Introduction

Welcome to the DockLog developer documentation. DockLog is a high-performance, real-time Docker container log viewer and observability tool built to give developer teams safe access to running application outputs.

Observability platforms are often heavy and require database backends, search indexing clusters, and multiple collection agents. DockLog is designed to be the exact opposite: a single container running directly on the host Docker socket, providing logs, statistics, and container commands instantly.

⚡ Ultra Lightweight Design

Built on a Go Echo framework with a pure Vue 3 frontend, DockLog starts in milliseconds and consumes under 30MB of memory on standard VPS instances.

Core Philosophy

Stateless by default: DockLog can run completely database-free using memory tables and env config variables.
Team security: Wildcard and regex filters limit developer visibilities, keeping production database details safe.
No indexing lag: WebSockets stream stdout and stderr outputs immediately as they are flushed by the container engine.

Docker Hub Overview

The published image is `aimldev/docklog:latest`. It ships DockLog as one self-contained container so you can start quickly without stitching together separate backend and frontend images.

Single-image deployment

One image contains the full application experience, which keeps deployment simple for local VPS setups and self-hosted environments.

Backend and frontend together

DockLog combines the Go backend, the Vue 3 UI, real-time streams, and configuration endpoints into the same shipped container.

RBAC and actions

The image is built for multi-user access, container filtering, and safe operational controls like start, stop, restart, and delete.

Audit and persistence

When auth mode is enabled, the image stores users and audit data locally in SQLite so the deployment stays under your control.

What this page adds from the Docker Hub listing

This docs page now calls out the image name, the single-container delivery model, and the “all-in-one” deployment approach that the public image is meant to provide.

Configuration & Quickstart

DockLog supports two main operational modes: Auth Mode (requires SQLite) and No-Auth Mode (runs database-free).

Option A: Auth Mode

Ideal for multi-user setups requiring access limits, audit logs, and JWT sessions.

yaml

version: "3.8"
services:
  docklog:
    image: aimldev/docklog:latest
    container_name: docklog
    ports:
      - "8888:8000"
    environment:
      - SECRET_KEY=your-secure-key-here
      - DB_PATH=/app/data/docklog.db
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./data:/app/data
    restart: unless-stopped

Option B: No-Auth Mode

Ideal for local developers who want instant dashboard access without log-in portals.

yaml

version: "3.8"
services:
  docklog:
    image: aimldev/docklog:latest
    container_name: docklog
    ports:
      - "8888:8000"
    environment:
      - DISABLE_AUTH=true
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    restart: unless-stopped

Interactive Config Builder

Use the builder tool below to configure your variables and copy the generated Compose file directly:

Docker Compose Builder

Configure your deployment settings interactively

Security Mode

Host Port Binding

JWT Secret Key

Generated docker-compose.yaml

yaml

version: "3.8"

services:
  docklog:
    image: aimldev/docklog:latest
    container_name: docklog
    ports:
      - "8888:8000"
    environment:
      - SECRET_KEY=generate-secret-here
      - DB_PATH=/app/data/docklog.db
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./data:/app/data
    restart: unless-stopped

💡 Save this text into a file named docker-compose.yaml on your server, then run docker compose up -d to spin up DockLog.

Environment Reference

Variable	Description	Default
DISABLE_AUTH	Disable authentication and bypass the login page. Sets DB to in-memory mode.	`false`
ALLOW_START	Permit container start actions inside No-Auth mode.	`true`
ALLOW_STOP	Permit container stop actions inside No-Auth mode.	`true`
ALLOW_RESTART	Permit container restart actions inside No-Auth mode.	`true`
ALLOW_DELETE	Permit removing containers inside No-Auth mode.	`true`
PORT	The internal port the Echo server listens on.	`8000`
SECRET_KEY	JWT encryption signing secret string.	`secret-key-change-this`
DB_PATH	Local destination of the writeable database.	`docklog.db`

🔒 External Exposure Warning

Running in No-Auth mode exposes container logs and telemetry metrics immediately to anyone loading the URL. If you expose this port publicly, restrict access using reverse proxy auth (like Nginx Basic Auth) or keep the service inside private/VPN subnets.

Reverse Proxy & SSL

DockLog works best behind a reverse proxy when you want HTTPS, a custom domain, or access controls in front of the app.

