From 210c1f892bb67dcf76df56ced8ecf463a15b7c15 Mon Sep 17 00:00:00 2001 From: Abhik Biswas Date: Wed, 20 Aug 2025 21:09:48 +0530 Subject: [PATCH] Updated the underlying haproxy version from 2.2 to 3.2.4 Fixed CI Reverted conftests.py, Added root user before CMD in Dockerfile, to respect existing setups version pinned and comment removed from cfg Removed extra empty lines Addressed extra newline in haproxy.cfg --- Dockerfile | 4 +++- docker-entrypoint.sh | 2 +- haproxy.cfg | 2 ++ pyproject.toml | 3 ++- 4 files changed, 8 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6e8ec04..1ec174c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM haproxy:2.2-alpine +FROM haproxy:3.2.4-alpine EXPOSE 2375 ENV ALLOW_RESTARTS=0 \ @@ -33,3 +33,5 @@ ENV ALLOW_RESTARTS=0 \ VOLUMES=0 COPY docker-entrypoint.sh /usr/local/bin/ COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg.template +USER root +CMD ["haproxy", "-f", "/tmp/haproxy.cfg"] diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index c328d3a..8b88273 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -15,7 +15,7 @@ case "$DISABLE_IPV6_LOWER" in esac # Process the HAProxy configuration template using sed -sed "s/\${BIND_CONFIG}/$BIND_CONFIG/g" /usr/local/etc/haproxy/haproxy.cfg.template > /usr/local/etc/haproxy/haproxy.cfg +sed "s/\${BIND_CONFIG}/$BIND_CONFIG/g" /usr/local/etc/haproxy/haproxy.cfg.template > /tmp/haproxy.cfg # first arg is `-f` or `--some-option` if [ "${1#-}" != "$1" ]; then diff --git a/haproxy.cfg b/haproxy.cfg index 43e3526..9d0da3e 100644 --- a/haproxy.cfg +++ b/haproxy.cfg @@ -46,6 +46,8 @@ backend docker-events frontend dockerfrontend bind ${BIND_CONFIG} http-request deny unless METH_GET || { env(POST) -m bool } + + # Allowed endpoints http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/((stop)|(restart)|(kill)) } { env(ALLOW_RESTARTS) -m bool } http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/start } { env(ALLOW_START) -m bool } http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/stop } { env(ALLOW_STOP) -m bool } diff --git a/pyproject.toml b/pyproject.toml index d7d4ee7..e024696 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,8 +1,9 @@ [tool.poetry] name = "docker-socket-proxy" -version = "0.0.0" +version = "1.0.0" description = "" authors = ["Tecnativa"] +package-mode = false [tool.poetry.dependencies] python = "^3.8"