-
Notifications
You must be signed in to change notification settings - Fork 76
Architecture
This page provides an overview of DockMon's system architecture, technology stack, and how the various components work together.
DockMon is a self-hosted Docker container monitoring and management platform. It runs as a single all-in-one Docker container that includes everything needed to monitor and manage your Docker infrastructure.
Key Capabilities:
- Monitor containers across unlimited Docker hosts (local, remote via mTLS, or agent-based)
- Real-time dashboard with WebSocket updates (CPU, memory, network stats)
- Intelligent auto-restart with configurable retry logic
- Container updates with multiple strategies (exact, patch, minor, latest tags)
- Advanced alerting (Discord, Slack, Telegram, Pushover, Gotify, ntfy, SMTP)
- Container deployments (Docker Run or Docker Compose with templates)
- HTTP/HTTPS health checks with auto-restart on failure
- Container tagging and bulk operations
┌────────────────────────────────────────────────────────────────┐
│ DockMon Container │
│ │
│ ┌──────────────┐ │
│ │ Nginx :443 │ ← TLS termination, serves React SPA │
│ └──────┬───────┘ │
│ │ │
│ ├─→ Static files (React frontend) │
│ └─→ /api/* → Python backend │
│ │
│ ┌─────────────────────────────────────────────────────────┐ │
│ │ Python Backend (FastAPI) │ │
│ │ │ │
│ │ • REST API for all operations │ │
│ │ • WebSocket for real-time updates │ │
│ │ • Docker SDK for container management │ │
│ │ • Alert evaluation and notification dispatch │ │
│ │ • Event logging and audit trail │ │
│ └─────────────────────────────────────────────────────────┘ │
│ │
│ ┌─────────────────────────────────────────────────────────┐ │
│ │ Go Stats Service │ │
│ │ │ │
│ │ • Collects real-time container stats (CPU, mem, net) │ │
│ │ • WebSocket broadcaster for live metrics │ │
│ │ • Event aggregation and caching │ │
│ └─────────────────────────────────────────────────────────┘ │
│ │
│ ┌─────────────────────────────────────────────────────────┐ │
│ │ SQLite Database │ │
│ │ │ │
│ │ • Hosts, containers, events, settings │ │
│ │ • Alert rules and notification configs │ │
│ │ • Deployment templates │ │
│ └─────────────────────────────────────────────────────────┘ │
│ │
│ (All processes managed by Supervisor) │
└────────────────────────────────────────────────────────────────┘
│ │
▼ ▼
┌──────────────────┐ ┌──────────────────────┐
│ Local Docker │ │ Remote Docker Hosts │
│ Socket │ │ │
│ │ │ • mTLS connection │
│ │ │ • DockMon Agent │
└──────────────────┘ └──────────────────────┘
| Connection | Purpose |
|---|---|
| Frontend ↔ Backend | REST API for operations, WebSocket for real-time updates |
| Frontend ↔ Stats Service | WebSocket for live CPU/memory/network metrics |
| Backend ↔ Docker | Python Docker SDK (local socket or mTLS for remote) |
| Backend ↔ Agent | WebSocket for agent-based remote hosts |
DockMon supports three methods for connecting to Docker hosts:
Direct connection to the Docker socket mounted into the container.
DockMon Container
│
└─→ /var/run/docker.sock
Best for: The host where DockMon itself is running.
Secure TLS connection directly to a remote Docker daemon.
DockMon Container
│
└─→ TCP :2376 (mTLS) ─→ Remote Docker Daemon
Best for: Servers where you can configure Docker to accept remote connections.
Requirements:
- Docker daemon configured with TLS
- CA certificate, client certificate, and client key
- Network access to port 2376
Lightweight Go agent that runs on the remote host and connects back to DockMon.