Nginx example

nginx

location / {
  proxy_pass http://127.0.0.1:8888;
  proxy_http_version 1.1;
  proxy_set_header Host $host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto $scheme;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection "Upgrade";
}

WebSocket support

Make sure your proxy forwards Upgrade headers so live log streaming does not drop when traffic passes through HTTPS.

HTTPS first

Put TLS termination in front of DockLog before exposing auth mode to a broader team or the public internet.

Header preservation

Keep Host, X-Forwarded-For, and X-Forwarded-Proto headers intact so logs, callbacks, and redirect behavior stay correct.

Security Hardening

Use this checklist when DockLog moves from a private lab install to a team-facing environment.

Protect the Docker socket

Only mount `docker.sock` on hosts you control, and assume the container has privileged access to the Docker daemon.

Rotate secrets regularly

Regenerate `SECRET_KEY` whenever you move the deployment or suspect it may have been exposed.

Keep auth mode private

For team use, hide the app behind VPN, SSO, or reverse-proxy auth before opening it to a wider audience.

Limit container actions

Use RBAC filters to restrict which staff members can restart or remove critical containers.

Forgotten Password Recovery

If an administrator forgets their login credentials, they can reset their password directly on the SQLite database using Docker commands. Since DockLog does not store credentials in external clouds, you must edit the local file.

⚠️ Host Terminal Access Required

This process requires server terminal access. Ensure you have the permissions to run commands inside Docker.

Step-by-step Reset Guide

Locate the Container ID:
Find your active DockLog container's running ID:
bash
```
docker ps | grep docklog
```
Open Container SQLite CLI:
Execute the SQLite interactive command shell directly inside your running container (replacing docklog with your container name/ID, and pointing to the mapped DB file, e.g. /app/data/docklog.db):
bash
```
docker exec -it docklog sqlite3 /app/data/docklog.db
```
Check Users Table:
Search your users table to find the target username. The default administrator is named admin:
sql
```
SELECT id, username, password_changed FROM users;
```
Update User Password:
You can update the password column using one of the following two options:
Option A: Reset to the default password (admin123)
Run this SQL update statement containing the pre-calculated bcrypt hash for the default password:
sql
```
UPDATE users SET password = '$2a$10$2.6QG/Jm7bJb6oU7Y7CReeA16.0OqS12c2.B3X9kS03Vz1.Vz21Yy', password_changed = 0 WHERE username = 'admin';
```
Option B: Generate and set a custom password
If you prefer to configure a custom password, generate its bcrypt hash on your host terminal (e.g. using Python):
bash
```
python3 -c "import bcrypt; print(bcrypt.hashpw(b'your_custom_password', bcrypt.gensalt()).decode('utf-8'))"
```
Then, use your generated hash inside the SQL update statement:
sql
```
UPDATE users SET password = 'YOUR_GENERATED_HASH_HERE', password_changed = 0 WHERE username = 'admin';
```
Exit SQLite:
Close the database tool:
sql
```
.exit
```

Alternative Method: Re-Seed Database

If there is no critical audit data or user profiles stored in your database, you can simply stop the container, delete the local file ./data/docklog.db, and start it again. DockLog will automatically initialize a fresh database and seed the default user admin with the password admin123.

Troubleshooting

These are the most common issues teams run into during first deploys and proxy-based setups.

Blank logs or no live updates

Confirm the Docker socket is mounted, verify the target containers are running, and make sure your proxy forwards WebSocket Upgrade headers.

Permission denied on actions

Review the user’s RBAC rules and confirm the Docker daemon is reachable from the container with the expected permissions.

Backup & Upgrade

DockLog keeps important state in the mapped data directory when auth mode is enabled. Back up that folder before upgrading or migrating hosts.

Backup the data directory

Archive `./data` regularly so your SQLite database, users, and audit records can be restored quickly after a migration.

Upgrade the image

Pull the latest image tag, recreate the container, and keep the persistent volume or host folder attached.

Typical upgrade flow

bash

docker pull aimldev/docklog:latest
docker compose up -d --force-recreate

Restore tip

If you use the default `DB_PATH`, restoring the SQLite file into the same mapped volume is usually enough to bring users and settings back online.

RBAC Rules & Regex Permissions

In team environments, developers often only need access to a subset of running containers (e.g. backend services, caches, web proxies). DockLog allows administrators to restrict container visibility using wildcard selectors or exact regular expressions.

