Fix some bugs, add network whitelisting, start on documentation

README.md

@@ -0,0 +1,40 @@
+# Docker Socket Proxy
+
+## Description
+I wanted an easy/simple and secure way to use Traefik in my homelab without giving it free reign over my host machine and the Docker socket.  This project is a WIP where I am testing out some concepts and ideas.
+
+## Getting Started
+First build and run the proxy.
+
+```shell
+cd proxy
+go run main.go # You may need sudo to connect to /var/run/docker.sock
+```
+
+Now try it out!  Traefik uses pinned API version routes so first get the version:
+```shell
+$ export DOCKER_API_VERSION=v$(curl localhost:8000/version | jq -r '.ApiVersion')
+$ echo $DOCKER_API_VERSION
+1.49
+```
+
+Now make some requests
+```shell
+# List containers (Allowed)
+$ curl localhost:8000/v$DOCKER_API_VERSION/containers/json | jq 
+
+# Be sure to replace the below container ids with a valid one when testing.
+# Stop a running container (Allowed)
+$ curl -X POST localhost:8000/$DOCKER_API_VERSION/containers/52812bebe72b45cbe960babc2e3ff43a21bf9dd6c29ce9462ed39ec3c4e31072/stop
+
+# Start a container (Allowed)
+$ curl -X POST localhost:8000/$DOCKER_API_VERSION/containers/52812bebe72b45cbe960babc2e3ff43a21bf9dd6c29ce9462ed39ec3c4e31072/start
+```
+
+Now try something sneaky like creating a new network:
+```shell
+$ curl -X POST localhost:8000/$DOCKER_API_VERSION/networks/create -H 'content-type: application/json' -d @example-payloads/network.json
+Forbidden
+ ```
+
+See the full code for the list of routes that are allowed.  Any not in the allow list are blocked by default.