GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → djenriquez → sherpa

djenriquez / sherpa

Licence: MIT License
A simple way to access Docker's remote API

Programming Languages

python
139335 projects - #7 most used programming language

Labels

apidockernginxremote

Projects that are alternatives of or similar to sherpa

foobar2000-web-ui
Control Foobar2000 from a (remote) web browser
Stars: ✭ 25 (-44.44%)
Mutual labels:  remote
awesome-job-boards
A curated list of awesome job boards. We accept PRs.
Stars: ✭ 21 (-53.33%)
Mutual labels:  remote
connect
Toolsets for retrieving data from a remote source
Stars: ✭ 13 (-71.11%)
Mutual labels:  remote
EmbeddedTools
Additions to the model-based DSL for deploying Java and Native projects to remote targets
Stars: ✭ 14 (-68.89%)
Mutual labels:  remote
Mi
MI - A PS4 Remote Tool.
Stars: ✭ 23 (-48.89%)
Mutual labels:  remote
URL-Magnet-Cloud-Uploader-Heroku
Aria 2 Rclone Remote URL /magnet Clouds upload via HEROKU
Stars: ✭ 99 (+120%)
Mutual labels:  remote
remote-lib
💫 Convert your JavaScript library to a remote service.
Stars: ✭ 40 (-11.11%)
Mutual labels:  remote
ripdb
Remotely accessible IPython-enabled debugger
Stars: ✭ 21 (-53.33%)
Mutual labels:  remote
permanently-remote
A list of tech companies going permanently remote after COVID-19
Stars: ✭ 61 (+35.56%)
Mutual labels:  remote
desk
DESK exposing server kit : HTML5 solution for remote processing and visualization
Stars: ✭ 21 (-53.33%)
Mutual labels:  remote
teuton
Infrastructure test, mainly useful for sysadmin teachers and making contests
Stars: ✭ 22 (-51.11%)
Mutual labels:  remote
Somfy Remote Lib
Emulate a Somfy remote using a 433.42 MHz transmitter.
Stars: ✭ 43 (-4.44%)
Mutual labels:  remote
git-repo-name
Get the repository name from the git remote origin URL
Stars: ✭ 21 (-53.33%)
Mutual labels:  remote
git-admin
A package to help manage git repositories through the commandline
Stars: ✭ 27 (-40%)
Mutual labels:  remote
retro
A self-hostable web application designed for remote retrospectives
Stars: ✭ 21 (-53.33%)
Mutual labels:  remote
airboardgame
AirBoardGame is a virtual tabletop to play and create any boardgame online with your friends
Stars: ✭ 45 (+0%)
Mutual labels:  remote
pi-encrypted-boot-ssh
🔑 Raspberry Pi Encrypted Boot with Remote SSH
Stars: ✭ 96 (+113.33%)
Mutual labels:  remote
Sharer
Arduino & .NET serial communication library to read/write variables and remote call functions using the Sharer protocol. Works on Windows, Linux and MacOS.
Stars: ✭ 21 (-53.33%)
Mutual labels:  remote
carlaviz
Visualize carla in the web browser
Stars: ✭ 118 (+162.22%)
Mutual labels:  remote
android-cast-remote-display-sample
📻 Google Cast's Remote Display Sample for Android
Stars: ✭ 38 (-15.56%)
Mutual labels:  remote
View All Similar Projects ➔

Sherpa

The current recommendation to enable Docker's remote API is to change the daemon configuration and then restart. With Sherpa, you simply need to run the container and you'll have access to the docker.sock via TCP.

ACL Configuration

Sherpa has two access modes, --allow and --deny(default). In allow mode, access to the Docker API is implicitly allowed. Meaning, you must explicitly define endpoints and HTTP methods that are forbidden. In --deny mode, the default mode, the reverse is true: access to the API is implicitly forbidden. Paths must be explicitly defined.

Paths can be configured using the $CONFIG environment variable with a json blob passed in and/or by mounting config files to /etc/sherpa. This blob has the following schema:

[
    { 
        "Path" : "STRING",
        "Access": "allow|deny",
        "Methods": ["STRING"],
        "Addresses": ["STRING"]
    }
]
  • "Path": The URI path to configure
  • "Access": The access mode. Accepts "allow" or "deny"
  • "Methods": The HTTP Methods to allow. Ignored if access is "deny".
  • "Addresses": Specific addresses to allow. See NGINX allow for accepted values. Ignored if access is "deny".

Admins can also restrict access to Sherpa by using a combination of volume mounting permissions and IP binding.

Examples

Multiple ACLs can be defined to create a strictly contained remote API. Here are a few examples:

Full access

docker run -d \
--name sherpa \
-v /var/run/docker.sock:/tmp/docker.sock \
-p 4550:4550 \
djenriquez/sherpa --allow

Access to /containers/json GET only

docker run -d \
--name sherpa \
-e CONFIG='[
    { 
        "Path" : "/containers/json",
        "Access": "allow",
        "Methods": ["GET"]
    }
]' \
-v /var/run/docker.sock:/tmp/docker.sock \
-p 4550:4550 \
djenriquez/sherpa

Access to everything but kill

docker run -d \
--name sherpa \
-e CONFIG='[
    { 
        "Path" : "/containers/*/kill",
        "Access": "deny"
    }
]' \
-v /var/run/docker.sock:/tmp/docker.sock \
-p 4550:4550 \
djenriquez/sherpa --allow

Mount example config files /w env Config

docker run -d \
--name sherpa \
-e CONFIG='[
    { 
        "Path" : "/containers/json",
        "Access": "deny"
    }
]' \
-v `pwd`/examples:/etc/sherpa \
-v /var/run/docker.sock:/tmp/docker.sock \
-p 4550:4550 \
djenriquez/sherpa --allow

Full access to internal IPs only

docker run -d \
--name sherpa \
-e CONFIG='[
    { 
        "Path" : "/",
        "Access": "allow",
        "Addresses": ["10.0.0.0/8", "192.168.0.0/16", "172.0.0.0/8"]
    }
]' \
-v /var/run/docker.sock:/tmp/docker.sock \
-p 4550:4550 \
djenriquez/sherpa --allow
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].