feat: remove authentication

swiftwave-org · Jun 19, 2024 · a1bb09b · a1bb09b
1 parent 205a13c
commit a1bb09b
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 16 deletions.
diff --git a/README.MD b/README.MD
@@ -1,12 +1,12 @@
 # Docker Socket Proxy
 
-This is a simple proxy to convert unix socket of docker to tcp socket to share access to containers in same docker network. It has simple token based authentication mechanism & granular permission control to allow/deny read/write access to each endpoint.
+This is a simple proxy to convert unix socket of docker to tcp socket to share access to containers in same docker network. It has granular permission control to allow/deny read/write access to each endpoint.
 
 ## Credits
 
 Inspired from [https://github.com/Tecnativa/docker-socket-proxy](https://github.com/Tecnativa/docker-socket-proxy)
 
-As in swiftwave, we need some extra permission control and a minimal authentication mechanism to allow/deny access to each endpoint, we create this proxy to do the same.
+As in swiftwave, we need some extra permission control to allow/deny access to each endpoint, we create this proxy to do the same.
 
 ## Environment Variables
 
@@ -19,7 +19,6 @@ As in swiftwave, we need some extra permission control and a minimal authenticat
 | Variable Name      | Description              | Default Value        |
 | ------------------ | ------------------------ | -------------------- |
 | DOCKER_SOCKET_PATH | Path to docker socket    | /var/run/docker.sock |
-| AUTH_TOKEN         | Connect auth token       | N/A (mandatory)      |
 | LOG_LEVEL          | Log level                | notice               |
 | PING_READ          | Allow ping read          | 0                    |
 | PING_WRITE         | Allow ping write         | 0                    |
@@ -73,11 +72,11 @@ As in swiftwave, we need some extra permission control and a minimal authenticat
 
 1. Run this docker proxy.
    ```bash
-   docker run -it -p 2375:2375 -v /var/run/docker.sock:/var/run/docker.sock -e AUTH_TOKEN=<your_auth_token> -e PING_READ=1 -e VERSION_READ=1 ghcr.io/swiftwave-org/docker-socket-proxy
+   docker run -it -p 2375:2375 -v /var/run/docker.sock:/var/run/docker.sock -e PING_READ=1 -e VERSION_READ=1 ghcr.io/swiftwave-org/docker-socket-proxy
    ```
 2. Wherever you need to use this docker proxy, set `DOCKER_HOST` environment variable.
    ```bash
-   export DOCKER_HOST=<docker_container_or_service_name>/<your_auth_token>
+   export DOCKER_HOST=<docker_container_or_service_name>
    ```
 3. That's it.
 

diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
@@ -1,14 +1,7 @@
 #!/bin/sh
 set -e
 
-# raise error if AUTH_TOKEN is not set
-if [ -z "$AUTH_TOKEN" ]; then
-	echo "ERROR: AUTH_TOKEN is not set"
-	exit 1
-fi
-
-# replace ${AUTH_TOKEN} with the value of AUTH_TOKEN
-sed "s/\${AUTH_TOKEN}/$AUTH_TOKEN/g" /usr/local/etc/haproxy/haproxy.cfg.template > /usr/local/etc/haproxy/haproxy.cfg
+cp /usr/local/etc/haproxy/haproxy.cfg.template /usr/local/etc/haproxy/haproxy.cfg
 
 # start haproxy
 if [ "${1#-}" != "$1" ]; then

diff --git a/haproxy.cfg b/haproxy.cfg
@@ -34,9 +34,6 @@ defaults
 frontend docker_frontend
     bind :2375
 
-    http-request deny if !{ path_beg -i /${AUTH_TOKEN} }
-    http-request set-uri %[url,regsub(^/${AUTH_TOKEN},,)] 
-
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/_ping } METH_GET { env(PING_READ) -m bool }
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/_ping } METH_HEAD { env(PING_READ) -m bool }
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/_ping } METH_POST { env(PING_WRITE) -m bool }