Skip to content
This repository has been archived by the owner on Apr 25, 2019. It is now read-only.


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time


Build Status Doc Status codecov Go Report Card FOSSA Status

⚠️ Deprecation ⚠️

I no longer maintain this repository, I've switched to deploy which provide a true support of all docker-compose features, with Portainer as monitoring GUI.

Docker infrastructure management with security and simplicity as goals. It allows to list all containers on a daemon, start / stop / restart / monitor each one and deploy docker-compose app with limited volumes. Every action is available from Mobile-ready UI or API.

List all your containers

View detailed informations about containers, start / stop / restart them.

Getting Started


  • Traefik ready
  • Github OAuth / Basic Login
  • Deploy without downtime
  • Full TLS support
  • Opentracing with Jaeger
  • Prometheus monitoring
  • Rollbar error reporting
  • Read-only containers


Docker's images are available, vibioh/dashboard-ui and vibioh/dashboard-api, and a docker-compose.yml generator. Everything is almost configured, you only have to tweak domain's name, mainly configured for being used with traefik, and adjust some secrets.

For generating docker-compose, use cmd/compose/compose.go tools provided :

Usage of cmd/compose.go:
      Basic auth
  -domain string
      Domain name (default "")
  -environment string
      Environment (default "prod")
      Expose opened ports
      Github logging (default true)
      Enable mailer (default true)
      Rollbar error reporting (default true)
      Selenium container
  -tag string
      Docker tag used
      TLS for all containers (default true)
      Enable opentracing (default true)
      Traefik load-balancer (default true)
      Enable docker user default
  -users string
      Allowed users list (default "admin:admin")
  -version string
      Docker image version


By default, your origin domain name has to start with dashboard (e.g. in order to allow websockets to work. You can override it by setting -ws option to the API server.


You have to configure roles by setting -users on the API server with the following format:


Username must match with the authentification providers (see next section).

Role can be admin, multi or anything else.

  • admin : Have all rights, can view all containers and can deploy multiple apps.
  • multi : View only his containers (labeled with his name) and can deploy multiples apps.
  • others : View only his containers (labeled with his name) and can deploy only one app (erase all previously deployed containers)


Authentification has been externalized into its own services in vibioh/auth. Check out documentation of this project for configuring authentification for Dashboard.

GitHub OAuth Provider

Create your OAuth app on GitHub interface. The authorization callback URL must be in the form of https://[URL_OF_DASHBOARD]/auth/github.

Email notification

Email notification has been externalized into its own services in vibioh/mailer. Check out documentation of this project for configuring email notification for Dashboard.


When deploying, images are pulled and all services are started. After successful deploy, old images are removed, if possible, from docker host in order to free up disk space. An email notification is sent if service has been configured.


At deploy time, if the new containers have HEALTHCHECK, dashboard will wait during at most 5 minutes for an healthy status. When all containers with healthcheck are healthy, old containers are stopped and removed. Load-balancer with Docker's healthcheck (e.g. traefik) will handle route change without downtime based on that healthcheck.

If no healthcheck is provided, dashboard doesn't know if your container is ready for business, so it's a simple launch new containers then destroy old containers, without waiting time.

If you don't have an healthcheck on your container, check vibioh/httputils for having a simple HTTP Client that request the defined endpoint with alcotest.


Prometheus is embed in every service to monitor basic Golang metrics. Data are available on the /metrics endpoint.


Opentracing is embed in every service to trace incoming (except for healhtcheck and metrics) or outcoming request. Jaeger is used as tracing implementation and configurable via CLI of each service.

Error reporting

Rollbar is embed in every service to report every error. Token, environment and server root are configurable vie CLI of each service.

Deploy notification

While deploying, Dashboard can also send deploy notification after successful deploy. You have to provide following query parameters :

  • rollbar_token Rollbar token allowed to send deploy notification
  • user User at the origin of deploy
  • revision Git sha1 of current version
  • environment Environment deployed

Another Docker Infrastructure Manager ?

