{"id":45906087,"url":"https://github.com/towerforge/dock-sight","last_synced_at":"2026-04-11T23:11:45.800Z","repository":{"id":341104022,"uuid":"1147449077","full_name":"towerforge/dock-sight","owner":"towerforge","description":"Single-binary dashboard for host metrics (CPU, RAM, disk, network) and Docker service status","archived":false,"fork":false,"pushed_at":"2026-03-28T16:53:45.000Z","size":5383,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-28T18:32:10.675Z","etag":null,"topics":["containers","dashboard","devops","docker","infrastructure","monitoring","rust","self-hosted"],"latest_commit_sha":null,"homepage":"https://hub.docker.com/r/towerforge/dock-sight","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/towerforge.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-02-01T19:01:15.000Z","updated_at":"2026-03-28T16:53:08.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/towerforge/dock-sight","commit_stats":null,"previous_names":["towerforge/dock-sight"],"tags_count":22,"template":false,"template_full_name":null,"purl":"pkg:github/towerforge/dock-sight","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/towerforge%2Fdock-sight","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/towerforge%2Fdock-sight/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/towerforge%2Fdock-sight/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/towerforge%2Fdock-sight/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/towerforge","download_url":"https://codeload.github.com/towerforge/dock-sight/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/towerforge%2Fdock-sight/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31292639,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-01T21:15:39.731Z","status":"ssl_error","status_checked_at":"2026-04-01T21:15:34.046Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["containers","dashboard","devops","docker","infrastructure","monitoring","rust","self-hosted"],"created_at":"2026-02-28T02:57:10.086Z","updated_at":"2026-04-11T23:11:45.791Z","avatar_url":"https://github.com/towerforge.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\"frontend/public/logo.svg\" width=\"88\" alt=\"Dock Sight\" /\u003e\n\u003c/p\u003e\n\n\u003ch1 align=\"center\"\u003eDock Sight\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\n  Monitor your Docker infrastructure — services, host metrics, networks and volumes — from a single, self-hosted dashboard.\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/towerforge/dock-sight/releases/latest\"\u003e\u003cimg src=\"https://img.shields.io/github/v/release/towerforge/dock-sight?style=flat-square\u0026color=6d28d9\" alt=\"Latest release\" /\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/towerforge/dock-sight/releases\"\u003e\u003cimg src=\"https://img.shields.io/github/downloads/towerforge/dock-sight/total?style=flat-square\u0026color=6d28d9\" alt=\"Downloads\" /\u003e\u003c/a\u003e\n  \u003ca href=\"https://hub.docker.com/r/towerforge/dock-sight\"\u003e\u003cimg src=\"https://img.shields.io/docker/pulls/towerforge/dock-sight?style=flat-square\u0026color=6d28d9\" alt=\"Docker Pulls\" /\u003e\u003c/a\u003e\n  \u003ca href=\"LICENSE\"\u003e\u003cimg src=\"https://img.shields.io/github/license/towerforge/dock-sight?style=flat-square\u0026color=6d28d9\" alt=\"License\" /\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cbr /\u003e\n\n![Demo](demo.gif)\n\n---\n\n## Overview\n\nDock Sight runs as a single binary and serves a real-time dashboard in your browser. No agents, no external dependencies, no cloud.