eightball/all-in-one
1
0
Fork 0
mirror of https://github.com/nextcloud/all-in-one.git synced 2025-12-19 22:16:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

restore lost changes

Browse source 
Signed-off-by: Simon L <szaimen@e.mail.de>
This commit is contained in:
Simon L 2023-08-30 14:59:08 +02:00
parent 5ad26a42fd
commit cac797114a
2 changed files with 23 additions and 104 deletions
Download patch file Download diff file Expand all files Collapse all files

43
Containers/docker-socket-proxy/Dockerfile
View file

@ -1,43 +1,10 @@
# Inspiration: https://github.com/Tecnativa/docker-socket-proxy/blob/master/Dockerfile
FROM haproxy:2.8.2-alpine3.18
USER root
RUN apk add --no-cache ca-certificates tzdata bind-tools
RUN set -ex; \
apk add --no-cache tzdata; \
chmod 777 -R /run/; \
chmod 777 -R /var/lib/haproxy
COPY --chmod=775 start.sh /start.sh
COPY --chmod=664 haproxy.cfg /conf/haproxy.cfg
EXPOSE 2375
ENV ALLOW_RESTARTS=1 \
AUTH=1 \
BUILD=0 \
COMMIT=0 \
CONFIGS=0 \
CONTAINERS=1 \
DISTRIBUTION=0 \
EVENTS=0 \
EXEC=0 \
GRPC=0 \
IMAGES=1 \
INFO=1 \
LOG_LEVEL=info \
NETWORKS=1 \
NODES=0 \
PING=1 \
PLUGINS=0 \
POST=1 \
SECRETS=0 \
SERVICES=0 \
SESSION=0 \
SOCKET_PATH=/var/run/docker.sock \
SWARM=0 \
SYSTEM=0 \
TASKS=0 \
VERSION=1 \
VOLUMES=1
COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
USER root
HEALTHCHECK CMD nc -z 127.0.0.1 2375 || exit 1
ENTRYPOINT ["/start.sh"]
HEALTHCHECK CMD [ "$(wget http://127.0.0.1:2375/v1.41/_ping -qO -)" = "OK" ] || exit 1

84
Containers/docker-socket-proxy/haproxy.cfg
View file

@ -1,72 +1,24 @@
# Inspiration: https://github.com/Tecnativa/docker-socket-proxy/blob/master/haproxy.cfg
global
log stdout format raw daemon "${LOG_LEVEL}"
pidfile /run/haproxy.pid
maxconn 4000
# Turn on stats unix socket
# server-state-file /var/lib/haproxy/server-state
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 10m
timeout server 10m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
timeout client 10s
timeout server 10s
# Allow seamless reloads
# load-server-state-from-file global
# Use provided example error pages
errorfile 400 /usr/local/etc/haproxy/errors/400.http
errorfile 403 /usr/local/etc/haproxy/errors/403.http
errorfile 408 /usr/local/etc/haproxy/errors/408.http
errorfile 500 /usr/local/etc/haproxy/errors/500.http
errorfile 502 /usr/local/etc/haproxy/errors/502.http
errorfile 503 /usr/local/etc/haproxy/errors/503.http
errorfile 504 /usr/local/etc/haproxy/errors/504.http
backend dockerbackend
server dockersocket $SOCKET_PATH
frontend dockerfrontend
frontend http
mode http
bind :2375
http-request deny unless METH_GET || { env(POST) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/((stop)|(restart)|(kill)) } { env(ALLOW_RESTARTS) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/auth } { env(AUTH) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/build } { env(BUILD) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/commit } { env(COMMIT) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/configs } { env(CONFIGS) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers } { env(CONTAINERS) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/distribution } { env(DISTRIBUTION) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/events } { env(EVENTS) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/exec } { env(EXEC) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/grpc } { env(GRPC) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/images } { env(IMAGES) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/info } { env(INFO) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/networks } { env(NETWORKS) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/nodes } { env(NODES) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/_ping } { env(PING) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/plugins } { env(PLUGINS) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/secrets } { env(SECRETS) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/services } { env(SERVICES) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/session } { env(SESSION) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/swarm } { env(SWARM) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/system } { env(SYSTEM) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/tasks } { env(TASKS) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/version } { env(VERSION) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/volumes } { env(VOLUMES) -m bool }
http-request deny unless { src 127.0.0.1 } || { src ::1 } || { src NC_IPV4_PLACEHOLDER } || { src NC_IPV6_PLACEHOLDER }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/((start)|(stop)|(restart)|(kill)) }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/auth }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/images }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/info }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/networks }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/_ping }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/volumes }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/version }
http-request deny
default_backend dockerbackend
backend dockerbackend
mode http
server dockersocket /var/run/docker.sock