DockMon Container Remote Host
│ │
│ ←──── WebSocket ────────────────── │
│ │
│ ┌───────┴───────┐
│ │ DockMon Agent │
│ │ │ │
│ │ ▼ │
│ │ Docker Socket │
│ └───────────────┘
Best for:
- Hosts behind firewalls (agent connects outbound)
- Environments where exposing Docker remotely isn't possible
- Simpler setup (no mTLS certificates to manage)
Agent deployment options:
- Docker container (recommended)
- System service (systemd)
| Component | Technology |
|---|---|
| Framework | Python FastAPI (async) |
| Database | SQLite with SQLAlchemy |
| Migrations | Alembic |
| Docker Integration | Python Docker SDK |
| Authentication | Session-based with bcrypt |
| Encryption | Fernet (for stored credentials) |
| Component | Technology |
|---|---|
| Framework | React 18 with TypeScript |
| Build Tool | Vite |
| Routing | React Router |
| Server State | TanStack Query (React Query) |
| UI Components | shadcn/ui (Radix primitives) |
| Styling | Tailwind CSS |
| Tables | TanStack Table |
| Dashboard Layout | React Grid Layout |
| Service | Purpose |
|---|---|
| Stats Service | Real-time metrics collection, WebSocket broadcasting, and (optional) historical stats persistence with cascade-tier downsampling |
| Compose Service | Docker Compose deployment, image pull progress, port-conflict validation |
| Agent | Remote host monitoring with Docker access; dual-sends stats to backend (live) and stats-service (historical) |
| Component | Technology |
|---|---|
| Container Base | Alpine Linux |
| Web Server | Nginx (TLS termination, reverse proxy) |
| Process Manager | Supervisor |
| TLS | OpenSSL 3.x |
DockMon uses SQLite for all persistent data storage. The database is stored at /app/data/dockmon.db inside the container (mapped to your data volume).
| Data Type | Description |
|---|---|
| Hosts | Docker host configurations and connection details |
| Containers | Container metadata, state history, configuration |
| Events | Comprehensive audit trail of all actions |
| Alert Rules | Alert conditions and thresholds |
| Notifications | Notification channel configurations |
| Settings | Global and per-container settings |
| Deployments | Deployment history and templates |
| Users | User accounts and sessions |
| Stats History | Time-series CPU/memory/network metrics (host and container), in cascade tiers — only populated when historical stats persistence is enabled in Settings |
All data is stored in the /app/data volume:
-
dockmon.db- SQLite database -
certificates/- TLS certificates for remote hosts -
logs/- Application logs (if file logging enabled)
Backup: Simply backup the data volume to preserve all DockMon data.
DockMon uses WebSocket connections for real-time updates:
Provides live container metrics:
- CPU usage percentage
- Memory usage and limits
- Network I/O (bytes in/out)
- Block I/O (read/write)
Updates are pushed every few seconds for active containers.
When historical stats persistence is enabled in Settings, the same stats are also written to the stats-service's persistence layer in the background, in cascade tiers (most recent at full resolution, older data progressively downsampled). The host and container modals query this history via a separate HTTP endpoint to render charts at user-selected time ranges (5m to 90d).
Provides real-time event notifications:
- Container state changes (start, stop, die, etc.)
- Update progress
- Alert triggers
- System events
- Session-based authentication with secure cookies
- Passwords hashed with bcrypt
- Rate limiting on login attempts
- All connections use TLS (HTTPS)
- mTLS for remote Docker connections
- Agent connections use secure WebSocket (WSS)
- Sensitive data (passwords, API keys) encrypted at rest with Fernet
- Certificates stored encrypted in database
- No plaintext secrets in logs
- Read-only Docker socket mount (recommended)
- Principle of least privilege for operations
DockMon is designed for small to medium deployments:
| Metric | Tested Capacity |
|---|---|
| Docker Hosts | 50+ hosts |
| Containers | 500+ containers |
| Concurrent Users | 20+ users |
- Efficient WebSocket broadcasting
- In-memory caching for frequently accessed data
- Lazy loading of container details
- Virtual scrolling for large container lists
- Optimized database queries with indexes
DockMon itself is lightweight:
- ~100-200MB memory typical
- Minimal CPU when idle
- Database grows with event history (configurable retention)
- Installation - Getting DockMon up and running
- Managing Hosts - Adding and configuring Docker hosts
- Remote Docker Setup - Detailed remote host configuration
- Security Guide - Security best practices
Last updated: December 2024
Getting Started
User Guide
- Dashboard
- Managing Hosts
- Container Operations
- Container Tagging
- Bulk Operations
- Stacks
- Auto-Restart
- Event Viewer
- Container Logs
Configuration
- Alert Rules
- Notifications
- Blackout Windows
- Automatic Updates
- Private Registry Credentials
- Health Checks
- Settings
Remote Monitoring
Access Control
Advanced
Development
Help