Docker infrastructure management with security and simplicity as goals. It allows to list all containers on a
daemon, start / stop / restart / monitor each one and deploy
docker-compose app with limited volumes. Every action is available from Mobile-ready UI or API.
List all your containers
View detailed informations about containers, start / stop / restart them.
- Traefik ready
- Github OAuth / Basic Login
- Deploy without downtime
- Full TLS support
- Opentracing with Jaeger
- Prometheus monitoring
- Rollbar error reporting
- Read-only containers
Docker's images are available,
vibioh/dashboard-api, and a
docker-compose.yml generator. Everything is almost configured, you only have to tweak domain's name, mainly configured for being used with traefik, and adjust some secrets.
cmd/compose/compose.go tools provided :
Usage of cmd/compose.go: -authBasic Basic auth -domain string Domain name (default "vibioh.fr") -environment string Environment (default "prod") -expose Expose opened ports -github Github logging (default true) -mailer Enable mailer (default true) -rollbar Rollbar error reporting (default true) -selenium Selenium container -tag string Docker tag used -tls TLS for all containers (default true) -tracing Enable opentracing (default true) -traefik Traefik load-balancer (default true) -user Enable docker user default -users string Allowed users list (default "admin:admin") -version string Docker image version
By default, your origin domain name has to start with
dashboard (e.g. dashboard-api.vibioh.fr) in order to allow websockets to work. You can override it by setting
-ws option to the API server.
You have to configure roles by setting
-users on the API server with the following format:
Username must match with the authentification providers (see next section).
Role can be
multi or anything else.
admin: Have all rights, can view all containers and can deploy multiple apps.
multi: View only his containers (labeled with his name) and can deploy multiples apps.
- others : View only his containers (labeled with his name) and can deploy only one app (erase all previously deployed containers)
Authentification has been externalized into its own services in vibioh/auth. Check out documentation of this project for configuring authentification for Dashboard.
GitHub OAuth Provider
Create your OAuth app on GitHub interface. The authorization callback URL must be in the form of
Email notification has been externalized into its own services in vibioh/mailer. Check out documentation of this project for configuring email notification for Dashboard.
When deploying, images are pulled and all services are started. After successful deploy, old images are removed, if possible, from docker host in order to free up disk space. An email notification is sent if service has been configured.
At deploy time, if the new containers have
dashboard will wait during at most 5 minutes for an
healthy status. When all containers with
healthcheck are healthy, old containers are stopped and removed. Load-balancer with Docker's healthcheck (e.g. traefik) will handle route change without downtime based on that healthcheck.
If no healthcheck is provided,
dashboard doesn't know if your container is ready for business, so it's a simple launch new containers then destroy old containers, without waiting time.
If you don't have an healthcheck on your container, check vibioh/httputils for having a simple HTTP Client that request the defined endpoint with
Prometheus is embed in every service to monitor basic Golang metrics. Data are available on the
Rollbar is embed in every service to report every error. Token, environment and server root are configurable vie CLI of each service.
While deploying, Dashboard can also send deploy notification after successful deploy. You have to provide following query parameters :
rollbar_tokenRollbar token allowed to send deploy notification
userUser at the origin of deploy
revisionGit sha1 of current version
Another Docker Infrastructure Manager ?
Why creating another infrastructure manager when Rancher or Portainer exists ?
- I have only one server, setup should be easy
- I want people to deploy on my server but I don't want them to use too much ressources, quota of containers has to be defined
- I want people to deploy containers without fear for my server security or disk space
- I want people to deploy containers easily with a simple
curlcommand, from CI
- I want people to be able to manage theirs containers by their own (lifecycle, configuration, monitoring, logs, etc.) without granting ssh access
And, maybe, I want to have fun with
Why with limited volumes ?
First goal of this tool was to be available for students to deploy containers on my own server. Trust doesn't mean no control and if a student mounts a too critical volumes (e.g.
/) with a
root user, he can potentially become
root on the server, which for some obvious reasons I don't want ! So volumes are not allowed if you're not an admin, and some security options are setted by default.
In order to build the server stuff, run the following command.
It will compile API server.
Usage of dashboard: -authDisable [auth] Disable auth -authUrl string [auth] Auth URL, if remote -authUsers string [auth] List of allowed users and profiles (e.g. user:profile1|profile2,user2:profile3) -corsCredentials [cors] Access-Control-Allow-Credentials -corsExpose string [cors] Access-Control-Expose-Headers -corsHeaders string [cors] Access-Control-Allow-Headers (default "Content-Type") -corsMethods string [cors] Access-Control-Allow-Methods (default "GET") -corsOrigin string [cors] Access-Control-Allow-Origin (default "*") -csp string [owasp] Content-Security-Policy (default "default-src 'self'; base-uri 'self'") -dockerAppURL string [deploy] Application web URL (default "https://dashboard.vibioh.fr") -dockerContainerUser string [deploy] Default container user (default "1000") -dockerHost string [docker] Host (default "unix:///var/run/docker.sock") -dockerNetwork string [deploy] Default Network (default "traefik") -dockerNotification string [deploy] Send email notification when deploy ends (possibles values ares "never", "onError", "all") (default "onError") -dockerTag string [deploy] Default image tag) (default "latest") -dockerVersion string [docker] API Version -dockerWs string [stream] Allowed WebSocket Origin pattern (default "^dashboard") -frameOptions string [owasp] X-Frame-Options (default "deny") -hsts [owasp] Indicate Strict Transport Security (default true) -mailerPass string [mailer] Mailer Pass -mailerURL string [mailer] Mailer URL (default "https://mailer.vibioh.fr") -mailerUser string [mailer] Mailer User -port int Listen port (default 1080) -prometheusPath string [prometheus] Path for exposing metrics (default "/metrics") -rollbarEnv string [rollbar] Environment (default "prod") -rollbarServerRoot string [rollbar] Server Root -rollbarToken string [rollbar] Token -tls Serve TLS content (default true) -tlsCert string [tls] PEM Certificate file -tlsHosts string [tls] Self-signed certificate hosts, comma separated (default "localhost") -tlsKey string [tls] PEM Key file -tlsOrganization string [tls] Self-signed certificate organization (default "ViBiOh") -tracingAgent string [opentracing] Jaeger Agent (e.g. host:port) (default "jaeger:6831") -tracingName string [opentracing] Service name -url string [health] URL to check -userAgent string [health] User-Agent for check (default "Golang alcotest")
In order to build the front stuff, run the following command:
npm i npm run build
make start-deps ./bin/compose -authBasic -domain=:1080 -expose -mailer=false -github=false -tls=false -traefik=false > docker-compose.local.yml export ADMIN_PASSWORD=`bcrypt password` docker-compose -p dashboard -f docker-compose.local.yml up -d