awesome-repositories.com
Blog
awesome-repositories.com

Entdecke die besten Open-Source-Repositories mit KI-gestützter Suche.

EntdeckenKuratierte SuchenOpen-Source-AlternativenSelf-hosted SoftwareBlogSitemap
ProjektÜber unsRanking-MethodikPresseMCP-Server
RechtlichesDatenschutzAGB
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·
Tecnativa avatar

Tecnativa/docker-socket-proxy

0
View on GitHub↗
2,572 Stars·201 Forks·Python·Apache-2.0·1 Aufruf

Docker Socket Proxy

docker-socket-proxy is an HAProxy-based security proxy that filters and controls access to the Docker API. It acts as a security layer between containers and the Docker socket to restrict API operations based on specific paths and methods.

The proxy uses environment variables to enable or disable specific API endpoints and to grant or revoke permissions for various API sections. It can enforce read-only access by restricting the API to only allow GET and HEAD requests, returning a forbidden status for unauthorized actions.

The project provides capabilities for path-based request filtering, custom socket path configuration, and adjustable logging verbosity to control the amount of diagnostic information captured in logs.

Features

  • API Proxies - Acts as an HAProxy-based API proxy that filters and routes requests to the Docker socket.
  • Socket Security Layers - Adds a security layer between containers and the Docker socket to prevent container escape and host compromise.
  • API Read-Only Modes - Enforces a read-only state for the API proxy to prevent destructive changes to the Docker daemon.
  • API Request Filters - Filters and controls access to the Docker API by matching incoming request URIs.
  • Path-Based Filters - Inspects the URI of incoming requests to match them against a list of permitted or forbidden API endpoints.
  • Socket Access Controllers - Restricts Docker API operations to read-only or specific permitted paths using environment variables.
  • Docker API Proxies - Acts as an HAProxy-based proxy that filters and controls traffic directed to the Docker API.
  • API Access Scopes - Grants or revokes granular permissions for specific Docker API sections and methods.
  • Access Control Lists - Implements access control lists to permit or deny specific Docker API paths based on configurable patterns.
  • API Access Control - Blocks or permits specific Docker API sections and returns a forbidden status for restricted requests.
  • Endpoint Controls - Enables or disables specific API endpoints to reduce the available attack surface.
  • Request Access Restrictions - Restrict which API endpoints a container can access by proxying requests through configurable rules.
  • HTTP Method Filtering - Enforces read-only access by blocking any request that does not use the GET or HEAD methods.
  • Action-Based Access Restrictions - Filters requests to the socket based on defined action permissions to prevent unauthorized operations.
  • Method-Based Filterings - Filters incoming requests by HTTP method to restrict API operations to read-only verbs.
  • Secure API Proxies - Provides a secure proxy for the Docker API with granular access control.
  • API Endpoint Toggles - Allows enabling or disabling specific Docker API endpoints using boolean environment variables.
  • Socket Access Controls - Grants or denies access to specific Docker API sections using environment variables and HTTP status codes.
  • Daemon Unix Socket Communication - Forwards validated HTTP traffic to the Unix domain socket where the Docker daemon listens.
  • Socket Path Configurations - Connect to a socket at a non-default filesystem path by reading a specific environment variable.
  • Containerized Environment Monitors - Provides a secure way for monitoring tools to access Docker system data by filtering API requests.
  • Socket Path Configurations - Allows overriding the default Docker socket path via the SOCKET_PATH environment variable.
  • API Gateway - Uses HAProxy as a gateway to inspect HTTP methods and paths for backend socket access control.
  • Environment Variable-Based Configuration - Configures proxy behavior and access rules at startup using environment variables.
  • Path-Based Routers - Routes incoming HTTP requests to the Docker socket backend based on URL path prefixes.
  • Sicherheit und Härtung - Fine-grained filtering for the Docker API socket.

Star-Verlauf

Star-Verlauf für tecnativa/docker-socket-proxyStar-Verlauf für tecnativa/docker-socket-proxy

KI-Suche

Entdecke weitere awesome Repositories

Beschreibe in einfachen Worten, was du brauchst — die KI bewertet tausende kuratierte Open-Source-Projekte nach Relevanz.