Pattern Matching Strategies

1. Simple Substring Pattern

Matches any container whose name contains the substring. For example, entering redis matches containers like redis-cache, my-redis-db, and redis-prod.

2. Wildcard Matching

Uses asterisks to indicate glob matching. For example, backend-* matches backend-service and backend-api, but does not match frontend-app.

3. Anchor Regular Expressions

Enforces matching constraints using caret and dollar signs. For example, ^prod-.*-app$ ensures only containers starting with prod- and ending with -app are visible.

Assigning Multiple Rules

You can assign multiple container filters to a single staff member's profile. Separate individual matching rules with a comma (e.g. backend-*, *web-server, ^nginx-prod$). The user will be able to see containers matching any of the specified rules.

Architecture Overview

DockLog is designed as a compact, self-hosted pipeline that reads directly from Docker, renders in the browser, and keeps storage local when auth mode is enabled.

Go backend

Handles Docker API access, container control actions, RBAC checks, and server-side orchestration.

Vue 3 frontend

Presents the log viewer, metrics, login flows, and admin tools in a responsive glassmorphic interface.

SQLite persistence

Stores users, passwords, and audits locally so the deployment stays portable and under your control.

WebSocket streaming

Streams logs and reconnects automatically so the UI behaves like a live terminal rather than a static dashboard.

Product Tour

DockLog provides a unified workspace for managing Docker infrastructure, monitoring container activity, streaming logs, and controlling team access. Everything is designed to help operators spend less time switching tools and more time maintaining reliable systems.

Dashboard Overview

Monitor active containers, system health, recent events, and operational metrics from a single dashboard built for quick visibility and faster decision-making.

Container Management

Start, stop, restart, inspect, or remove containers without relying on terminal access. Manage your Docker workloads directly from the web interface.

Real-Time Log Streaming

View live container logs with powerful filtering and search capabilities. Diagnose issues faster and track application behavior as events occur.

RBAC & Permissions

Create granular access rules using roles, wildcards, and regex-based permissions to ensure team members only access resources they are authorized to manage.

Team Management

Invite operators, developers, and administrators while maintaining clear ownership and accountability across your infrastructure.

Security Audit Logs

Maintain a complete audit trail of user activity, authentication events, configuration changes, and container operations for compliance and security reviews.

Multi-Server Support

Connect multiple Docker hosts and manage development, staging, and production environments from a unified control panel.

Resource Monitoring

Track CPU, memory, disk, and network utilization across containers and hosts to identify bottlenecks before they affect application performance.

Future Roadmap

DockLog is evolving beyond a simple log viewer into a comprehensive container operations platform. Our roadmap focuses on improving observability, automation, scalability, and developer productivity while maintaining the lightweight experience that makes DockLog easy to deploy and manage.

⚓ Kubernetes Native Support

Connect directly to Kubernetes clusters and access pod logs, deployment information, namespaces, events, and workload health without relying on Docker daemon access. This will make DockLog a lightweight observability solution for both Docker and Kubernetes environments.

🔔 Real-Time Alerts & Notifications

Configure alerts based on log patterns, container failures, resource thresholds, or service health checks and receive instant notifications through Slack, Discord, Microsoft Teams, Email, and custom webhooks.

📊 Advanced Metrics & Observability

Gain deeper insight into your infrastructure with historical CPU, memory, disk, and network metrics, performance trends, health scores, and interactive dashboards for capacity planning and troubleshooting.

🔍 Centralized Log Search

Search logs across multiple servers and containers from a single interface. Advanced filtering, saved searches, tagging, and retention policies will help teams investigate incidents more efficiently.

🌐 Multi-Cluster & Multi-Environment Management

Manage development, staging, and production environments from a unified dashboard. Easily switch between Docker hosts, clusters, and teams while maintaining visibility across your entire infrastructure.

🚀 One-Click Container Deployments

Deploy containers directly from Docker Hub or private registries with a guided workflow for environment variables, networking, volumes, health checks, and restart policies, reducing the need for manual CLI operations.

📦 Docker Compose & Stack Management

Create, deploy, update, and monitor Docker Compose applications from the DockLog interface. Manage entire service stacks, inspect dependencies, and track deployment status without leaving the dashboard.

📈 Historical Analytics & Reporting

Generate detailed reports for container uptime, resource consumption, operational events, audit activity, and infrastructure performance to support capacity planning and operational reviews.