LAB-linuxserver/docker-socket-proxy
1
0
Fork 0
mirror of https://github.com/linuxserver/docker-socket-proxy.git synced 2026-01-20 20:41:46 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #17 from linuxserver/3.21

Browse Source
This commit is contained in:
Adam 2024-12-07 17:30:50 +00:00 committed by GitHub
commit 7a60eef0ad
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
13 changed files with 134 additions and 120 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
.github/workflows/external_trigger.yml vendored
View File

@ -23,7 +23,7 @@ jobs:
echo "> [!NOTE]" >> $GITHUB_STEP_SUMMARY
echo "> External trigger running off of main branch. To disable this trigger, add \`socket-proxy_main\` into the Github organizational variable \`SKIP_EXTERNAL_TRIGGER\`." >> $GITHUB_STEP_SUMMARY
printf "\n## Retrieving external version\n\n" >> $GITHUB_STEP_SUMMARY
EXT_RELEASE=$(curl -sL "http://dl-cdn.alpinelinux.org/alpine/v3.20/main/x86_64/APKINDEX.tar.gz" | tar -xz -C /tmp \
EXT_RELEASE=$(curl -sL "http://dl-cdn.alpinelinux.org/alpine/v3.21/main/x86_64/APKINDEX.tar.gz" | tar -xz -C /tmp \
&& awk '/^P:'"nginx"'$/,/V:/' /tmp/APKINDEX | sed -n 2p | sed 's/^V://')
echo "Type is \`alpine_repo\`" >> $GITHUB_STEP_SUMMARY
if [ -z "${EXT_RELEASE}" ] || [ "${EXT_RELEASE}" == "null" ]; then
@ -44,16 +44,18 @@ jobs:
token=$(curl -sX GET \
"https://ghcr.io/token?scope=repository%3Alinuxserver%2Fsocket-proxy%3Apull" \
| jq -r '.token')
multidigest=$(curl -s \
--header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
--header "Authorization: Bearer ${token}" \
"https://ghcr.io/v2/${image}/manifests/${tag}" \
| jq -r 'first(.manifests[].digest)')
digest=$(curl -s \
--header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
--header "Authorization: Bearer ${token}" \
"https://ghcr.io/v2/${image}/manifests/${multidigest}" \
| jq -r '.config.digest')
multidigest=$(curl -s \
--header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
--header "Accept: application/vnd.oci.image.index.v1+json" \
--header "Authorization: Bearer ${token}" \
"https://ghcr.io/v2/${image}/manifests/${tag}")
multidigest=$(jq -r ".manifests[] | select(.platform.architecture == \"amd64\").digest?" <<< "${multidigest}")
digest=$(curl -s \
--header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
--header "Accept: application/vnd.oci.image.manifest.v1+json" \
--header "Authorization: Bearer ${token}" \
"https://ghcr.io/v2/${image}/manifests/${multidigest}" \
| jq -r '.config.digest')
image_info=$(curl -sL \
--header "Authorization: Bearer ${token}" \
"https://ghcr.io/v2/${image}/blobs/${digest}")
@ -77,7 +79,7 @@ jobs:
if [ "${EXT_RELEASE}" == "${IMAGE_VERSION}" ]; then
echo "Version \`${EXT_RELEASE}\` already pushed, exiting" >> $GITHUB_STEP_SUMMARY
exit 0
elif [[ $(curl -sL "http://dl-cdn.alpinelinux.org/alpine/v3.20/main/aarch64/APKINDEX.tar.gz" | tar -xz -C /tmp && awk '/^P:'"nginx"'$/,/V:/' /tmp/APKINDEX | sed -n 2p | sed 's/^V://') != "${EXT_RELEASE}" ]]; then
elif [[ $(curl -sL "http://dl-cdn.alpinelinux.org/alpine/v3.21/main/aarch64/APKINDEX.tar.gz" | tar -xz -C /tmp && awk '/^P:'"nginx"'$/,/V:/' /tmp/APKINDEX | sed -n 2p | sed 's/^V://') != "${EXT_RELEASE}" ]]; then
echo "New version \`${EXT_RELEASE}\` found; but not all arch repos updated yet; exiting" >> $GITHUB_STEP_SUMMARY
FAILURE_REASON="New version ${EXT_RELEASE} for socket-proxy tag latest is detected, however not all arch repos are updated yet. Will try again later."
curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903,

