adding support of custom DOCKER_SOCKET

mohsenasm · mohsenasm · commit 0b9a436b8b7e · 2025-08-04T22:01:10.000+03:30
issue #51
diff --git a/README.md b/README.md
@@ -101,34 +101,23 @@ List of environment variables for more customization:
 | CADVISOR_PORT                        | 8080                                                                                                              |                                                                                                                                                                                              |
 | ENABLE_DATA_API                      | true                                                                                                              | Use this env to export the `/data` API that returns the swarm status as a JSON object. Note that it requires basic-auth if `ENABLE_AUTHENTICATION` is activated.                             |
 | ENABLE_NETWORKS                      | false                                                                                                             | `true` by default, set to `false` to remove the network section from the dashboard.                                                                                                          |
+| DOCKER_SOCKET                        | tcp://localhost:2375                                                                                              | `/var/run/docker.sock` by default. You can use it with [docker-socket-proxy](https://github.com/Tecnativa/docker-socket-proxy).                                                              |
 
 ## Security
 
 + We redact docker event data before sending them to the client. The previous version was sending the whole docker event data, including environment variables (someone might have stored some passwords in them, by mistake!). So, please consider using the newer version.
 
 + Using the `ENABLE_AUTHENTICATION` environment variable, there is an option to use `Basic Auth`. The WebSocket server will close the connection if it does not receive a valid authentication token. See the example in the above section for more info.
 
-+ Using the `ENABLE_HTTPS` environment variable, there is an option to use `HTTPS` and `WSS`. We have Let’s Encrypt integration with the DNS challenge. See the example in the above section for more info.
-
-
-## Production use
-
-There are two considerations for any serious deployment of the dashboard:
-
-1. Security - the dashboard node.js server has access to the docker daemon unix socket
-   and runs on the manager, which makes it a significant attack surface (i.e. compromising
-   the dashboard's node server would give an attacker full control of the swarm)
-2. The interaction with docker API is a fairly rough implementation and
-   is not very optimized. The server polls the API every 1000 ms, publishing the
-   response data to all open WebSockets if it changed since last time. There
-   is probably a better way to look for changes in the Swarm that could be used
-   in the future.
++ Using the `ENABLE_HTTPS` environment variable, there is an option to use `HTTPS` and `WSS`. We have Let’s Encrypt integration with the DNS challenge. See the example for more info.
 
++ You can use [docker-socket-proxy](https://github.com/Tecnativa/docker-socket-proxy) with the `DOCKER_SOCKET` environment variable to minimize permissions and enhance security.
 
 ## Rough roadmap
 
 * Show more service details (published port, image name, and version)
 * Node / Service / Task details panel
+* Improving performance by sending only the changes to online clients
 
 Both feature requests and pull requests are welcome. If you want to build/test the code locally, see [commands.md](./test-cluster/commands.md) in the `test-cluster` directory.
 
diff --git a/server/index.js b/server/index.js
@@ -30,6 +30,7 @@ const showTaskTimestamp = !(process.env.SHOW_TASK_TIMESTAMP === "false");
 const enableNetworks = !(process.env.ENABLE_NETWORKS === "false");
 const debugMode = process.env.DEBUG_MODE === "true";
 const enableDataAPI = process.env.ENABLE_DATA_API === "true";
+const dockerSocket = process.env.DOCKER_SOCKET || "/var/run/docker.sock";
 
 const _nodeExporterServiceNameRegex = process.env.NODE_EXPORTER_SERVICE_NAME_REGEX || "";
 const useNodeExporter = _nodeExporterServiceNameRegex !== "";
@@ -65,12 +66,21 @@ function formatBytes(bytes, decimals = 0) {
 }
 
 // Docker API integration
-
 const dockerRequestBaseOptions = {
   method: 'GET',
-  socketPath: '/var/run/docker.sock',
 };
-
+if (dockerSocket.startsWith("tcp://")) {
+  const regex = /^tcp:\/\/([^:]+):(\d+)$/;
+  const match = dockerSocket.match(regex);
+  if (match) {
+    dockerRequestBaseOptions.host = match[1];
+    dockerRequestBaseOptions.port = parseInt(match[2]);
+  } else {
+      console.log("error is parsing DOCKER_SOCKET");
+  }
+} else {
+    dockerRequestBaseOptions.socketPath = dockerSocket;
+}
 const dockerAPIRequest = path => {
   return new Promise((res, rej) => {
     let buffer = '';
