kill)) } { env(ALLOW_RESTARTS) -m bool }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/start } { env(ALLOW_START) -m bool }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/stop } { env(ALLOW_STOP) -m bool }
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/auth } { env(AUTH) -m bool }
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/build } { env(BUILD) -m bool }
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/commit } { env(COMMIT) -m bool }
-- 
GitLab