4
Dockerfile
View File

@ -1,6 +1,6 @@
# syntax=docker/dockerfile:1
FROM docker.io/alpine:3.20
FROM docker.io/alpine:3.21
# set version label
ARG BUILD_DATE
@ -18,7 +18,7 @@ RUN \
curl \
envsubst && \
if [ -z ${NGINX_VERSION+x} ]; then \
NGINX_VERSION=$(curl -sL "http://dl-cdn.alpinelinux.org/alpine/v3.20/main/x86_64/APKINDEX.tar.gz" | tar -xz -C /tmp \
NGINX_VERSION=$(curl -sL "http://dl-cdn.alpinelinux.org/alpine/v3.21/main/x86_64/APKINDEX.tar.gz" | tar -xz -C /tmp \
&& awk '/^P:nginx$/,/V:/' /tmp/APKINDEX | sed -n 2p | sed 's/^V://'); \
fi && \
apk add --no-cache \

4
Dockerfile.aarch64
View File

@ -1,6 +1,6 @@
# syntax=docker/dockerfile:1
FROM docker.io/alpine:3.20
FROM docker.io/alpine:3.21
# set version label
ARG BUILD_DATE
@ -18,7 +18,7 @@ RUN \
curl \
envsubst && \
if [ -z ${NGINX_VERSION+x} ]; then \
NGINX_VERSION=$(curl -sL "http://dl-cdn.alpinelinux.org/alpine/v3.20/main/x86_64/APKINDEX.tar.gz" | tar -xz -C /tmp \
NGINX_VERSION=$(curl -sL "http://dl-cdn.alpinelinux.org/alpine/v3.21/main/x86_64/APKINDEX.tar.gz" | tar -xz -C /tmp \
&& awk '/^P:nginx$/,/V:/' /tmp/APKINDEX | sed -n 2p | sed 's/^V://'); \
fi && \
apk add --no-cache \

9
Jenkinsfile vendored
View File

@ -27,8 +27,7 @@ pipeline {
DEV_DOCKERHUB_IMAGE = 'lsiodev/socket-proxy'
PR_DOCKERHUB_IMAGE = 'lspipepr/socket-proxy'
DIST_IMAGE = 'alpine'
DIST_TAG = '3.20'
DIST_REPO = 'http://dl-cdn.alpinelinux.org/alpine/v3.20/main/'
DIST_REPO = 'http://dl-cdn.alpinelinux.org/alpine/v3.21/main/'
DIST_REPO_PACKAGES = 'nginx'
MULTIARCH='true'
CI='true'
@ -516,7 +515,7 @@ pipeline {
--label \"org.opencontainers.image.title=Socket-proxy\" \
--label \"org.opencontainers.image.description=socket-proxy image by linuxserver.io\" \
--no-cache --pull -t ${IMAGE}:${META_TAG} --platform=linux/amd64 \
--provenance=false --sbom=false --builder=container --load \
--provenance=true --sbom=true --builder=container --load \
--build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
sh '''#! /bin/bash
set -e
@ -580,7 +579,7 @@ pipeline {
--label \"org.opencontainers.image.title=Socket-proxy\" \
--label \"org.opencontainers.image.description=socket-proxy image by linuxserver.io\" \
--no-cache --pull -t ${IMAGE}:amd64-${META_TAG} --platform=linux/amd64 \
--provenance=false --sbom=false --builder=container --load \
--provenance=true --sbom=true --builder=container --load \
--build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
sh '''#! /bin/bash
set -e
@ -637,7 +636,7 @@ pipeline {
--label \"org.opencontainers.image.title=Socket-proxy\" \
--label \"org.opencontainers.image.description=socket-proxy image by linuxserver.io\" \
--no-cache --pull -f Dockerfile.aarch64 -t ${IMAGE}:arm64v8-${META_TAG} --platform=linux/arm64 \
--provenance=false --sbom=false --builder=container --load \
--provenance=true --sbom=true --builder=container --load \
--build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
sh '''#! /bin/bash
set -e