\n\n| Area | What you get |\n|---|---|\n| **Host metrics** | CPU, RAM, disk and network usage with historical charts |\n| **Docker services** | Container status, resource consumption, per-service CPU/RAM/network charts, images and live logs. Scale, pause, delete and pull latest image directly from the dashboard |\n| **Networks** | Visual table of Docker networks with service distribution, health status and RX/TX rates. Create and delete networks from the dashboard |\n| **Volumes** | List all Docker volumes with size, mount point, disk usage and service grouping. Create and delete volumes from the dashboard |\n| **Registries** | Manage private DockerHub registries (create, list, delete) and use them when deploying new services |\n| **Users** | Multi-user access — create, delete and reset passwords for any user. All users have the same privileges |\n| **Security** | Brute-force protection per IP (blocked after 10 failed attempts in 15 min). Rate-limit state and login event log are persisted in SQLite and visible in Settings → Security |\n\n## Requirements\n\n- Docker Engine (required for Docker service views)\n- Linux x86_64 / ARM64 / ARMv7 / i686, or macOS Intel / Apple Silicon\n\n## Installation\n\n### Quick install\n\n```bash\ncurl -fsSL https://raw.githubusercontent.com/towerforge/dock-sight/main/install.sh | sh\n```\n\nDetects your platform and installs to `/usr/local/bin` (root) or `~/.local/bin` (non-root).\n\n### Manual download\n\nPre-built binaries are available on the [releases page](https://github.com/towerforge/dock-sight/releases/latest).\n\n| Platform | Package |\n|---|---|\n| Linux x86_64 (glibc) | `dock-sight-linux-x86_64.tar.gz` |\n| Linux x86_64 (static) | `dock-sight-linux-x86_64-musl.tar.gz` |\n| Linux ARM64 (glibc) | `dock-sight-linux-aarch64.tar.gz` |\n| Linux ARM64 (static) | `dock-sight-linux-aarch64-musl.tar.gz` |\n| Linux ARMv7 | `dock-sight-linux-armv7.tar.gz` |\n| Linux i686 | `dock-sight-linux-i686.tar.gz` |\n| macOS Intel | `dock-sight-macos-x86_64.tar.gz` |\n| macOS Apple Silicon | `dock-sight-macos-aarch64.tar.gz` |\n\n\u003e Use the **static** (`-musl`) variant on Alpine Linux or any system where glibc availability is uncertain.\n\n## Usage\n\n```\ndock-sight [OPTIONS]\n\nOptions:\n  -p, --port \u003cPORT\u003e   Port to listen on [default: 8080]\n      --dev           Enable development mode (disables auth middleware, enables CORS)\n  -h, --help          Print help\n  -V, --version       Print version\n```\n\nOpen [http://localhost:8080](http://localhost:8080) in your browser. On first launch you will be prompted to create the first user before the dashboard is accessible.\n\n### Environment variables\n\n| Variable | Default | Description |\n|---|---|---|\n| `DATA_DIR` | `.` | Directory where `dock-sight.db` is stored |\n| `SESSION_DURATION_HOURS` | `24` | How many hours a login session stays valid |\n| `SECURE_COOKIES` | `false` | Set to `true` to add the `Secure` flag to session cookies (recommended behind an HTTPS reverse proxy) |\n| `BACKEND_PORT` | `8080` | Port override (alternative to `--port`) |\n\n## Docker\n\n```bash\ndocker run -d \\\n  --name dock-sight \\\n  --restart unless-stopped \\\n  --network host \\\n  -v /var/run/docker.sock:/var/run/docker.sock \\\n  -v dock-sight-data:/data \\\n  -e DATA_DIR=/data \\\n  towerforge/dock-sight:latest\n```\n\n\u003e **`--network host` is strongly recommended.** With `-p 8080:8080` Docker's userland-proxy\n\u003e creates an internal TCP relay and the backend only ever sees `172.17.0.1` as the client address.\n\u003e `--network host` bypasses that relay so the real client IP is visible — which makes login\n\u003e event logging and brute-force rate-limiting work correctly.\n\u003e When using host networking, `-p` port mappings are not used; the app listens directly on port 8080 of the host.\n\nThe `-v dock-sight-data:/data` volume persists the SQLite database (users, registries, login history) across container recreations.