docker-proxy is a transparent HTTP proxy that proxies requests to a Docker Remote API via a local UNIX socket. It also support filtering requests and responses to enforce policies
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
Mark Wylde a2e1e3f09a
Fix typo
1 month ago
auth Add integrated SSH server and Basic Auth 1 month ago
client Update proxy and client to API v1.41 1 month ago
cmd/docker-proxy Add integrated SSH server and Basic Auth 1 month ago
internal Add integrated SSH server and Basic Auth 1 month ago
proxy Add a read-only interceptor and interfaces as a basic working structure 1 month ago
.dockerignore Initial Commit 1 month ago
.drone.yml Fix .gitignore 1 month ago
.gitignore Fix .gitignore 1 month ago
Dockerfile Add integrated SSH server and Basic Auth 1 month ago
LICENSE Initial Commit 1 month ago
Makefile Initial Commit 1 month ago
README.md Fix typo 1 month ago
docker-compose.yml Initial Commit 1 month ago
go.mod Add integrated SSH server and Basic Auth 1 month ago
go.sum Add integrated SSH server and Basic Auth 1 month ago
version.go Initial Commit 1 month ago
version_test.go Fix tests 1 month ago

README.md

docker-proxy - a Docker Remote API proxy

Build Status Go Report Card Go Reference

docker-proxy is a transparent HTTP proxy that proxies requests to a Docker Remote API via a local UNIX socket. It also support filtering requests and responses to enforce policies.

Current Features:

  • Listens on HTTP/HTTPS
  • Proxies requests to Docker Remote API UNIX Socket (/var/run/docker.sock)
  • Can filter requests and modify the request
  • Can filter responses and modify the response

Screenshot

Table of Contents

Created by gh-md-toc

Why?

docker-proxy was written as a way to expose a Docker Remote API's UNIX Socket (/var/run/docker.sock) over HTTP and provide secure access to a Docker Daemon and allowing requests and responses to be filtered and intercepted. The use-cases for such a proxy are many, but the primary use case is to provide access to the Docker Daemon whilst restricting access to certain endpoints, or disallowing certain operations.

docker-proxy is effectively an ACL and RBAC for the Docker Daemon Remote API.

Getting Started

Install from Source

To install docker-proxy from source you can run go get directly if you have a Go environment setup:

go get git.mills.io/prologic/docker-proxy/cmd/docker-proxy/...

NOTE: Be sure to have $GOBIN (if not empty) or your $GOPATH/bin in your $PATH. See Compile and install packages and dependencies

Or grab the source code and build:

git clone https://git.mills.io/prologic/docker-proxy.git
cd docker-proxy
make build

And optionally run make install to place the binary docker-proxy in your $GOBIN or $GOPATH/bin (again see note above).

Usage

docker-proxy

And connect a Docker client:

$ DOCKER_HOST=ssh://prologic@localhost:2222 docker version
Client:
 Cloud integration: 1.0.17
 Version:           20.10.7
 API version:       1.41
 Go version:        go1.16.4
 Git commit:        f0df350
 Built:             Wed Jun  2 11:56:22 2021
 OS/Arch:           darwin/amd64
 Context:           default
 Experimental:      true

Server: Docker Engine - Community
 Engine:
  Version:          20.10.7
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.13.15
  Git commit:       b0f5bc3
  Built:            Wed Jun  2 11:54:58 2021
  OS/Arch:          linux/amd64
  Experimental:     true
 containerd:
  Version:          1.4.6
  GitCommit:        d71fcd7d8303cbf684402823e425e9dd2e99285d
 runc:
  Version:          1.0.0-rc95
  GitCommit:        b9ee9c6314599f1b4a7f497e1f1f856fe433d3b7
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

You can also connect to the Docker API with HTTP:

$ curl -v -o - -u foo:bar http://localhost:8000/proxy/_ping
*   Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 8000 (#0)
* Server auth using Basic with user 'foo'
> GET /proxy/_ping HTTP/1.1
> Host: localhost:8000
> Authorization: Basic Zm9vOmJhcg==
> User-Agent: curl/7.64.1
> Accept: */*
>
< HTTP/1.1 200 OK
< Api-Version: 1.41
< Builder-Version: 2
< Cache-Control: no-cache, no-store, must-revalidate
< Content-Type: text/plain; charset=utf-8
< Date: Sun, 29 Aug 2021 01:55:27 GMT
< Docker-Experimental: true
< Ostype: linux
< Pragma: no-cache
< Server: Docker/20.10.7 (linux)
< Transfer-Encoding: chunked
<
* Connection #0 to host localhost left intact
OK* Closing connection 0

For full usage see:

docker-proxy --help

Production Deployments

Docker Swarm

You can deploy docker-proxy to a Docker Swarm cluster by utilising the provided docker-proxy.yml Docker Stack.

docker stack deploy -c docker-compose.yml docker-proxy

License

docker-proxy is licensed under the terms of the MIT License