Skip to content

v1.10.0 #63

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Oct 1, 2025
Merged

v1.10.0 #63

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
a81f85b
chore: update dependencies
reneleonhardt Sep 13, 2025
4e99b70
use 0600 as default proxy socket endpoint file mode
amanda-wee Sep 30, 2025
1c7b76d
pin dozzle minor version instead of using 'latest' tag
wollomatic Sep 30, 2025
093f6fb
Merge pull request #61 from reneleonhardt/chore/update-dependencies
wollomatic Sep 30, 2025
a93eed3
Merge pull request #62 from amanda-wee/update-proxysocketendpointfile…
wollomatic Sep 30, 2025
5a199fa
prepare README for 1.10.0
wollomatic Oct 1, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 6 additions & 2 deletions .dockerignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,6 @@
.github
examples/
*

!cmd
!internal
!go.mod
!LICENSE
10 changes: 9 additions & 1 deletion .github/dependabot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,18 @@
# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
# https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference

version: 2
updates:
- package-ecosystem: "docker"
directory: "/"
schedule:
interval: "weekly"
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
- package-ecosystem: "gomod" # See documentation for possible values
directory: "/" # Location of package manifests
schedule:
Expand Down
12 changes: 6 additions & 6 deletions .github/workflows/docker-image-release.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,17 +17,17 @@ jobs:

steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v5

- name: Run Gosec Security Scanner
uses: securego/gosec@master
with:
args: ./...

- name: Set up Go
uses: actions/setup-go@v5
uses: actions/setup-go@v6
with:
go-version: '1.24.5'
go-version: '1.25'

- name: Run Go tests
run: go test ./...
Expand All @@ -37,9 +37,9 @@ jobs:
run: echo "VERSION=${GITHUB_REF#refs/tags/}" >> "$GITHUB_OUTPUT"

- name: Install Cosign
uses: sigstore/cosign-installer@v3.9.2
uses: sigstore/cosign-installer@v3.10.0
with:
cosign-release: 'v2.5.3'
cosign-release: 'v2.6.0'

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
Expand Down Expand Up @@ -91,4 +91,4 @@ jobs:
run: cosign sign --yes --recursive --key env://COSIGN_PRIVATE_KEY ghcr.io/wollomatic/socket-proxy:${{ steps.get_tag.outputs.VERSION }}@${{ steps.push-ghcr.outputs.digest }}
env:
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
16 changes: 8 additions & 8 deletions .github/workflows/docker-image-testing.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,25 +18,25 @@ jobs:

steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v5

- name: Run Gosec Security Scanner
uses: securego/gosec@master
with:
args: ./...

- name: Set up Go
uses: actions/setup-go@v5
uses: actions/setup-go@v6
with:
go-version: '1.24.5'
go-version: '1.25'

- name: Run Go tests
run: go test ./...

# - name: Install Cosign
# uses: sigstore/cosign-installer@v3.9.2
# uses: sigstore/cosign-installer@v3.10.0
# with:
# cosign-release: 'v2.5.3'
# cosign-release: 'v2.6.0'

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
Expand Down Expand Up @@ -69,7 +69,7 @@ jobs:
ghcr.io/wollomatic/socket-proxy:testing-${{ github.sha }}

# - name: Build and push Docker Hub image
# uses: docker/build-push-action@v5
# uses: docker/build-push-action@v6
# id: push-dockerhub
# with:
# context: .
Expand All @@ -87,7 +87,7 @@ jobs:
# COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
#
# - name: Build and push GHCR image
# uses: docker/build-push-action@v5
# uses: docker/build-push-action@v6
# id: push-ghcr
# with:
# context: .
Expand All @@ -102,4 +102,4 @@ jobs:
# run: cosign sign --yes --recursive --key env://COSIGN_PRIVATE_KEY ghcr.io/wollomatic/socket-proxy:testing-${{ github.sha }}@${{ steps.push-ghcr.outputs.digest }}
# env:
# COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
# COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
# COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
2 changes: 1 addition & 1 deletion Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# syntax=docker/dockerfile:1
FROM --platform=$BUILDPLATFORM golang:1.25.0-alpine3.22 AS build
FROM --platform=$BUILDPLATFORM golang:1.25.1-alpine3.22 AS build
WORKDIR /application
COPY . ./
ARG TARGETOS
Expand Down
13 changes: 9 additions & 4 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# socket-proxy

## Latest image
- `wollomatic/socket-proxy:1.9.0` / `ghcr.io/wollomatic/socket-proxy:1.9.0`
- `wollomatic/socket-proxy:1.10.0` / `ghcr.io/wollomatic/socket-proxy:1.10.0`
- `wollomatic/socket-proxy:1` / `ghcr.io/wollomatic/socket-proxy:1`

## About
Expand Down Expand Up @@ -33,7 +33,7 @@ You should know what you are doing. Never expose socket-proxy to a public networ
The container image is available on [Docker Hub (wollomatic/socket-proxy)](https://hub.docker.com/r/wollomatic/socket-proxy)
and on the [GitHub Container Registry (ghcr.io/wollomatic/socket-proxy)](https://github.com/wollomatic/socket-proxy/pkgs/container/socket-proxy).

