docker-proxy is a transparent HTTP proxy that proxies requests to a Docker Remote API via a local UNIX socket. It also support filtering requests and responses to enforce policies
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
Mark Wylde a2e1e3f09a
Fix typo
12 months ago
auth Add integrated SSH server and Basic Auth 12 months ago
client Update proxy and client to API v1.41 12 months ago
cmd/docker-proxy Add integrated SSH server and Basic Auth 12 months ago
internal Add integrated SSH server and Basic Auth 12 months ago
proxy Add a read-only interceptor and interfaces as a basic working structure 12 months ago
.dockerignore Initial Commit 12 months ago
.drone.yml Fix .gitignore 12 months ago
.gitignore Fix .gitignore 12 months ago
Dockerfile Add integrated SSH server and Basic Auth 12 months ago
LICENSE Initial Commit 12 months ago
Makefile Initial Commit 12 months ago
README.md Fix typo 12 months ago
docker-compose.yml Initial Commit 12 months ago
go.mod Add integrated SSH server and Basic Auth 12 months ago
go.sum Add integrated SSH server and Basic Auth 12 months ago
version.go Initial Commit 12 months ago
version_test.go Fix tests 12 months ago

README.md

docker-proxy - a Docker Remote API proxy

Build Status Go Report Card Go Reference

docker-proxy is a transparent HTTP proxy that proxies requests to a Docker Remote API via a local UNIX socket. It also support filtering requests and responses to enforce policies.

Current Features:

  • Listens on HTTP/HTTPS
  • Proxies requests to Docker Remote API UNIX Socket (/var/run/docker.sock)
  • Can filter requests and modify the request
  • Can filter responses and modify the response

Screenshot

Table of Contents

Created by gh-md-toc

Why?

docker-proxy was written as a way to expose a Docker Remote API's UNIX Socket (/var/run/docker.sock) over HTTP and provide secure access to a Docker Daemon and allowing requests and responses to be filtered and intercepted. The use-cases for such a proxy are many, but the primary use case is to provide access to the Docker Daemon whilst restricting access to certain endpoints, or disallowing certain operations.

docker-proxy is effectively an ACL and RBAC for the Docker Daemon Remote API.

Getting Started

Install from Source

To install docker-proxy from source you can run go get directly if you have a Go environment setup:

go get git.mills.io/prologic/docker-proxy/cmd/docker-proxy/...

NOTE: Be sure to have $GOBIN (if not empty) or your $GOPATH/bin in your $PATH. See Compile and install packages and dependencies

Or grab the source code and build:

git clone https://git.mills.io/prologic/docker-proxy.git
cd docker-proxy
make build

And optionally run make install to place the binary docker-proxy in your $GOBIN or $GOPATH/bin (again see note above).

Usage

docker-proxy

And connect a Docker client:

$ DOCKER_HOST=ssh://prologic@localhost:2222 docker version
Client:
 Cloud integration: 1.0.17
 Version:           20.10.7
 API version:       1.41
 Go version:        go1.16.4
 Git commit:        f0df350
 Built:             Wed Jun  2 11:56:22 2021
 OS/Arch:           darwin/amd64
 Context:           default
 Experimental:      true

Server: Docker Engine - Community
 Engine:
  Version:          20.10.7
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.13.15
  Git commit:       b0f5bc3
  Built:            Wed Jun  2 11:54:58 2021
  OS/Arch:          linux/amd64
  Experimental:     true
 containerd:
  Version:          1.4.6
  GitCommit:        d71fcd7d8303cbf684402823e425e9dd2e99285d
 runc:
  Version:          1.0.0-rc95
  GitCommit:        b9ee9c6314599f1b4a7f497e1f1f856fe433d3b7
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

You can also connect to the Docker API with HTTP:

$ curl -v -o - -u foo:bar http://localhost:8000/proxy/_ping
*   Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 8000 (#0)
* Server auth using Basic with user 'foo'
> GET /proxy/_ping HTTP/1.1
> Host: localhost:8000
> Authorization: Basic Zm9vOmJhcg==
> User-Agent: curl/7.64.1
> Accept: */*
>
< HTTP/1.1 200 OK
< Api-Version: 1.41
< Builder-Version: 2
< Cache-Control: no-cache, no-store, must-revalidate
< Content-Type: text/plain; charset=utf-8
< Date: Sun, 29 Aug 2021 01:55:27 GMT
< Docker-Experimental: true
< Ostype: linux
< Pragma: no-cache
< Server: Docker/20.10.7 (linux)
< Transfer-Encoding: chunked
<
* Connection #0 to host localhost left intact
OK* Closing connection 0

For full usage see:

docker-proxy --help

Production Deployments

Docker Swarm

You can deploy docker-proxy to a Docker Swarm cluster by utilising the provided docker-proxy.yml Docker Stack.

docker stack deploy -c docker-compose.yml docker-proxy

License

docker-proxy is licensed under the terms of the MIT License