mirror of
https://github.com/yusing/godoxy.git
synced 2025-05-20 20:52:33 +02:00
54 lines
1.5 KiB
Markdown
54 lines
1.5 KiB
Markdown
## GoDoxy v0.10.0
|
|
|
|
### GoDoxy Agent
|
|
|
|
Maintain secure connection between main server and agent server by authenticating and encrypting connection with mTLS.
|
|
|
|
Main benefits:
|
|
|
|
- No more exposing docker socket: drops the need of `docker-socket-proxy`
|
|
- No more exposing app ports: fewer attack surface
|
|
|
|
```yaml
|
|
services:
|
|
app:
|
|
...
|
|
# ports: # this part is not needed on agent server
|
|
# - 6789
|
|
```
|
|
|
|
- Secure: no one can connect to it except GoDoxy main server because of mTLS, plus connection is encrypted
|
|
- Fetch info from agent server, e.g. CPU usage, Memory usage, container list, container logs, etc... (to be ready for beszel and dockge like features in WebUI)
|
|
|
|
#### How to setup
|
|
|
|
Prerequisites:
|
|
|
|
- GoDoxy main server must be running
|
|
|
|
1. Create a directory for agent server, cd into it
|
|
2. Navigate to **Metrics tab** in WebUI, click **Add agent**, fill in required infomation then click **Copy docker compose**
|
|
3. Paste the docker compose into the agent server then start it with `docker compose up -d`
|
|
|
|
### How does it work
|
|
|
|
Run flow:
|
|
|
|
```mermaid
|
|
flowchart TD
|
|
subgraph Agent HTTPS Server
|
|
aa[Load CA and SSL certs] -->
|
|
ab[Start HTTPS server] -->
|
|
|
|
ac[Receive request] -->
|
|
ad[Verify client cert] -->
|
|
ae[Handle request] --> ac
|
|
end
|
|
subgraph Main Server
|
|
ma[Load client certs] -->
|
|
mb[Query agent version] --> ac
|
|
mb --> mc[Check if agent version matches] -->
|
|
md[Query agent info] --> ac
|
|
md --> ae --> me[Store agent info]
|
|
end
|
|
```
|