93
README.md
View File

@ -69,6 +69,9 @@ This image can be run with a read-only container filesystem. For details please
To help you get started creating a container from this image you can either use docker compose or the docker cli.
>[!NOTE]
>Unless a parameter is flaged as 'optional', it is *mandatory* and a value must be provided.
### docker compose (recommended, [click here for more info](https://docs.linuxserver.io/general/docker-compose))
```yaml
@ -193,27 +196,27 @@ Containers are configured using parameters passed at runtime (such as those abov
* Shell access whilst the container is running:
```bash
docker exec -it socket-proxy /bin/sh
```
```bash
docker exec -it socket-proxy /bin/sh
```
* To monitor the logs of the container in realtime:
```bash
docker logs -f socket-proxy
```
```bash
docker logs -f socket-proxy
```
* Container version number:
```bash
docker inspect -f '{{ index .Config.Labels "build_version" }}' socket-proxy
```
```bash
docker inspect -f '{{ index .Config.Labels "build_version" }}' socket-proxy
```
* Image version number:
```bash
docker inspect -f '{{ index .Config.Labels "build_version" }}' lscr.io/linuxserver/socket-proxy:latest
```
```bash
docker inspect -f '{{ index .Config.Labels "build_version" }}' lscr.io/linuxserver/socket-proxy:latest
```
## Updating Info
@ -224,66 +227,67 @@ Below are the instructions for updating containers:
### Via Docker Compose
* Update images:
* All images:
* All images:
```bash
docker compose pull
```
```bash
docker compose pull
```
* Single image:
* Single image:
```bash
docker compose pull socket-proxy
```
```bash
docker compose pull socket-proxy
```
* Update containers:
* All containers:
* All containers:
```bash
docker compose up -d
```
```bash
docker compose up -d
```
* Single container:
* Single container:
```bash
docker compose up -d socket-proxy
```
```bash
docker compose up -d socket-proxy
```
* You can also remove the old dangling images:
```bash
docker image prune
```
```bash
docker image prune
```
### Via Docker Run
* Update the image:
```bash
docker pull lscr.io/linuxserver/socket-proxy:latest
```
```bash
docker pull lscr.io/linuxserver/socket-proxy:latest
```
* Stop the running container:
```bash
docker stop socket-proxy
```
```bash
docker stop socket-proxy
```
* Delete the container:
```bash
docker rm socket-proxy
```
```bash
docker rm socket-proxy
```
* You can also remove the old dangling images:
```bash
docker image prune
```
```bash
docker image prune
```
### Image Update Notifications - Diun (Docker Image Update Notifier)
**tip**: We recommend [Diun](https://crazymax.dev/diun/) for update notifications. Other tools that automatically update containers unattended are not recommended or supported.
>[!TIP]
>We recommend [Diun](https://crazymax.dev/diun/) for update notifications. Other tools that automatically update containers unattended are not recommended or supported.
## Building locally
@ -308,6 +312,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
## Versions
* **05.12.24:** - Rebase to Alpine 3.21.
* **26.08.24:** - Change `ALLOW_START`, `ALLOW_STOP`, and `ALLOW_RESTARTS` to work even with `POST=0`.
* **24.05.24:** - Rebase to Alpine 3.20.
* **15.04.24:** - Allow disabling IPv6 support for legacy devices.

5
jenkins-vars.yml
View File

@ -6,6 +6,8 @@ external_type: alpine_repo
release_type: stable
release_tag: latest
ls_branch: main
image_sbom: true
image_provenance: true
repo_vars:
- BUILD_VERSION_ARG = 'NGINX_VERSION'
