GoDoxy/next-release.md at a59ad97e5e682108df99c3cf1a89833d68386136 - TyleoDvDelaware3217/GoDoxy - Forgejo: Beyond coding. We Forge.

TyleoDvDelaware3217/GoDoxy

mirror of https://github.com/yusing/godoxy.git synced 2025-05-21 13:02:34 +02:00

yusing ecb89f80a0 update files for agent, deps upgrade

2025-02-11 01:10:07 +08:00

1.2 KiB

Raw Blame History

GoDoxy v0.10.0

Agent Mode

listen only on Agent API server, authenticate with mTLS. Maintain secure connection between GoDoxy main and GoDoxy agent server

Main benefits:

No more exposing docker socket: drops the need of docker-socket-proxy

No more exposing app ports: fewer attack surface

services:
  app:
    ...
    # ports: # this part is not needed on agent server
    #  - 6789

Secure: no one can connect to it except GoDoxy main server because of mTLS
Fetch info from agent server, e.g. CPU usage, Memory usage, container list, container logs, etc... (to be ready for beszel and dockge like features in WebUI)

How to setup

Agent server generates CA cert, SSL certificate and Client certificate on first run.
Follow the output on screen to run godoxy new-agent <ip>:<port> ... on GoDoxy main server to store generated certs
Add config output to GoDoxy main server in config.yml under providers.agents
```
providers:
  agents:
    - 12.34.5.6:8889
```

How does it work

Main server and agent server negotiate mTLS
Agent server verify main server's client cert and check if server version matches agent version
Agent server now acts as a http proxy and docker socket proxy