README
¶
docker-proxy - a Docker Remote API proxy
docker-proxy is a transparent HTTP proxy that proxies requests to a Docker
Remote API via a local UNIX socket. It also support filtering requests and
responses to enforce policies.
Current Features:
- Listens on HTTP/HTTPS
- Proxies requests to Docker Remote API UNIX Socket (
/var/run/docker.sock) - Can filter requests and modify the request
- Can filter responses and modify the response
Table of Contents
Created by gh-md-toc
Why?
docker-proxy was written as a way to expose a Docker Remote API's UNIX Socket
(/var/run/docker.sock) over HTTP and provide secure access to a Docker Daemon
and allowing requests and responses to be filtered and intercepted.
The use-cases for such a proxy are many, but the primary use case is to provide
access to the Docker Daemon whilst restricting access to certain endpoints, or
disallowing certain operations.
docker-proxy is effectively an ACL and RBAC for the Docker Daemon Remote API.
Getting Started
Install from Source
To install docker-proxy from source you can run go get directly
if you have a Go environment setup:
go get git.mills.io/prologic/docker-proxy/cmd/docker-proxy/...
NOTE: Be sure to have
$GOBIN(if not empty) or your$GOPATH/binin your$PATH. See Compile and install packages and dependencies
Or grab the source code and build:
git clone https://git.mills.io/prologic/docker-proxy.git
cd docker-proxy
make build
And optionally run make install to place the binary docker-proxy in your $GOBIN
or $GOPATH/bin (again see note above).
Usage
docker-proxy
And connect a Docker client:
$ DOCKER_HOST=ssh://prologic@localhost:2222 docker version
Client:
Cloud integration: 1.0.17
Version: 20.10.7
API version: 1.41
Go version: go1.16.4
Git commit: f0df350
Built: Wed Jun 2 11:56:22 2021
OS/Arch: darwin/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.7
API version: 1.41 (minimum version 1.12)
Go version: go1.13.15
Git commit: b0f5bc3
Built: Wed Jun 2 11:54:58 2021
OS/Arch: linux/amd64
Experimental: true
containerd:
Version: 1.4.6
GitCommit: d71fcd7d8303cbf684402823e425e9dd2e99285d
runc:
Version: 1.0.0-rc95
GitCommit: b9ee9c6314599f1b4a7f497e1f1f856fe433d3b7
docker-init:
Version: 0.19.0
GitCommit: de40ad0
You can also connect to the Docker API with HTTP:
$ curl -v -o - -u foo:bar http://localhost:8000/proxy/_ping
* Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 8000 (#0)
* Server auth using Basic with user 'foo'
> GET /proxy/_ping HTTP/1.1
> Host: localhost:8000
> Authorization: Basic Zm9vOmJhcg==
> User-Agent: curl/7.64.1
> Accept: */*
>
< HTTP/1.1 200 OK
< Api-Version: 1.41
< Builder-Version: 2
< Cache-Control: no-cache, no-store, must-revalidate
< Content-Type: text/plain; charset=utf-8
< Date: Sun, 29 Aug 2021 01:55:27 GMT
< Docker-Experimental: true
< Ostype: linux
< Pragma: no-cache
< Server: Docker/20.10.7 (linux)
< Transfer-Encoding: chunked
<
* Connection #0 to host localhost left intact
OK* Closing connection 0
For full usage see:
docker-proxy --help
Production Deployments
Docker Swarm
You can deploy docker-proxy to a Docker Swarm
cluster by utilising the provided docker-proxy.yml Docker Stack.
docker stack deploy -c docker-compose.yml docker-proxy
License
docker-proxy is licensed under the terms of the MIT License
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( Version = "0.1.0" Commit = "HEAD" )
Functions ¶
func FullVersion ¶
func FullVersion() string
Types ¶
This section is empty.
Source Files
Directories