- LS_USER = 'linuxserver'
@ -15,8 +17,7 @@ repo_vars:
- DEV_DOCKERHUB_IMAGE = 'lsiodev/socket-proxy'
- PR_DOCKERHUB_IMAGE = 'lspipepr/socket-proxy'
- DIST_IMAGE = 'alpine'
- DIST_TAG = '3.20'
- DIST_REPO = 'http://dl-cdn.alpinelinux.org/alpine/v3.20/main/'
- DIST_REPO = 'http://dl-cdn.alpinelinux.org/alpine/v3.21/main/'
- DIST_REPO_PACKAGES = 'nginx'
- MULTIARCH='true'
- CI='true'

93
readme-vars.yml
View File

@ -73,6 +73,9 @@ full_custom_readme: |
To help you get started creating a container from this image you can either use docker compose or the docker cli.
>[!NOTE]
>Unless a parameter is flaged as 'optional', it is *mandatory* and a value must be provided.
### docker compose (recommended, [click here for more info](https://docs.linuxserver.io/general/docker-compose))
```yaml
@ -197,27 +200,27 @@ full_custom_readme: |
* Shell access whilst the container is running:
```bash
docker exec -it socket-proxy /bin/sh
```
```bash
docker exec -it socket-proxy /bin/sh
```
* To monitor the logs of the container in realtime:
```bash
docker logs -f socket-proxy
```
```bash
docker logs -f socket-proxy
```
* Container version number:
```bash
docker inspect -f '{{ index .Config.Labels "build_version" }}' socket-proxy
```
```bash
docker inspect -f '{{ index .Config.Labels "build_version" }}' socket-proxy
```
* Image version number:
```bash
docker inspect -f '{{ index .Config.Labels "build_version" }}' lscr.io/linuxserver/socket-proxy:latest
```
```bash
docker inspect -f '{{ index .Config.Labels "build_version" }}' lscr.io/linuxserver/socket-proxy:latest
```
## Updating Info
@ -228,66 +231,67 @@ full_custom_readme: |
### Via Docker Compose
* Update images:
* All images:
* All images:
```bash
docker compose pull
```
```bash
docker compose pull
```
* Single image:
* Single image:
```bash
docker compose pull socket-proxy
```
```bash
docker compose pull socket-proxy
```
* Update containers:
* All containers:
* All containers:
```bash
docker compose up -d
```
```bash
docker compose up -d
```
* Single container:
* Single container:
```bash
docker compose up -d socket-proxy
```
```bash
docker compose up -d socket-proxy
```
* You can also remove the old dangling images:
```bash
docker image prune
```
```bash
docker image prune
```
### Via Docker Run
* Update the image:
```bash
docker pull lscr.io/linuxserver/socket-proxy:latest
```
```bash
docker pull lscr.io/linuxserver/socket-proxy:latest
```
* Stop the running container:
```bash
docker stop socket-proxy
```
```bash
docker stop socket-proxy
```
* Delete the container:
```bash
docker rm socket-proxy
```
```bash
docker rm socket-proxy
```
* You can also remove the old dangling images:
```bash
docker image prune
```
```bash
docker image prune
```
### Image Update Notifications - Diun (Docker Image Update Notifier)
**tip**: We recommend [Diun](https://crazymax.dev/diun/) for update notifications. Other tools that automatically update containers unattended are not recommended or supported.
>[!TIP]
>We recommend [Diun](https://crazymax.dev/diun/) for update notifications. Other tools that automatically update containers unattended are not recommended or supported.
## Building locally
@ -312,6 +316,7 @@ full_custom_readme: |
## Versions
* **05.12.24:** - Rebase to Alpine 3.21.
* **26.08.24:** - Change `ALLOW_START`, `ALLOW_STOP`, and `ALLOW_RESTARTS` to work even with `POST=0`.
* **24.05.24:** - Rebase to Alpine 3.20.
* **15.04.24:** - Allow disabling IPv6 support for legacy devices.