\n\n\u003cdetails\u003e\n\u003csummary\u003edocker-compose (standalone)\u003c/summary\u003e\n\n```yaml\nservices:\n  dock-sight:\n    image: towerforge/dock-sight:latest\n    container_name: dock-sight\n    restart: unless-stopped\n    network_mode: host          # required for correct client-IP logging\n    volumes:\n      - /var/run/docker.sock:/var/run/docker.sock\n      - dock-sight-data:/data\n    environment:\n      - DATA_DIR=/data\n\nvolumes:\n  dock-sight-data:\n```\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003eDocker Swarm stack\u003c/summary\u003e\n\n`network_mode: host` is not available in Swarm mode. Use `mode: host` on the port instead —\nthis publishes the port directly on the node, bypassing the ingress routing mesh so the real\nclient IP reaches the container.\n\n```yaml\nservices:\n  dock-sight:\n    image: towerforge/dock-sight:latest\n    deploy:\n      replicas: 1\n      placement:\n        constraints:\n          - node.role == manager   # needs access to the Docker socket\n    ports:\n      - target: 8080\n        published: 8080\n        protocol: tcp\n        mode: host                 # bypasses ingress mesh → real client IP preserved\n    volumes:\n      - /var/run/docker.sock:/var/run/docker.sock\n      - dock-sight-data:/data\n    environment:\n      - DATA_DIR=/data\n\nvolumes:\n  dock-sight-data:\n```\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003esystemd (Linux)\u003c/summary\u003e\n\n```ini\n[Unit]\nDescription=Dock Sight\nAfter=network.target docker.service\n\n[Service]\nExecStart=/usr/local/bin/dock-sight --port 8080\nEnvironment=DATA_DIR=/etc/dock-sight\nRestart=always\n\n[Install]\nWantedBy=multi-user.target\n```\n\n\u003c/details\u003e\n\n## Behind a reverse proxy\n\nDock Sight can be exposed directly on a public port, but it is strongly recommended to place a reverse proxy (nginx, Caddy, Traefik…) in front of it to handle TLS. When you do, two things must be configured for everything to work correctly:\n\n**1. Forward the real client IP**\n\nThe brute-force protection and login event log rely on the client's IP address. When a proxy sits in front, the backend only sees `127.0.0.1` unless the proxy forwards the original IP via `X-Forwarded-For`. Without this, every failed login attempt is counted against the same address and the log becomes useless.\n\n\u003cdetails\u003e\n\u003csummary\u003enginx\u003c/summary\u003e\n\n```nginx\nlocation / {\n    proxy_pass         http://127.0.0.1:8080;\n    proxy_set_header   Host              $host;\n    proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;\n    proxy_set_header   X-Real-IP         $remote_addr;\n}\n```\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003eCaddy\u003c/summary\u003e\n\n```caddy\nreverse_proxy 127.0.0.1:8080 {\n    header_up X-Forwarded-For {remote_host}\n    header_up X-Real-IP       {remote_host}\n}\n```\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003eTraefik (Docker label)\u003c/summary\u003e\n\nTraefik passes `X-Forwarded-For` automatically when `forwardedHeaders` is enabled. Add this to your static config:\n\n```yaml\nentryPoints:\n  web:\n    forwardedHeaders:\n      insecure: true   # or restrict to trusted CIDRs with `trustedIPs`\n```\n\n\u003c/details\u003e\n\n**2. Enable secure cookies**\n\nSet the `SECURE_COOKIES=true` environment variable so that session cookies are flagged as `Secure` and are only sent over HTTPS:\n\n```bash\n-e SECURE_COOKIES=true\n```\n\n## Data persistence\n\nAll state is stored in a single SQLite database (`dock-sight.db`) in `DATA_DIR`:\n\n| Table | Contents |\n|---|---|\n| `users` | Usernames and hashed passwords |\n| `registries` | DockerHub registry credentials |\n| `login_attempts` | Active rate-limit counters per IP |\n| `login_events` | Login attempt history (last 50 shown in Settings → Security) |\n\n## Service grouping\n\nContainers are grouped by the `com.docker.swarm.service.name` label. Containers without this label appear under `standalone`.\n\n## License\n\nMIT — see [LICENSE](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftowerforge%2Fdock-sight","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftowerforge%2Fdock-sight","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftowerforge%2Fdock-sight/lists"}