Skip to content

Commit 80ce677

Browse files
wollomaticwollomatic
authored
Merge pull request #63 from wollomatic/develop
v1.10.0
2 parents e329ca4 + 5a199fa commit 80ce677

File tree

8 files changed

+41
-24
lines changed

8 files changed

+41
-24
lines changed

.dockerignore

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,6 @@
1-
.github
2-
examples/
1+
*
2+
3+
!cmd
4+
!internal
5+
!go.mod
6+
!LICENSE

.github/dependabot.yml

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,18 @@
11
# To get started with Dependabot version updates, you'll need to specify which
22
# package ecosystems to update and where the package manifests are located.
33
# Please see the documentation for all configuration options:
4-
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
4+
# https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference
55

66
version: 2
77
updates:
8+
- package-ecosystem: "docker"
9+
directory: "/"
10+
schedule:
11+
interval: "weekly"
12+
- package-ecosystem: "github-actions"
13+
directory: "/"
14+
schedule:
15+
interval: "weekly"
816
- package-ecosystem: "gomod" # See documentation for possible values
917
directory: "/" # Location of package manifests
1018
schedule:

.github/workflows/docker-image-release.yaml

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -17,17 +17,17 @@ jobs:
1717

1818
steps:
1919
- name: Checkout
20-
uses: actions/checkout@v4
20+
uses: actions/checkout@v5
2121

2222
- name: Run Gosec Security Scanner
2323
uses: securego/gosec@master
2424
with:
2525
args: ./...
2626

2727
- name: Set up Go
28-
uses: actions/setup-go@v5
28+
uses: actions/setup-go@v6
2929
with:
30-
go-version: '1.24.5'
30+
go-version: '1.25'
3131

3232
- name: Run Go tests
3333
run: go test ./...
@@ -37,9 +37,9 @@ jobs:
3737
run: echo "VERSION=${GITHUB_REF#refs/tags/}" >> "$GITHUB_OUTPUT"
3838

3939
- name: Install Cosign
40-
uses: sigstore/cosign-installer@v3.9.2
40+
uses: sigstore/cosign-installer@v3.10.0
4141
with:
42-
cosign-release: 'v2.5.3'
42+
cosign-release: 'v2.6.0'
4343

4444
- name: Set up Docker Buildx
4545
uses: docker/setup-buildx-action@v3
@@ -91,4 +91,4 @@ jobs:
9191
run: cosign sign --yes --recursive --key env://COSIGN_PRIVATE_KEY ghcr.io/wollomatic/socket-proxy:${{ steps.get_tag.outputs.VERSION }}@${{ steps.push-ghcr.outputs.digest }}
9292
env:
9393
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
94-
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
94+
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}

.github/workflows/docker-image-testing.yaml

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -18,25 +18,25 @@ jobs:
1818

1919
steps:
2020
- name: Checkout
21-
uses: actions/checkout@v4
21+
uses: actions/checkout@v5
2222

2323
- name: Run Gosec Security Scanner
2424
uses: securego/gosec@master
2525
with:
2626
args: ./...
2727

2828
- name: Set up Go
29-
uses: actions/setup-go@v5
29+
uses: actions/setup-go@v6
3030
with:
31-
go-version: '1.24.5'
31+
go-version: '1.25'
3232

3333
- name: Run Go tests
3434
run: go test ./...
3535

3636
# - name: Install Cosign
37-
# uses: sigstore/cosign-installer@v3.9.2
37+
# uses: sigstore/cosign-installer@v3.10.0
3838
# with:
39-
# cosign-release: 'v2.5.3'
39+
# cosign-release: 'v2.6.0'
4040

4141
- name: Set up Docker Buildx
4242
uses: docker/setup-buildx-action@v3
@@ -69,7 +69,7 @@ jobs:
6969
ghcr.io/wollomatic/socket-proxy:testing-${{ github.sha }}
7070
7171
# - name: Build and push Docker Hub image
72-
# uses: docker/build-push-action@v5
72+
# uses: docker/build-push-action@v6
7373
# id: push-dockerhub
7474
# with:
7575
# context: .
@@ -87,7 +87,7 @@ jobs:
8787
# COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
8888
#
8989
# - name: Build and push GHCR image
90-
# uses: docker/build-push-action@v5
90+
# uses: docker/build-push-action@v6
9191
# id: push-ghcr
9292
# with:
9393
# context: .
@@ -102,4 +102,4 @@ jobs:
102102
# run: cosign sign --yes --recursive --key env://COSIGN_PRIVATE_KEY ghcr.io/wollomatic/socket-proxy:testing-${{ github.sha }}@${{ steps.push-ghcr.outputs.digest }}
103103
# env:
104104
# COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
105-
# COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
105+
# COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}

Dockerfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
# syntax=docker/dockerfile:1
2-
FROM --platform=$BUILDPLATFORM golang:1.25.0-alpine3.22 AS build
2+
FROM --platform=$BUILDPLATFORM golang:1.25.1-alpine3.22 AS build
33
WORKDIR /application
44
COPY . ./
55
ARG TARGETOS

README.md

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
# socket-proxy
22

33
## Latest image
4-
- `wollomatic/socket-proxy:1.9.0` / `ghcr.io/wollomatic/socket-proxy:1.9.0`
4+
- `wollomatic/socket-proxy:1.10.0` / `ghcr.io/wollomatic/socket-proxy:1.10.0`
55
- `wollomatic/socket-proxy:1` / `ghcr.io/wollomatic/socket-proxy:1`
66

