docker-proxy - a Docker Remote API proxy
docker-proxy
is a transparent HTTP proxy that proxies requests to a Docker
Remote API via a local UNIX socket. It also support filtering requests and
responses to enforce policies.
Current Features:
- Proxy listens on TLS
- Auto-generate CA and Server certs
- Proxies requests to Docker Remote API UNIX Socket (
/var/run/docker.sock
)
- Manages client certificate and setup
- Filter and modify requests
- Filter and modify responses
Why?
docker-proxy
was written as a way to expose a Docker Remote API's UNIX Socket
(/var/run/docker.sock
) over HTTP and provide secure access to a Docker Daemon
whilst allowing requests and responses to be filtered and intercepted.
The use-cases for such a proxy are many, but the primary use case is to provide
access to the Docker Daemon whilst restricting access to certain endpoints, or
disallowing certain operations.
docker-proxy
is effectively an ACL and RBAC for the Docker Daemon Remote API.
Use Case
docker-proxy
's primary use-case is the core component in a "Container as a Service" (CaaS) offering where users of the service are able to purchase slices of resources at mere factions compared with traditional cloud or virtual machine hosting. When running containers through such a service, you are only charged for the fractions of CPU and Memory your container(s) use instead of being charged for resources you don't use.
Getting Started
Install from Source
To install docker-proxy
from source you can run go install
directly
if you have a Go environment setup:
go install git.mills.io/prologic/docker-proxy/cmd/docker-proxy@latest
✋ Be sure to have $GOBIN
(if not empty) or your $GOPATH/bin
in your $PATH
. See Compile and install packages and dependencies Or grab the source code and build:
Alternatively use git
to clone and build from source:
git clone https://git.mills.io/prologic/docker-proxy.git
cd docker-proxy
make build
And optionally run make install
to place the binary docker-proxy
in your $GOBIN
or $GOPATH/bin
(again see note above).
Usage
docker-proxy
Create a new local client:
docker-proxy add $USER > setup-docker.sh
sh setup-docker.sh
License
docker-proxy
is licensed under the terms of the MIT License