TyleoDvDelaware3217/GoDoxy
1
0
Fork 0
mirror of https://github.com/yusing/godoxy.git synced 2025-05-21 21:12:34 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
GoDoxy/next-release.md
yusing 58ea9750d7 Update next-release
2025-02-11 01:10:09 +08:00

1.3 KiB
Raw Blame History

GoDoxy v0.10.0

GoDoxy-Agent

listen only on Agent API server, authenticate and encrypt connection with mTLS. Maintain secure connection between GoDoxy main and GoDoxy agent server

Main benefits:

  • No more exposing docker socket: drops the need of docker-socket-proxy
  • No more exposing app ports: fewer attack surface 
    services:
  app:
    ...
    # ports: # this part is not needed on agent server
    #  - 6789
  • Secure: no one can connect to it except GoDoxy main server because of mTLS, plus connection is encrypted
  • Fetch info from agent server, e.g. CPU usage, Memory usage, container list, container logs, etc... (to be ready for beszel and dockge like features in WebUI)

How to setup

  1. Agent server generates CA cert, SSL certificate and Client certificate on first run.
  2. Follow the output on screen to run godoxy new-agent <ip>:<port> ... on GoDoxy main server to store generated certs
  3. Add config output to GoDoxy main server in config.yml under providers.agents 
    providers:
  agents:
    - 12.34.5.6:8889

How does it work

  1. Main server and agent server negotiate mTLS
  2. Agent server verify main server's client cert and check if server version matches agent version
  3. Agent server now acts as a http proxy and docker socket proxy