From 594fd20704f495d168ccb570f18377dea75f23db Mon Sep 17 00:00:00 2001 From: arch3rPro Date: Tue, 16 Dec 2025 02:24:53 +0800 Subject: [PATCH] =?UTF-8?q?feat(docker-socket-proxy):=20=E6=B7=BB=E5=8A=A0?= =?UTF-8?q?=20docker-socket-proxy=20=E5=BA=94=E7=94=A8=E6=94=AF=E6=8C=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 9 + apps/docker-socket-proxy/3.2.9/data.yml | 330 ++++++++++++++++++ .../3.2.9/docker-compose.yml | 49 +++ apps/docker-socket-proxy/README.md | 71 ++++ apps/docker-socket-proxy/README_en.md | 71 ++++ apps/docker-socket-proxy/data.yml | 25 ++ apps/docker-socket-proxy/latest/data.yml | 330 ++++++++++++++++++ .../latest/docker-compose.yml | 49 +++ apps/docker-socket-proxy/logo.png | Bin 0 -> 5779 bytes 9 files changed, 934 insertions(+) create mode 100644 apps/docker-socket-proxy/3.2.9/data.yml create mode 100644 apps/docker-socket-proxy/3.2.9/docker-compose.yml create mode 100644 apps/docker-socket-proxy/README.md create mode 100644 apps/docker-socket-proxy/README_en.md create mode 100644 apps/docker-socket-proxy/data.yml create mode 100644 apps/docker-socket-proxy/latest/data.yml create mode 100644 apps/docker-socket-proxy/latest/docker-compose.yml create mode 100644 apps/docker-socket-proxy/logo.png diff --git a/README.md b/README.md index 9c7c329..33e216b 100644 --- a/README.md +++ b/README.md @@ -881,6 +881,15 @@ AI驱动的开源代码知识库与文档协作平台,支持多模型、多数 + +Docker-Socket-Proxy +
Docker-Socket-Proxy + + +🔒 Docker socket代理,支持访问规则限制和权限控制 + +3.2.9 • [官网链接](https://github.com/Tecnativa/docker-socket-proxy) + diff --git a/apps/docker-socket-proxy/3.2.9/data.yml b/apps/docker-socket-proxy/3.2.9/data.yml new file mode 100644 index 0000000..97c2a72 --- /dev/null +++ b/apps/docker-socket-proxy/3.2.9/data.yml @@ -0,0 +1,330 @@ +additionalProperties: + formFields: + - default: "2375" + envKey: PANEL_APP_PORT_HTTP + required: true + type: number + labelEn: Port + labelZh: 端口 + edit: true + rule: paramPort + - default: "0" + envKey: ALLOW_START + required: false + type: select + labelEn: ALLOW_START + labelZh: ALLOW_START(允许启动) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" + - default: "0" + envKey: ALLOW_STOP + required: false + type: select + labelEn: ALLOW_STOP + labelZh: ALLOW_STOP(允许停止) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" + - default: "0" + envKey: ALLOW_RESTARTS + required: false + type: select + labelEn: ALLOW_RESTARTS + labelZh: ALLOW_RESTARTS(允许重启) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" + - default: "0" + envKey: AUTH + required: false + type: select + labelEn: AUTH + labelZh: AUTH(认证) + values: + - label: 0-关闭 + value: "0" + - label: 1-开启 + value: "1" + - default: "0" + envKey: BUILD + required: false + type: select + labelEn: BUILD + labelZh: BUILD(构建) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" + - default: "0" + envKey: COMMIT + required: false + type: select + labelEn: COMMIT + labelZh: COMMIT(提交) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" + - default: "0" + envKey: CONFIGS + required: false + type: select + labelEn: CONFIGS + labelZh: CONFIGS(配置) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" + - default: "0" + envKey: CONTAINERS + required: false + type: select + labelEn: CONTAINERS + labelZh: CONTAINERS(容器) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" + - default: "0" + envKey: DISABLE_IPV6 + required: false + type: select + labelEn: DISABLE_IPV6 + labelZh: DISABLE_IPV6(禁用IPv6) + values: + - label: 0-关闭 + value: "0" + - label: 1-开启 + value: "1" + - default: "0" + envKey: DISTRIBUTION + required: false + type: select + labelEn: DISTRIBUTION + labelZh: DISTRIBUTION(镜像分发) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" + - default: "1" + envKey: EVENTS + required: false + type: select + labelEn: EVENTS + labelZh: EVENTS(事件) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" + - default: "0" + envKey: EXEC + required: false + type: select + labelEn: EXEC + labelZh: EXEC(执行) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" + - default: "0" + envKey: IMAGES + required: false + type: select + labelEn: IMAGES + labelZh: IMAGES(镜像) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" + - default: "0" + envKey: INFO + required: false + type: select + labelEn: INFO + labelZh: INFO(信息) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" + - default: "info" + envKey: LOG_LEVEL + required: false + type: select + labelEn: LOG_LEVEL + labelZh: LOG_LEVEL(日志级别) + values: + - label: debug-调试 + value: "debug" + - label: info-信息 + value: "info" + - label: notice-通知 + value: "notice" + - label: warning-警告 + value: "warning" + - label: err-错误 + value: "err" + - label: crit-严重 + value: "crit" + - label: alert-警报 + value: "alert" + - label: emerg-紧急 + value: "emerg" + - default: "0" + envKey: NETWORKS + required: false + type: select + labelEn: NETWORKS + labelZh: NETWORKS(网络) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" + - default: "0" + envKey: NODES + required: false + type: select + labelEn: NODES + labelZh: NODES(节点) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" + - default: "1" + envKey: PING + required: false + type: select + labelEn: PING + labelZh: PING(探针/PING) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" + - default: "0" + envKey: PLUGINS + required: false + type: select + labelEn: PLUGINS + labelZh: PLUGINS(插件) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" + - default: "0" + envKey: POST + required: false + type: select + labelEn: POST + labelZh: POST(POST请求) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" + - default: "0" + envKey: SECRETS + required: false + type: select + labelEn: SECRETS + labelZh: SECRETS(机密/Secrets) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" + - default: "0" + envKey: SERVICES + required: false + type: select + labelEn: SERVICES + labelZh: SERVICES(服务) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" + - default: "0" + envKey: SESSION + required: false + type: select + labelEn: SESSION + labelZh: SESSION(会话) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" + - default: "0" + envKey: SWARM + required: false + type: select + labelEn: SWARM + labelZh: SWARM(Swarm集群) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" + - default: "0" + envKey: SYSTEM + required: false + type: select + labelEn: SYSTEM + labelZh: SYSTEM(系统) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" + - default: "0" + envKey: TASKS + required: false + type: select + labelEn: TASKS + labelZh: TASKS(任务) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" + - default: "1" + envKey: VERSION + required: false + type: select + labelEn: VERSION + labelZh: VERSION(版本) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" + - default: "0" + envKey: VOLUMES + required: false + type: select + labelEn: VOLUMES + labelZh: VOLUMES(卷) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" \ No newline at end of file diff --git a/apps/docker-socket-proxy/3.2.9/docker-compose.yml b/apps/docker-socket-proxy/3.2.9/docker-compose.yml new file mode 100644 index 0000000..857474f --- /dev/null +++ b/apps/docker-socket-proxy/3.2.9/docker-compose.yml @@ -0,0 +1,49 @@ +services: + socket-proxy: + image: ghcr.io/linuxserver/socket-proxy:3.2.9 + container_name: ${CONTAINER_NAME} + environment: + - ALLOW_START=${ALLOW_START} + - ALLOW_STOP=${ALLOW_STOP} + - ALLOW_RESTARTS=${ALLOW_RESTARTS} + - AUTH=${AUTH} + - BUILD=${BUILD} + - COMMIT=${COMMIT} + - CONFIGS=${CONFIGS} + - CONTAINERS=${CONTAINERS} + - DISABLE_IPV6=${DISABLE_IPV6} + - DISTRIBUTION=${DISTRIBUTION} + - EVENTS=${EVENTS} + - EXEC=${EXEC} + - IMAGES=${IMAGES} + - INFO=${INFO} + - LOG_LEVEL=${LOG_LEVEL} + - NETWORKS=${NETWORKS} + - NODES=${NODES} + - PING=${PING} + - PLUGINS=${PLUGINS} + - POST=${POST} + - SECRETS=${SECRETS} + - SERVICES=${SERVICES} + - SESSION=${SESSION} + - SWARM=${SWARM} + - SYSTEM=${SYSTEM} + - TASKS=${TASKS} + - TZ=Etc/UTC + - VERSION=${VERSION} + - VOLUMES=${VOLUMES} + ports: + - ${PANEL_APP_PORT_HTTP}:2375 + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + restart: always + read_only: true + tmpfs: + - /run + networks: + - 1panel-network + labels: + createdBy: Apps +networks: + 1panel-network: + external: true diff --git a/apps/docker-socket-proxy/README.md b/apps/docker-socket-proxy/README.md new file mode 100644 index 0000000..0d6b9c7 --- /dev/null +++ b/apps/docker-socket-proxy/README.md @@ -0,0 +1,71 @@ +# Docker-Socket-Proxy + +Socket Proxy是一个安全增强型代理,允许您对Docker socket应用访问规则,从而限制需要使用它的容器的攻击面,如watchtower或Traefik等容器。 + +![](https://img.shields.io/badge/Copyright-arch3rPro-ff9800?style=flat&logo=github&logoColor=white) + +## 应用设置 + +此容器在概念上基于[https://github.com/Tecnativa/docker-socket-proxy](https://github.com/Tecnativa/docker-socket-proxy),因此不遵循我们通常的容器约定。它不支持mods或自定义脚本/服务,也不能以非root用户(或rootless环境中的docker用户)身份运行。它旨在作为Tecnativa容器的直接替代品运行。 + +容器应在与服务使用它的同一docker网络上运行。通常会连接到挂载的docker.sock的大多数容器如果不提供配置选项,可以使用`DOCKER_HOST`环境变量覆盖其端点;通常应指向`tcp://socket-proxy:2375`。 + +* 永远不要将此容器的端口暴露给公共网络。它应该被视为与docker socket或TCP端点相同的方式处理。 +* 撤销对您认为服务不需要的任何API部分的访问。 +* 要查看Docker守护进程和客户端支持的API版本,请使用`docker version`并检查`API version`。 +* [阅读文档](https://docs.docker.com/engine/api/)以了解您正在使用的API版本的可用端点说明。 + +## 只读操作 + +此镜像可以与只读容器文件系统一起运行。详细信息请[阅读文档](https://docs.linuxserver.io/misc/read-only/)。 + +## 参数 + +容器使用运行时传递的参数进行配置(如上所述)。这些参数用冒号分隔,分别表示`<外部>:<内部>`。例如,`-p 8080:80`将暴露容器内部的端口`80`,使其可从容器外部主机的IP上的端口`8080`访问。 + +| 参数 | 功能 | +| :----: | --- | +| `-e ALLOW_START=0` | `/containers/{id}/start` - **即使`POST=0`此选项也将生效** | +| `-e ALLOW_STOP=0` | `/containers/{id}/stop` - **即使`POST=0`此选项也将生效** | +| `-e ALLOW_RESTARTS=0` | `/containers/{id}/stop`、`/containers/{id}/restart`和`/containers/{id}/kill` - **即使`POST=0`此选项也将生效** | +| `-e AUTH=0` | `/auth` | +| `-e BUILD=0` | `/build` | +| `-e COMMIT=0` | `/commit` | +| `-e CONFIGS=0` | `/configs` | +| `-e CONTAINERS=0` | `/containers` | +| `-e DISTRIBUTION=0` | `/distribution` | +| `-e DISABLE_IPV6=0` | 设置为`1`以防止绑定到IPv6接口,适用于无法支持IPv6的旧系统。 | +| `-e EVENTS=1` | `/events` | +| `-e EXEC=0` | `/exec`和`/containers/{id}/exec` | +| `-e IMAGES=0` | `/images` | +| `-e INFO=0` | `/info` | +| `-e LOG_LEVEL=info` | 可能的值:debug、info、notice、warning、err、crit、alert和emerg。默认为info。 | +| `-e NETWORKS=0` | `/networks` | +| `-e NODES=0` | `/nodes` | +| `-e PING=1` | `/_ping` | +| `-e PLUGINS=0` | `/plugins` | +| `-e POST=0` | 设置为`0`时,仅允许`GET`和`HEAD`操作,使API访问变为只读。 | +| `-e SECRETS=0` | `/secrets` | +| `-e SERVICES=0` | `/services` | +| `-e SESSION=0` | `/session` | +| `-e SWARM=0` | `/swarm` | +| `-e SYSTEM=0` | `/system` | +| `-e TASKS=0` | `/tasks` | +| `-e TZ=Etc/UTC` | `设置容器时区` | +| `-e VERSION=1` | `/version` | +| `-e VOLUMES=0` | `/volumes` | +| `-v /var/run/docker.sock:ro` | 将主机docker socket挂载到容器中。 | +| `--read-only` | 使容器文件系统为只读。 | +| `--tmpfs /run` | 将/run挂载到tmpfs(RAM)中以使其可写。 | + +### 参数建议 + +如果需要将docker socket代理作为服务运行,建议配置以下参数以获得完整功能: + +- `CONTAINERS=1` - 允许容器操作 +- `NETWORKS=1` - 允许网络操作 +- `EVENTS=1` - 启用事件监控 +- `PING=1` - 允许ping操作 +- `POST=1` - 允许写操作(创建、修改、删除) + +这些参数组合提供了完整的Docker API访问能力,适用于大多数容器管理场景。 \ No newline at end of file diff --git a/apps/docker-socket-proxy/README_en.md b/apps/docker-socket-proxy/README_en.md new file mode 100644 index 0000000..10e5f1f --- /dev/null +++ b/apps/docker-socket-proxy/README_en.md @@ -0,0 +1,71 @@ +# Docker-Socket-Proxy + +The Socket Proxy is a security-enhanced proxy which allows you to apply access rules to the Docker socket, limiting the attack surface for containers such as watchtower or Traefik that need to use it. + +![](https://img.shields.io/badge/Copyright-arch3rPro-ff9800?style=flat&logo=github&logoColor=white) + +## Application Setup + +This container is conceptually based on [https://github.com/Tecnativa/docker-socket-proxy](https://github.com/Tecnativa/docker-socket-proxy) and as such does not follow our usual container conventions. It *does not* support mods or custom scripts/services, or running as a user other than root (or the docker user in a rootless environment). It is designed to act as a drop-in replacement for the Tecnativa container. + +The container should be run on the same docker network as the service(s) using it. Most containers that would normally connect to a mounted docker.sock can have their endpoint overridden using the `DOCKER_HOST` environment variable if they do not offer the option in their configuration; it should typically be pointed to `tcp://socket-proxy:2375`. + +* Never expose this container's port to a public network. It should be treated the same way you would treat the docker socket or TCP endpoint. +* Revoke access to any API section that you consider your service should not need. +* To see the versions of the API your Docker daemon and client support, use `docker version` and check the `API version`. +* [Read the docs](https://docs.docker.com/engine/api/) for the API version you are using for an explanation of all the available endpoints. + +## Read-Only Operation + +This image can be run with a read-only container filesystem. For details please [read the docs](https://docs.linuxserver.io/misc/read-only/). + +## Parameters + +Containers are configured using parameters passed at runtime (such as those above). These parameters are separated by a colon and indicate `:` respectively. For example, `-p 8080:80` would expose port `80` from inside the container to be accessible from the host's IP on port `8080` outside the container. + +| Parameter | Function | +| :----: | --- | +| `-e ALLOW_START=0` | `/containers/{id}/start` - **This option will work even if `POST=0`** | +| `-e ALLOW_STOP=0` | `/containers/{id}/stop` - **This option will work even if `POST=0`** | +| `-e ALLOW_RESTARTS=0` | `/containers/{id}/stop`, `/containers/{id}/restart`, and `/containers/{id}/kill` - **This option will work even if `POST=0`** | +| `-e AUTH=0` | `/auth` | +| `-e BUILD=0` | `/build` | +| `-e COMMIT=0` | `/commit` | +| `-e CONFIGS=0` | `/configs` | +| `-e CONTAINERS=0` | `/containers` | +| `-e DISTRIBUTION=0` | `/distribution` | +| `-e DISABLE_IPV6=0` | Set to `1` to prevent binding to the IPv6 interface for legacy systems that cannot support IPv6. | +| `-e EVENTS=1` | `/events` | +| `-e EXEC=0` | `/exec` & `/containers/{id}/exec` | +| `-e IMAGES=0` | `/images` | +| `-e INFO=0` | `/info` | +| `-e LOG_LEVEL=info` | Possible values are: debug, info, notice, warning, err, crit, alert