2
root/docker-entrypoint.sh
View File

@ -10,6 +10,8 @@ else
envsubst "$(printf '${%s} ' $(bash -c "compgen -A variable"))" < /templates/default_nopost.template > /run/default.conf
fi
mkdir /run/nginx-tmp
echo '
───────────────────────────────────────

10
root/etc/nginx/nginx.conf
View File

@ -36,11 +36,11 @@ http {
# error code 413. Set to 0 to disable. Default is '1m'.
client_max_body_size 0;
client_body_temp_path /run/nginx-tmp;
proxy_temp_path /run/nginx-tmp;
fastcgi_temp_path /run/nginx-tmp;
uwsgi_temp_path /run/nginx-tmp;
scgi_temp_path /run/nginx-tmp;
client_body_temp_path /run/nginx-tmp/nginx 1 2;
proxy_temp_path /run/nginx-tmp/nginx-proxy;
fastcgi_temp_path /run/nginx-tmp/nginx-fastcgi;
uwsgi_temp_path /run/nginx-tmp/nginx-uwsgi;
scgi_temp_path /run/nginx-tmp/nginx-scgi;
# Sendfile copies data between one FD and other from within the kernel,
# which is more efficient than read() + write(). Default is off.

2
root/templates/default_nopost.template
View File

@ -33,9 +33,9 @@ server {
include /etc/nginx/proxy.conf;
location ~* ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/((stop)|(restart)|(kill)) {if ($path_restarts = 0){return 403;}proxy_pass http://unix:$dockersocket;}
location ~* ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/start {if ($path_start = 0){return 403;}proxy_pass http://unix:$dockersocket;}
location ~* ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/stop {if ($path_stop = 0){return 403;}proxy_pass http://unix:$dockersocket;}
location ~* ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/(stop|restart|kill) {if ($path_restarts = 0){return 403;}proxy_pass http://unix:$dockersocket;}
location ~* ^(/v[\d\.]+)?/auth {limit_except GET HEAD {deny all;}if ($path_auth = 0){return 403;}proxy_pass http://unix:$dockersocket;}
location ~* ^(/v[\d\.]+)?/build {limit_except GET HEAD {deny all;}if ($path_build = 0){return 403;}proxy_pass http://unix:$dockersocket;}
location ~* ^(/v[\d\.]+)?/commit {limit_except GET HEAD {deny all;}if ($path_commit = 0){return 403;}proxy_pass http://unix:$dockersocket;}

2
root/templates/default_nopost_ipv4.template
View File

@ -32,9 +32,9 @@ server {
include /etc/nginx/proxy.conf;
location ~* ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/((stop)|(restart)|(kill)) {if ($path_restarts = 0){return 403;}proxy_pass http://unix:$dockersocket;}
location ~* ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/start {if ($path_start = 0){return 403;}proxy_pass http://unix:$dockersocket;}
location ~* ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/stop {if ($path_stop = 0){return 403;}proxy_pass http://unix:$dockersocket;}
location ~* ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/(stop|restart|kill) {if ($path_restarts = 0){return 403;}proxy_pass http://unix:$dockersocket;}
location ~* ^(/v[\d\.]+)?/auth {limit_except GET HEAD {deny all;}if ($path_auth = 0){return 403;}proxy_pass http://unix:$dockersocket;}
location ~* ^(/v[\d\.]+)?/build {limit_except GET HEAD {deny all;}if ($path_build = 0){return 403;}proxy_pass http://unix:$dockersocket;}
location ~* ^(/v[\d\.]+)?/commit {limit_except GET HEAD {deny all;}if ($path_commit = 0){return 403;}proxy_pass http://unix:$dockersocket;}

2
root/templates/default_post.template
View File

@ -33,9 +33,9 @@ server {
include /etc/nginx/proxy.conf;
location ~* ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/((stop)|(restart)|(kill)) {if ($path_restarts = 0){return 403;}proxy_pass http://unix:$dockersocket;}
location ~* ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/start {if ($path_start = 0){return 403;}proxy_pass http://unix:$dockersocket;}
location ~* ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/stop {if ($path_stop = 0){return 403;}proxy_pass http://unix:$dockersocket;}
location ~* ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/(stop|restart|kill) {if ($path_restarts = 0){return 403;}proxy_pass http://unix:$dockersocket;}
location ~* ^(/v[\d\.]+)?/auth {if ($path_auth = 0){return 403;}proxy_pass http://unix:$dockersocket;}
location ~* ^(/v[\d\.]+)?/build {if ($path_build = 0){return 403;}proxy_pass http://unix:$dockersocket;}
location ~* ^(/v[\d\.]+)?/commit {if ($path_commit = 0){return 403;}proxy_pass http://unix:$dockersocket;}

2
root/templates/default_post_ipv4.template
View File

@ -32,9 +32,9 @@ server {
include /etc/nginx/proxy.conf;
location ~* ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/((stop)|(restart)|(kill)) {if ($path_restarts = 0){return 403;}proxy_pass http://unix:$dockersocket;}
location ~* ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/start {if ($path_start = 0){return 403;}proxy_pass http://unix:$dockersocket;}
location ~* ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/stop {if ($path_stop = 0){return 403;}proxy_pass http://unix:$dockersocket;}
location ~* ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/(stop|restart|kill) {if ($path_restarts = 0){return 403;}proxy_pass http://unix:$dockersocket;}
location ~* ^(/v[\d\.]+)?/auth {if ($path_auth = 0){return 403;}proxy_pass http://unix:$dockersocket;}
location ~* ^(/v[\d\.]+)?/build {if ($path_build = 0){return 403;}proxy_pass http://unix:$dockersocket;}
location ~* ^(/v[\d\.]+)?/commit {if ($path_commit = 0){return 403;}proxy_pass http://unix:$dockersocket;}