77
## About
@@ -33,7 +33,7 @@ You should know what you are doing. Never expose socket-proxy to a public networ
3333
The container image is available on [Docker Hub (wollomatic/socket-proxy)](https://hub.docker.com/r/wollomatic/socket-proxy)
3434
and on the [GitHub Container Registry (ghcr.io/wollomatic/socket-proxy)](https://github.com/wollomatic/socket-proxy/pkgs/container/socket-proxy).
3535

36-
To pin one specific version, use the version tag (for example, `wollomatic/socket-proxy:1.9.0` or `ghcr.io/wollomatic/socket-proxy:1.9.0`).
36+
To pin one specific version, use the version tag (for example, `wollomatic/socket-proxy:1.10.0` or `ghcr.io/wollomatic/socket-proxy:1.10.0`).
3737
To always use the most recent version, use the `1` tag (`wollomatic/socket-proxy:1` or `ghcr.io/wollomatic/socket-proxy:1`). This tag will be valid as long as there is no breaking change in the deployment.
3838

3939
There may be an additional docker image with the `testing`-tag. This image is only for testing. Likely, documentation for the `testing` image could only be found in the GitHub commit messages. It is not recommended to use the `testing` image in production.
@@ -59,6 +59,9 @@ This will also disable the TCP listener.
5959

6060
For example `-proxysocketendpoint=/tmp/filtered-socket.sock`
6161

62+
> [!NOTE]
63+
> Versions prior to 1.10.0 of socket-proxy set the default file permissions of the Unix socket to 0400, instead of 0600 as stated in the documentation.
64+
6265
#### Setting up the IP address or hostname allowlist
6366

6467
Per default, only `127.0.0.1/32` is allowed to connect to socket-proxy. You may want to set another allowlist with the `-allowfrom` parameter, depending on your needs.
@@ -192,7 +195,7 @@ To log the API calls of the client application, set the log level to `DEBUG` and
192195

193196
### all parameters and environment variables
194197

195-
socket-proxy can be configured via command line parameters or via environment variables. If both command line parameter and environment variables are set, the environment variable will be ignored.
198+
socket-proxy can be configured via command line parameters or via environment variables. If both command line parameters and environment variables are set, the environment variable will be ignored.
196199

197200
| Parameter | Environment Variable | Default Value | Description |
198201
|--------------------------------|----------------------------------|------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
@@ -206,7 +209,7 @@ socket-proxy can be configured via command line parameters or via environment va
206209
| `-shutdowngracetime` | `SP_SHUTDOWNGRACETIME` | `10` | Defines the time in seconds to wait before forcing the shutdown after sigtern or sigint (socket-proxy first tries to graceful shut down the TCP server) |
207210
| `-socketpath` | `SP_SOCKETPATH` | `/var/run/docker.sock` | Specifies the UNIX socket path to connect to. By default, it connects to the Docker daemon socket. |
208211
| `-stoponwatchdog` | `SP_STOPONWATCHDOG` | (not set/false) | If set, socket-proxy will be stopped if the watchdog detects that the unix socket is not available. |
209-
| `-watchdoginterval` | `SP_WATCHDOGINTERVAL` | `0` | Check for socket availabibity every x seconds (disable checks, if not set or value is 0) |
212+
| `-watchdoginterval` | `SP_WATCHDOGINTERVAL` | `0` | Check for socket availability every x seconds (disable checks, if not set or value is 0) |
210213
| `-proxysocketendpoint` | `SP_PROXYSOCKETENDPOINT` | (not set) | Proxy to the given unix socket instead of a TCP port |
211214
| `-proxysocketendpointfilemode` | `SP_PROXYSOCKETENDPOINTFILEMODE` | `0600` | Explicitly set the file mode for the filtered unix socket endpoint (only useful with `-proxysocketendpoint`) |
212215

@@ -232,6 +235,8 @@ socket-proxy can be configured via command line parameters or via environment va
232235

233236
1.9 - add IPv6 support to `-listenip` (thanks [@op3](https://github.com/op3))
234237

238+
1.10 - fix socket file mode (thanks [@amanda-wee](https://github.com/amanda-wee)), optimize build actions (thanks [@reneleonhardt](https://github.com/reneleonhardt))
239+
235240
## License
236241
This project is licensed under the MIT License – see the [LICENSE](LICENSE) file for details.
237242

examples/docker-compose/dozzle/compose.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ services:
2424
- docker-proxynet
2525

2626
dozzle:
27-
image: amir20/dozzle:v6.4.2 # make sure you use the most recent version
27+
image: amir20/dozzle:v8.14 # make sure you use the most recent version
2828
user: 65534:65534
2929
read_only: true
3030
mem_limit: 256M

internal/config/config.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ var (
2727
defaultWatchdogInterval = uint(0) // watchdog interval in seconds (0 to disable)
2828
defaultStopOnWatchdog = false // set to true to stop the program when the socket gets unavailable (otherwise log only)
2929
defaultProxySocketEndpoint = "" // empty string means no socket listener, but regular TCP listener
30-
defaultProxySocketEndpointFileMode = uint(0o400) // set the file mode of the unix socket endpoint
30+
defaultProxySocketEndpointFileMode = uint(0o600) // set the file mode of the unix socket endpoint
3131
defaultAllowBindMountFrom = "" // empty string means no bind mount restrictions
3232
)
3333

0 commit comments

Comments
 (0)