and emerg. Defaults to info. | +| `-e NETWORKS=0` | `/networks` | +| `-e NODES=0` | `/nodes` | +| `-e PING=1` | `/_ping` | +| `-e PLUGINS=0` | `/plugins` | +| `-e POST=0` | When set to `0`, only `GET` and `HEAD` operations are allowed, making API access read-only. | +| `-e SECRETS=0` | `/secrets` | +| `-e SERVICES=0` | `/services` | +| `-e SESSION=0` | `/session` | +| `-e SWARM=0` | `/swarm` | +| `-e SYSTEM=0` | `/system` | +| `-e TASKS=0` | `/tasks` | +| `-e TZ=Etc/UTC` | `Set container timezone` | +| `-e VERSION=1` | `/version` | +| `-e VOLUMES=0` | `/volumes` | +| `-v /var/run/docker.sock:ro` | Mount the host docker socket into the container. | +| `--read-only` | Make the container filesystem read-only. | +| `--tmpfs /run` | Mount /run to tmpfs (RAM) to make it writeable. | + +### Parameter Recommendations + +If you need to run the docker socket proxy as a service, it's recommended to configure the following parameters for full functionality: + +- `CONTAINERS=1` - Allow container operations +- `NETWORKS=1` - Allow network operations +- `EVENTS=1` - Enable event monitoring +- `PING=1` - Allow ping operations +- `POST=1` - Allow write operations (create, modify, delete) + +This parameter combination provides complete Docker API access capabilities, suitable for most container management scenarios. \ No newline at end of file diff --git a/apps/docker-socket-proxy/data.yml b/apps/docker-socket-proxy/data.yml new file mode 100644 index 0000000..d25d37c --- /dev/null +++ b/apps/docker-socket-proxy/data.yml @@ -0,0 +1,25 @@ +name: Docker-Socket-Proxy +tags: + - 实用工具 + - 开发工具 +title: 通过代理控制 Docker 套接字 +description: + en: Proxy over your Docker socket to restrict which requests it accepts + zh: 通过代理控制 Docker 套接字 +additionalProperties: + key: docker-socket-proxy + name: Docker-Socket-Proxy + tags: + - Tool + - DevTool + shortDescZh: 通过代理控制 Docker 套接字 + shortDescEn: Proxy over your Docker socket to restrict which requests it accepts + type: website + crossVersionUpdate: true + limit: 0 + website: https://github.com/linuxserver/docker-socket-proxy + github: https://github.com/linuxserver/docker-socket-proxy + document: https://github.com/linuxserver/docker-socket-proxy + architectures: + - amd64 + - arm64 diff --git a/apps/docker-socket-proxy/latest/data.yml b/apps/docker-socket-proxy/latest/data.yml new file mode 100644 index 0000000..97c2a72 --- /dev/null +++ b/apps/docker-socket-proxy/latest/data.yml @@ -0,0 +1,330 @@ +additionalProperties: + formFields: + - default: "2375" + envKey: PANEL_APP_PORT_HTTP + required: true + type: number + labelEn: Port + labelZh: 端口 + edit: true + rule: paramPort + - default: "0" + envKey: ALLOW_START + required: false + type: select + labelEn: ALLOW_START + labelZh: ALLOW_START(允许启动) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" + - default: "0" + envKey: ALLOW_STOP + required: false + type: select + labelEn: ALLOW_STOP + labelZh: ALLOW_STOP(允许停止) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" + - default: "0" + envKey: ALLOW_RESTARTS + required: false + type: select + labelEn: ALLOW_RESTARTS + labelZh: ALLOW_RESTARTS(允许重启) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" + - default: "0" + envKey: AUTH + required: false + type: select + labelEn: AUTH + labelZh: AUTH(认证) + values: + - label: 0-关闭 + value: "0" + - label: 1-开启 + value: "1" + - default: "0" + envKey: BUILD + required: false + type: select + labelEn: BUILD + labelZh: BUILD(构建) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" + - default: "0" + envKey: COMMIT + required: false + type: select + labelEn: COMMIT + labelZh: COMMIT(提交) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" + - default: "0" + envKey: CONFIGS + required: false + type: select + labelEn: CONFIGS + labelZh: CONFIGS(配置) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" + - default: "0" + envKey: CONTAINERS + required: false + type: select + labelEn: CONTAINERS + labelZh: CONTAINERS(容器) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" + - default: "0" + envKey: DISABLE_IPV6 + required: false + type: select + labelEn: DISABLE_IPV6 + labelZh: DISABLE_IPV6(禁用IPv6) + values: + - label: 0-关闭 + value: "0" + - label: 1-开启 + value: "1" + - default: "0" + envKey: DISTRIBUTION + required: false + type: select + labelEn: DISTRIBUTION + labelZh: DISTRIBUTION(镜像分发) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" + - default: "1" + envKey: EVENTS + required: false + type: select + labelEn: EVENTS + labelZh: EVENTS(事件) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" + - default: "0" + envKey: EXEC + required: false + type: select + labelEn: EXEC + labelZh: EXEC(执行) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" + - default: "0" + envKey: IMAGES + required: false + type: select + labelEn: IMAGES + labelZh: IMAGES(镜像) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" + - default: "0" + envKey: INFO + required: false + type: select + labelEn: INFO + labelZh: INFO(信息) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" + - default: "info" + envKey: LOG_LEVEL + required: false + type: select + labelEn: LOG_LEVEL + labelZh: LOG_LEVEL(日志级别) + values: + - label: debug-调试 + value: "debug" + - label: info-信息 + value: "info" + - label: notice-通知 + value: "notice" + - label: warning-警告 + value: "warning" + - label: err-错误 + value: "err" + - label: crit-严重 + value: "crit" + - label: alert-警报 + value: "alert" + - label: emerg-紧急 + value: "emerg" + - default: "0" + envKey: NETWORKS + required: false + type: select + labelEn: NETWORKS + labelZh: NETWORKS(网络) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" + - default: "0" + envKey: NODES + required: false + type: select + labelEn: NODES + labelZh: NODES(节点) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" + - default: "1" + envKey: PING + required: false + type: select + labelEn: PING + labelZh: PING(探针/PING) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" + - default: "0" + envKey: PLUGINS + required: false + type: select + labelEn: PLUGINS + labelZh: PLUGINS(插件) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" + - default: "0" + envKey: POST + required: false + type: select + labelEn: POST + labelZh: POST(POST请求) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" + - default: "0" + envKey: SECRETS + required: false + type: select + labelEn: SECRETS + labelZh: SECRETS(机密/Secrets) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" + - default: "0" + envKey: SERVICES + required: false + type: select + labelEn: SERVICES + labelZh: SERVICES(服务) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" + - default: "0" + envKey: SESSION + required: false + type: select + labelEn: SESSION + labelZh: SESSION(会话) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" + - default: "0" + envKey: SWARM + required: false + type: select + labelEn: SWARM + labelZh: SWARM(Swarm集群) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" + - default: "0" + envKey: SYSTEM + required: false + type: select + labelEn: SYSTEM + labelZh: SYSTEM(系统) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" + - default: "0" + envKey: TASKS + required: false + type: select + labelEn: TASKS + labelZh: TASKS(任务) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" + - default: "1" + envKey: VERSION + required: false + type: select + labelEn: VERSION + labelZh: VERSION(版本) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" + - default: "0" + envKey: VOLUMES + required: false + type: select + labelEn: VOLUMES + labelZh: VOLUMES(卷) + values: + - label: 0-禁止 + value: "0" + - label: 1-允许 + value: "1" \ No newline at end of file diff --git a/apps/docker-socket-proxy/latest/docker-compose.yml b/apps/docker-socket-proxy/latest/docker-compose.yml new file mode 100644 index 0000000..694d724 --- /dev/null +++ b/apps/docker-socket-proxy/latest/docker-compose.yml @@ -0,0 +1,49 @@ +services: + socket-proxy: + image: ghcr.io/linuxserver/socket-proxy:latest + container_name: ${CONTAINER_NAME} + environment: + - ALLOW_START=${ALLOW_START} + - ALLOW_STOP=${ALLOW_STOP} + - ALLOW_RESTARTS=${ALLOW_RESTARTS} + - AUTH=${AUTH} + - BUILD=${BUILD} + - COMMIT=${COMMIT} + - CONFIGS=${CONFIGS} + - CONTAINERS=${CONTAINERS} + - DISABLE_IPV6=${DISABLE_IPV6} + - DISTRIBUTION=${DISTRIBUTION} + - EVENTS=${EVENTS} + - EXEC=${EXEC} + - IMAGES=${IMAGES} + - INFO=${INFO} + - LOG_LEVEL=${LOG_LEVEL} + - NETWORKS=${NETWORKS} + - NODES=${NODES} + - PING=${PING} + - PLUGINS=${PLUGINS} + - POST=${POST} + - SECRETS=${SECRETS} + - SERVICES=${SERVICES} + - SESSION=${SESSION} + - SWARM=${SWARM} + - SYSTEM=${SYSTEM} + - TASKS=${TASKS} + - TZ=Etc/UTC + - VERSION=${VERSION} + - VOLUMES=${VOLUMES} + ports: + - ${PANEL_APP_PORT_HTTP}:2375 + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + restart: always + read_only: true + tmpfs: + - /run + networks: + - 1panel-network + labels: + createdBy: Apps +networks: + 1panel-network: + external: true diff --git a/apps/docker-socket-proxy/logo.png b/apps/docker-socket-proxy/logo.png new file mode 100644 index 0000000000000000000000000000000000000000..324591c920c3d6aa54390a0816a5548e08331c06 GIT binary patch literal 5779 zcmX|Ec|26>|9{Rg!wk|`imWr1>>??*#Eh)TzK2Yu2w6(umYl|x7D7a_C6VMJl}Zey zNXk}{Z9+(8U$Q>G;ok3WUe7$AW!}r@Ip_RwCf3Trcmua6HvnLRsfmFN04O^}0fB=Z zUfq+eX9t`o&71~6X*|#JVLZD=PTLskgW?b3KiEibs{?k1#sLQuFt{}mg7sZ#eP@?) zk#K9oT3<-(SttJ-%Wn$J6`E?z3pWR_E`DiG|UQz4)_2j={BA~+hv}@dT3LE_2 zkZe14XWd01=70L@%4{whzxM0;NNWjW&6i!Wk0Z-I&bsf~Nb714!o(WrnhP6Pkd_1o zCtz?HeAoha$HV0ns2B}ZFTv~vsCgBtUxt5{;N(1vdJcPj!T0^pG9At?K-~oRa~hhZ z!55vdxCNTrgk!TXtq$5`z^hfTq5}?3!p|eHwi_<3z_uZ1p9S-qpkXrnIRh^|fhUV# zPzl@>2UA`_dLC>Zgy+hkcOfkQ1Q`{u@FR4{f{C^8Xg&-qhTae0w=tO82w!}GUq@k5 z4UDgbmnvb#TUgf%opa#mG&D$tk3YeWgOD`_54xpJ535 zjLopR3%==v^(?oEIe>F{C&to{m}a^Ub3tn7pj zK0?m|=(DmjgZ&5|3$n4W1>_}M7VpQtYHXgW{Yr-(VD&R=I>x+%3}h`IjQ?}#z@A8y~~{d2s)S=(Ck9K{>u1aYv(8$bL`~imI_(AK`fcuyIni> zetU)8Le2eCM~*!(Jyw{QcK=qWm{;kKs4!cqA(i*CLb0>!K$UEgN8)>jNA13_4fGf= z{T6%2&iQ3cS5*(6?&`P@zHvVDcjhDd#hrHc_AhM@9jbcz{P}a0aK?O!xpjhYUb|)t z+RFHT8oKAT!GX*5+d}-OI&PRR7rhkJ8_$T%dInUSuG>C-RJj*wP{G_P!So+nKCAy7|v;Gctsy^*MnIiq#&oJta zYTdcuVo$-9dsA-7hGq#5+)_5%k9{p|n0R|Wv{QGvCI9T6FOCj=$2lmTOV3*m;6`w1 z4?0fnI>5+Sc)(xvN?%ly4aE;(b=$Ln)6FQZR0R`Mli|UghAC+pF(-&RtLN zp8Iv^{)uItUH#9-KPdFSi4uKNy<#pqAnEVdQS{9* zKGBi7sKGetuXym!#i1-k^BO~?Dfg%v_oMZ$1Ls#i<`iw66rYMgENr4LU*1WV7(F5R z^L8T)wX>bs3qFQ-a+2BKBAP@~-Ni}FPy}j(8Yq0%sClZs>a(NK_O`H7?1I#*&Xm?} zI^R(EHThl1vxpO{!GcRy&9qJb5pZFAog_CT-}xtpgPEs1anNQwJR7Ocr=-3YlSwWR zlTu0wfg9}yB7e_wYBmFUUDwV&i4V1({omI&)(Vh1b^Lvx@BySurtOW|cIOdf``sNp z8-Wh4=p=G+rO(NR{#YK9$gY^f6@7=OQeCpJiYi)@=I$F>_pblCKzr;qxy=VL5tP-< zccAi`$cJ!xlNj+SLc11{G;(9h0aPQO&}9ZN-j(GK4&kstE2 zD!B6NI9=|Ybd1QhE5}t0od-*1I*At@tv8ugE?xyL)TWC6h`;9`$Y^qz(L5gE^7R{z&!ySqDO}p&kW0jjz#&4?duefArS!5b zXl2}~`hnRkXowYG=1=al&K}$Per?1qq zPv4qw--GT+=rkDOaLgguI7c+lJByeUT3M_(<;FFA6S;HyF>WD!C7)8`O5gpZTU~cb z^5VEXN9(L^(A56AW6TIUWY(^(MvET7A12Ygt(_>i>&n!ek=%YVP|YN<_7TV~*m(lk z5j)@F!