Merge branch 'master' into master

Dockerfile

@@ -2,6 +2,8 @@ FROM haproxy:2.2-alpine
 
 EXPOSE 2375
 ENV ALLOW_RESTARTS=0 \
+    ALLOW_STOP=0 \
+    ALLOW_START=0 \
     AUTH=0 \
     BUILD=0 \
     COMMIT=0 \

README.md

@@ -125,6 +125,9 @@ extremely critical but can expose some information that your service does not ne
 -   `COMMIT`
 -   `CONFIGS`
 -   `CONTAINERS`
+-   `ALLOW_START` (containers/`id`/`start`)
+-   `ALLOW_STOP` (containers/`id`/`stop`)
+-   `ALLOW_RESTARTS` (containers/`id`/`stop`|`restart`|`kill`)
 -   `DISTRIBUTION`
 -   `EXEC`
 -   `GRPC`

haproxy.cfg

@@ -47,6 +47,8 @@ frontend dockerfrontend
     bind :::2375 v4v6
     http-request deny unless METH_GET || { env(POST) -m bool }
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/((stop)|(restart)|(kill)) } { env(ALLOW_RESTARTS) -m bool }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/start } { env(ALLOW_START) -m bool }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/stop } { env(ALLOW_STOP) -m bool }
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/auth } { env(AUTH) -m bool }
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/build } { env(BUILD) -m bool }
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/commit } { env(COMMIT) -m bool }