To pin one specific version, use the version tag (for example, `wollomatic/socket-proxy:1.9.0` or `ghcr.io/wollomatic/socket-proxy:1.9.0`).
To pin one specific version, use the version tag (for example, `wollomatic/socket-proxy:1.10.0` or `ghcr.io/wollomatic/socket-proxy:1.10.0`).
To always use the most recent version, use the `1` tag (`wollomatic/socket-proxy:1` or `ghcr.io/wollomatic/socket-proxy:1`). This tag will be valid as long as there is no breaking change in the deployment.

There may be an additional docker image with the `testing`-tag. This image is only for testing. Likely, documentation for the `testing` image could only be found in the GitHub commit messages. It is not recommended to use the `testing` image in production.
Expand All @@ -59,6 +59,9 @@ This will also disable the TCP listener.

For example `-proxysocketendpoint=/tmp/filtered-socket.sock`

> [!NOTE]
> Versions prior to 1.10.0 of socket-proxy set the default file permissions of the Unix socket to 0400, instead of 0600 as stated in the documentation.

#### Setting up the IP address or hostname allowlist

Per default, only `127.0.0.1/32` is allowed to connect to socket-proxy. You may want to set another allowlist with the `-allowfrom` parameter, depending on your needs.
Expand Down Expand Up @@ -192,7 +195,7 @@ To log the API calls of the client application, set the log level to `DEBUG` and

### all parameters and environment variables

socket-proxy can be configured via command line parameters or via environment variables. If both command line parameter and environment variables are set, the environment variable will be ignored.
socket-proxy can be configured via command line parameters or via environment variables. If both command line parameters and environment variables are set, the environment variable will be ignored.

| Parameter | Environment Variable | Default Value | Description |
|--------------------------------|----------------------------------|------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
Expand All @@ -206,7 +209,7 @@ socket-proxy can be configured via command line parameters or via environment va
| `-shutdowngracetime` | `SP_SHUTDOWNGRACETIME` | `10` | Defines the time in seconds to wait before forcing the shutdown after sigtern or sigint (socket-proxy first tries to graceful shut down the TCP server) |
| `-socketpath` | `SP_SOCKETPATH` | `/var/run/docker.sock` | Specifies the UNIX socket path to connect to. By default, it connects to the Docker daemon socket. |
| `-stoponwatchdog` | `SP_STOPONWATCHDOG` | (not set/false) | If set, socket-proxy will be stopped if the watchdog detects that the unix socket is not available. |
| `-watchdoginterval` | `SP_WATCHDOGINTERVAL` | `0` | Check for socket availabibity every x seconds (disable checks, if not set or value is 0) |
| `-watchdoginterval` | `SP_WATCHDOGINTERVAL` | `0` | Check for socket availability every x seconds (disable checks, if not set or value is 0) |
| `-proxysocketendpoint` | `SP_PROXYSOCKETENDPOINT` | (not set) | Proxy to the given unix socket instead of a TCP port |
| `-proxysocketendpointfilemode` | `SP_PROXYSOCKETENDPOINTFILEMODE` | `0600` | Explicitly set the file mode for the filtered unix socket endpoint (only useful with `-proxysocketendpoint`) |

Expand All @@ -232,6 +235,8 @@ socket-proxy can be configured via command line parameters or via environment va

1.9 - add IPv6 support to `-listenip` (thanks [@op3](https://github.com/op3))

1.10 - fix socket file mode (thanks [@amanda-wee](https://github.com/amanda-wee)), optimize build actions (thanks [@reneleonhardt](https://github.com/reneleonhardt))

## License
This project is licensed under the MIT License – see the [LICENSE](LICENSE) file for details.

Expand Down
2 changes: 1 addition & 1 deletion examples/docker-compose/dozzle/compose.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ services:
- docker-proxynet

dozzle:
image: amir20/dozzle:v6.4.2 # make sure you use the most recent version
image: amir20/dozzle:v8.14 # make sure you use the most recent version
user: 65534:65534
read_only: true
mem_limit: 256M
Expand Down
2 changes: 1 addition & 1 deletion internal/config/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ var (
defaultWatchdogInterval = uint(0) // watchdog interval in seconds (0 to disable)
defaultStopOnWatchdog = false // set to true to stop the program when the socket gets unavailable (otherwise log only)
defaultProxySocketEndpoint = "" // empty string means no socket listener, but regular TCP listener
defaultProxySocketEndpointFileMode = uint(0o400) // set the file mode of the unix socket endpoint
defaultProxySocketEndpointFileMode = uint(0o600) // set the file mode of the unix socket endpoint
defaultAllowBindMountFrom = "" // empty string means no bind mount restrictions
)

Expand Down
Loading