=NzRpR;_|DqjLXl*pJXvNfM$dM!>FeB|7R-Cv+@WD8(iC>2B3aA?a<8kyOC znZ(AEF(+g@8Q?HL0;tI*ItT8$DwXnYNd@=OA_geKJMkj_La2p6nT+`&QZk^RB}$N&SFm=6W>onlj))8|CZ43@lSQ*^rp76QI}b?nf`f^7Ux zmT$dflaaSk>e6`;4jOv`wjMzK^STQRNz^Am@_(IT9+KCd4Tvm{)xfN-cO*E1_maB( zXXvdw8M8td4{hD|{!s^r0e67UV&l(MJ_N@daAe}GzrSP*=*L~s1wkXn*`|a5pE*3A zmOijX--iH$it!l0z!7-&o{s%2Ngx|zJQ~G;`CO<8Ke>C;PwC*V6pVy;A92sil|V0% z$lc<@+kb>|`$hmY9xK85-N6?3a;r#8H-zCfxvhOP2K>UO&JUO4DIge$9(vhMBQRaD zFnr}D|b9npOh@T^xI$5LXt znRSRo16RCAY0%4>vjp`B&AILy+ zx9ZUN%Z-TBsdt6IuNNg_=VqKYvy^bGdP*Z25=O!(4?p8aA^>k`X7y8LrZe!-(k|$v zTA3H_8h^19HxWkzXVLbr{A3*Rg=pn(j9nlwEwJ3PxQRI`@I!Bx$}#Z-ra2bz1gE_b z@!**NXn-J{nF81&)3;JH_9Aibm!Ddmzd#@#z}nh1dj%F3m)=_5Obphkf^|=|X5rr` zf+I9{@Az2Ta?xcVoWZ^RChJ@+X95^(DJ zn5ZEd!WHw1#01EP(Bu}EjmV5J>#`%|WDkiNjGR}(Pw>sLZ|h5ZHeViR$dX z%P}?Fk%W3}!}8o}69=~&p&Ll7g0kiG+BN&-4TU(9MK^r{>mHbiC=|n_P!S6AWRD+M zdlJOmw}|Ha#f$LrXFJ3K#oL+)(!GiK!NNM_#0Dxjikr~-D>Hnb(%Y+d_hARk41!H2 zT$X}nC|~@3yt*kZ#dmON)a$OUPnLx?dEP2_Gx_jM_4(gYr*=ah8iCFmezr=uxy78s zHXL%*1ZMRq|3L0N&sV?&T$CTkarj3xjvv>YMxX!l>L00sbezRX`C)ss zyu)O8+Mg@>d8PLWA6Ym2$Ta$WnKHYaObpmOsW4n3=yF+EfUJG#yii-ftAx8k#O7<5 zP}?4(-8>VD0yfKkg1!5whG;oiI(f&Q;M6>6q?u^7Fe4=?*Mrx-lzJoZaaRMIG=V>5 zGt&{?`z<$b6VWQBz;0svXWaOfhb9;Yp>ZLuuTBGRN&_-pg)c6cHeG)xjp!O3k2|vv zt@gx~J5fo9h;=7cw{;k5hfhr3O0d0YWU5M{?lP*kCu4rW%SHt9EfNj1%uqoKF9}C# zf~kb&s|rc|K!YF1Tx@7T5s!H!!WE|-r=Ij}dmuk(t1&fSxLU@~BDLrl1*oAC~D#}^3 zKu0D)!W}Qdjcr0cZ;^>cv&HCX`(9fEUm?%rIExfCNZR>|xLgWKk0)Fy=S=0s9I{tc zsd*^8u;#tuL`?p~m z|9YDjk0W57RM%)!8pqTm_ljSSHy~igXn_^_+i}dvz|vpPf; z49Jx=0-{E}r%&wGXW+byS*QOpPsA}DD5AT78$W1bc6Q4gMsY7li|_fFMlYx46@-Bq zhiB_|`9L%>{rb`li5^)?z)kt{gO7DGQ2~>BiV-&Co7@FKBAu2R`uce7*vA)>y2Xgk<}XTdW1_@?bKzVrBOvC3)q!IDJ3pms`fS#LiM5jcbYlPPzK zg`;7wcSw5Pg5T6>z$~N2A#QR$+!Tiliqd0uq`(NlFt~LOu7I z_zs;NRdx`MQ=lb> zTo%#_^Ukx@Ct9g_tC{Z;O;E6DZ7sL963n|>aI(F?rf(6y*c$)oaiHrM{e7|L&~mt? z&WFrt&)~CXE4wJhATng`ru1)kD$v5~^>sOL#5p#J*%6--Nd?`L*Jh-)R6Z&t<4{)S zhO}_4sZUSmqb`^ff=l0bmG$!XUU)1UnTZh0w6dQW5@jYP#y#~d56c6j;Z4x^Mb}3) z3*lMY2yS>;UX0ZDGG$mLVEFUxW+z>6f%sNyeke!0r&@kyC>SN(IOW09=NQ_^S}vdK z5sq??vAt3h@nSOD+mZ2@ORSL*;UEumLt~y+u9k84gfA==vTEgn!Bk^Jb?D;ViH80z zxf&B)u%(l0VR(<_T>Qt=J{JzXAyQ2)2KKtZ6HQG+A9bo`FVNJ5PN5U`rH{T0_o=(K z;qFt%)zGC}meLrGT>K%Ry5dFE!c6;TV#ht<4#%5#p9NqbBsN_;`k+Zq={dQmCv;_G z!ENYapFki=SN?12`=@KdkJ_qll-j84O$QyDZrQj?*PYsD<|_}PTa8PC;BfkQ@wN}e z2lUbc&ueQA!pwy;e=kn{`gP^!KYqPVhF$Z=w2=}k&MK8eUt>aua$h(xiz~tyjRJqH z3B{t^h!>4g;jM~e#^?upSH@*;j$#!)Az>=qHTLXaB*b{&N&y<|;6wqO+%?J81dxJu zejU}D%@NSSUq&w75z@h5K}KkbA)|_%Xe)mS+oRd>i3}hLMW(-w19SoA zIc{ouWa5NCPiMH?Az@;^Lb)>dviZ#cSPZN*y=zVT##U{&U9L49&jh^L3b%QG5wX~e zoU5`;dy(wG8&UC-FIV1HsayOCL#eq1Ji@t4vsrJfMAY8QZJ>sUB!8oHSNVei!Mtxd zr{U_+zfxy~Nb$JNOOoy3zC7P3fpjo26vDU6HSeBhSzlwSB`E-=#Yb~roF1Ye?7vF0 zykHy8Vbm3IOoEq+Yp@6K5;@k|G10Oj&$ATq_>-rE z3Qq>xyLbKa%Su-#zHBEK%#NKFdV2+$W6wh?8CdKA6M7`DHCBP{2Cpz;21X*nf z;HRHQ6kKru^4VPyn6m?@*N(sSW3ZBTtX4knajVI(7gq~^44hh6$@lB#@qX18#sJMM zXFH1|B9oj!*h%p2m(C#dO5{f=2OUW&$XwiN*&AM_&TkivdfAge;oCWKomPjfp;3Tx zcKIV2yBrZoUZtX~Mw=RQu8zKIQPhsuT{z0iFMzGeAS2;XEEBE_eb=6?V@7wPsNx9iR@S_A>o*fkB*<)~b*NKGm60-xR z9P5t>YizplW#P);bJ_vi;LGKWiCoVo((=f zlSs;b^LMiTXXt7Q3DJC0x6^9724(r@miweMkt#=+;h$VLkW={6%yyIWs|r55`Codz z)@MGsQH2YK^(E~4a8;Uia*pyQe8lr7i@86@nTQ@2eSk_%@46+MjH}Z5o#VwAJQ~~| z$4pNP&o@6+C?#fiu6yV1&lUoY-X@JCoJ$&h$R4S9cpQE^=M8J06{nT4c+kRX=whgbLsS;i#Tp6VL+3>m7 z)3&rsItbf)ko+adwCnd>d6|^P&x;2|Nl`r~{km4OmWHql0js+U(U9C9t qli)pVoOFgy`M3C?>eH#)?N{`a?BWYHo)T68?2oCTg+Z}Co$-HZ--CDn literal 0 HcmV?d00001