Why creating another infrastructure manager when Rancher or Portainer exists ?

Because :

  • I have only one server, setup should be easy
  • I want people to deploy on my server but I don't want them to use too much ressources, quota of containers has to be defined
  • I want people to deploy containers without fear for my server security or disk space
  • I want people to deploy containers easily with a simple curl command, from CI
  • I want people to be able to manage theirs containers by their own (lifecycle, configuration, monitoring, logs, etc.) without granting ssh access

And, maybe, I want to have fun with golang and ReactJS 🙄 😏

Why with limited volumes ?

First goal of this tool was to be available for students to deploy containers on my own server. Trust doesn't mean no control and if a student mounts a too critical volumes (e.g. /) with a root user, he can potentially become root on the server, which for some obvious reasons I don't want ! So volumes are not allowed if you're not an admin, and some security options are setted by default.



In order to build the server stuff, run the following command.


It will compile API server.

Usage of dashboard:
      [auth] Disable auth
  -authUrl string
      [auth] Auth URL, if remote
  -authUsers string
      [auth] List of allowed users and profiles (e.g. user:profile1|profile2,user2:profile3)
      [cors] Access-Control-Allow-Credentials
  -corsExpose string
      [cors] Access-Control-Expose-Headers
  -corsHeaders string
      [cors] Access-Control-Allow-Headers (default "Content-Type")
  -corsMethods string
      [cors] Access-Control-Allow-Methods (default "GET")
  -corsOrigin string
      [cors] Access-Control-Allow-Origin (default "*")
  -csp string
      [owasp] Content-Security-Policy (default "default-src 'self'; base-uri 'self'")
  -dockerAppURL string
      [deploy] Application web URL (default "")
  -dockerContainerUser string
      [deploy] Default container user (default "1000")
  -dockerHost string
      [docker] Host (default "unix:///var/run/docker.sock")
  -dockerNetwork string
      [deploy] Default Network (default "traefik")
  -dockerNotification string
      [deploy] Send email notification when deploy ends (possibles values ares "never", "onError", "all") (default "onError")
  -dockerTag string
      [deploy] Default image tag) (default "latest")
  -dockerVersion string
      [docker] API Version
  -dockerWs string
      [stream] Allowed WebSocket Origin pattern (default "^dashboard")
  -frameOptions string
      [owasp] X-Frame-Options (default "deny")
      [owasp] Indicate Strict Transport Security (default true)
  -mailerPass string
      [mailer] Mailer Pass
  -mailerURL string
      [mailer] Mailer URL (default "")
  -mailerUser string
      [mailer] Mailer User
  -port int
      Listen port (default 1080)
  -prometheusPath string
      [prometheus] Path for exposing metrics (default "/metrics")
  -rollbarEnv string
      [rollbar] Environment (default "prod")
  -rollbarServerRoot string
      [rollbar] Server Root
  -rollbarToken string
      [rollbar] Token
      Serve TLS content (default true)
  -tlsCert string
      [tls] PEM Certificate file
  -tlsHosts string
      [tls] Self-signed certificate hosts, comma separated (default "localhost")
  -tlsKey string
      [tls] PEM Key file
  -tlsOrganization string
      [tls] Self-signed certificate organization (default "ViBiOh")
  -tracingAgent string
      [opentracing] Jaeger Agent (e.g. host:port) (default "jaeger:6831")
  -tracingName string
      [opentracing] Service name
  -url string
      [health] URL to check
  -userAgent string
      [health] User-Agent for check (default "Golang alcotest")


In order to build the front stuff, run the following command:

npm i
npm run build

Local run

make start-deps
./bin/compose -authBasic -domain=:1080 -expose -mailer=false -github=false -tls=false -traefik=false > docker-compose.local.yml
export ADMIN_PASSWORD=`bcrypt password`
docker-compose -p dashboard -f docker-compose.local.yml up -d


FOSSA Status