Start searching with AI

Häufig gestellte Fragen

Was macht tecnativa/docker-socket-proxy?

docker-socket-proxy is an HAProxy-based security proxy that filters and controls access to the Docker API. It acts as a security layer between containers and the Docker socket to restrict API operations based on specific paths and methods.

Was sind die Hauptfunktionen von tecnativa/docker-socket-proxy?

Die Hauptfunktionen von tecnativa/docker-socket-proxy sind: API Proxies, Socket Security Layers, API Read-Only Modes, API Request Filters, Path-Based Filters, Socket Access Controllers, Docker API Proxies, API Access Scopes.

Welche Open-Source-Alternativen gibt es zu tecnativa/docker-socket-proxy?

Open-Source-Alternativen zu tecnativa/docker-socket-proxy sind unter anderem: tdlib/td — This project is a cross-platform messaging SDK and client development library used to build custom Telegram… doorkeeper-gem/doorkeeper — Doorkeeper is an OAuth 2 authorization server and provider for Ruby on Rails and Grape applications. It provides the… oauthjs/node-oauth2-server — node-oauth2-server is an OAuth2 server implementation for Node.js that functions as an authorization provider. It… aws/chalice — Chalice is a framework for building and deploying serverless applications and REST APIs on AWS Lambda using Python. It… r-spacex/spacex-api — This project provides a standardized RESTful API for accessing comprehensive aerospace mission records and space… alibaba/higress — Higress is an AI API gateway and cloud-native traffic manager that functions as a Kubernetes ingress controller. It…

Open-Source-Alternativen zu Docker Socket Proxy

Ähnliche Open-Source-Projekte, sortiert nach der Anzahl der gemeinsamen Funktionen mit Docker Socket Proxy.
  • tdlib/tdAvatar von tdlib

    tdlib/td

    8,506Auf GitHub ansehen↗

    This project is a cross-platform messaging SDK and client development library used to build custom Telegram applications. It functions as a comprehensive framework that manages network encryption, local data storage, and API communication, providing a C-compatible JSON interface that allows integration with any programming language. The library distinguishes itself by providing a full database manager for encrypted local caching and synchronized state, alongside a dedicated bot framework for creating interactive bots with business account integration. It enables the implementation of speciali

    C++cross-platformlibrarytelegram
    Auf GitHub ansehen↗8,506
  • oauthjs/node-oauth2-serverAvatar von oauthjs

    oauthjs/node-oauth2-server

    4,067Auf GitHub ansehen↗

    node-oauth2-server is an OAuth2 server implementation for Node.js that functions as an authorization provider. It enables the creation of a centralized server to manage client registration and issue access tokens for third-party applications using the OAuth2 protocol. The project operates as Node.js middleware, integrating authorization logic directly into web application request pipelines. It provides a bearer token validator to verify identity and permissions by checking security tokens within incoming HTTP request headers. The system covers API access control, token management, and user a

    JavaScriptoauth2-server
    Auf GitHub ansehen↗4,067
  • doorkeeper-gem/doorkeeperAvatar von doorkeeper-gem

    doorkeeper-gem/doorkeeper

    5,501Auf GitHub ansehen↗

    Doorkeeper is an OAuth 2 authorization server and provider for Ruby on Rails and Grape applications. It provides the necessary framework to build an authorization server that issues and validates security tokens for third-party applications, effectively acting as a security middleware to protect API endpoints. The project integrates an identity layer via OpenID Connect to verify user identities and retrieve profile information. It supports a variety of security patterns, including the implementation of the PKCE flow for public clients and the issuance of stateless JSON Web Tokens. Its broade

    Ruby
    Auf GitHub ansehen↗5,501
  • aws/chaliceAvatar von aws

    aws/chalice

    11,062Auf GitHub ansehen↗

    Chalice is a framework for building and deploying serverless applications and REST APIs on AWS Lambda using Python. It functions as an infrastructure-as-code generator, mapping application logic and routing definitions directly to cloud compute resources while automating the provisioning and management of the underlying environment. The framework distinguishes itself by analyzing source code to automatically construct the minimum necessary security permissions, ensuring least-privilege access for all deployed functions. It supports modular development through blueprint-based organization and

    Pythonawsaws-apigatewayaws-lambda
    Auf GitHub ansehen↗11,062
Alle 30 Alternativen zu Docker Socket Proxy anzeigen→