Skip to content

fabienpiette/quaycheck

BranchesTags

Repository files navigation

Quaycheck

Quaycheck dashboard showing container port mappings and resource usage

Self-hosted Docker dashboard for port management, resource monitoring, egress monitoring, IP enrichment, and container logs.

Quick Start

# docker-compose.yml
services:
  app:
    image: ghcr.io/fabienpiette/quaycheck:latest
    container_name: quaycheck-app
    restart: unless-stopped
    ports:
      - "8080:8080"
    environment:
      - DOCKER_HOST=tcp://socket-proxy:2375
      - POSTGRES_DSN=postgres://quaycheck:changeme@postgres:5432/quaycheck
      - PORT_POLL_INTERVAL=1s
      - RESOURCE_POLL_INTERVAL=1s
      - EVENT_HISTORY_MAX=500
      - RESOURCE_HISTORY_MAX=7d
      - NETWORK_POLL_INTERVAL=0             # set to e.g. 10s to enable egress monitoring
      - NETWORK_HISTORY_MAX=7d
    depends_on:
      - socket-proxy
      - postgres

  socket-proxy:
    image: tecnativa/docker-socket-proxy
    container_name: port-dashboard-proxy
    restart: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      - CONTAINERS=1
      - STATS=1      # required for resource monitoring
      - INFO=1
      - VERSION=1
      - NETWORKS=1   # required for egress monitoring
      - LOGS=1       # required for container logs tab
      - POST=1
      - ALLOW_START=1  # required for container management
      - ALLOW_STOP=1

  postgres:
    image: pgvector/pgvector:pg16
    restart: unless-stopped
    environment:
      - POSTGRES_DB=quaycheck
      - POSTGRES_USER=quaycheck
      - POSTGRES_PASSWORD=changeme
    volumes:
      - postgres_data:/var/lib/postgresql/data

volumes:
  postgres_data:
docker compose up -d
# open http://localhost:8080

Egress monitoring uses Linux Netlink (no procfs mount required). It works on all modern kernels including Ubuntu 24.04+ and Proxmox PVE (kernel 6.x). See Enabling egress monitoring for the required compose override.

Features

  • Port dashboard — all container port mappings at a glance; conflict detection, availability checker, and port suggestions
  • Resource monitoring — live CPU, memory, network, and disk I/O per container with time-series charts and drag-to-zoom
  • Container analysis — automated recommendations for missing limits, idle containers, memory pressure, and growth trends
  • Egress monitoring — live per-container view of outbound connections with destination IPs, reverse-DNS hostnames, ports, and TCP state (Linux only, via Netlink — opt-in via docker-compose.network.yml)
  • IP enrichment — a background scanner proactively enriches all destination IPs and shows a colour-coded threat dot-pill (clean / suspicious / malicious) directly in the connections table; click any row for the full SOC-style intelligence brief (geo, ASN, org, abuse score, red flags, and recommendations); powered by ipinfo.io with optional AbuseIPDB key for abuse scoring and Tor detection; results are disk-cached with a configurable TTL
  • PostgreSQL + pgvector — all seven domain stores persist to PostgreSQL (POSTGRES_DSN is required); stores vector embeddings via pgvector for ML use cases; exports labeled JSONL training data via GET /api/export/training for LLM fine-tuning
  • Container logs — browse, filter, and live-tail logs from one or more containers without leaving the UI; filter by level (error / warn / info / debug), keyword search with inline highlight, and SSE-based live tail
  • Container management — start and stop containers manually; define auto rules to act on resource or lifecycle conditions
  • Service view — group containers by Docker Compose project and service
  • Port history — stopped containers retain their last known ports
  • Secure by design — all Docker API calls go through docker-socket-proxy; access limited to container list, stats, networks, logs, and start/stop — no exec, no image builds, no privileged operations

Install

Prerequisites: Docker

Docker Compose (recommended)

See Quick Start above.

From source

Prerequisites: Go 1.24+

git clone https://github.com/fabienpiette/quaycheck.git
cd quaycheck
make up

Config

Variable Default Description
DOCKER_HOST tcp://socket-proxy:2375 Docker API endpoint
PORT 8080 Web server port
POSTGRES_DSN required PostgreSQL connection string (e.g. postgres://quaycheck:pass@postgres:5432/quaycheck); startup fatals if unset
PORT_POLL_INTERVAL 30s How often to poll Docker for port changes
EVENT_HISTORY_MAX 100 Maximum number of history entries to keep
RESOURCE_POLL_INTERVAL 30s How often to poll Docker for resource stats
RESOURCE_HISTORY_MAX 24h How long to keep resource history (h, d, w)
RESOURCE_STATS_CONCURRENCY 8 Number of containers queried in parallel per poll cycle; increase on hosts with many containers, lower if socket-proxy is the bottleneck
RULE_ENGINE_INTERVAL 10s How often the rule engine evaluates conditions
NETWORK_POLL_INTERVAL 10s How often to read conntrack data (0 disables egress monitoring)
NETWORK_HISTORY_MAX 7d How long to keep connection history (h, d, w)
ABUSEIPDB_KEY `` AbuseIPDB API key for abuse scoring in IP enrichment; if unset, ipinfo.io geo/ASN data is still fetched but abuse scoring is disabled
ENRICH_CACHE_TTL 24h How long to cache enrichment results before re-fetching (h, d, w)
THREAT_SCAN_INTERVAL `` How often the background threat scanner runs; defaults to NETWORK_POLL_INTERVAL×3 when unset
LOG_DIR logs/ Directory to store per-container JSONL log files
LOG_FILE_MAX_MB 50 Per-container log file rotation threshold in MB
LOG_TAIL_DEFAULT 200 Default number of lines returned by GET /api/logs when no tail param is given
EMBED_PROVIDER `` Embedding provider for pgvector: ollama or openai; when unset, embeddings are disabled
EMBED_OLLAMA_URL http://localhost:11434 Ollama base URL (used when EMBED_PROVIDER=ollama)
EMBED_OPENAI_KEY `` OpenAI API key (used when EMBED_PROVIDER=openai)

Enabling egress monitoring

Egress monitoring is disabled by default (NETWORK_POLL_INTERVAL=0). It uses Linux Netlink via CAP_NET_ADMIN and network_mode: host — no procfs mount is required, so it works on all Linux kernels including 6.x (Ubuntu 24.04+, Proxmox PVE).

Enable it by adding the compose override:

docker compose -f docker-compose.yml -f docker-compose.network.yml up -d --build

docker-compose.network.yml sets network_mode: host, adds CAP_NET_ADMIN, and sets NETWORK_POLL_INTERVAL=10s.

Portainer users: use docker-compose.portainer.yml as a single-file stack — it includes all required settings.

Documentation

  • Architecture — code map, module responsibilities, invariants
  • Contributing — dev setup, hook install, commit conventions

Contributing

Contributions welcome. See CONTRIBUTING.md for dev setup and guidelines.

make run             # run locally
make build           # build binary
make test            # run tests
make test-coverage   # generate coverage report
make fmt             # format code

Acknowledgments

Thanks to all contributors.

Buy Me A Coffee

License

AGPL-3.0 — if you distribute a modified version, you must release its source under the same terms.

About

A lightweight Docker port dashboard that shows container port mappings and helps you find free ports.

github.com/fabienpiette/quaycheck#readme

Topics

go docker golang dashboard docker-compose containers devtools ports

Resources

Readme

License

AGPL-3.0 license

Contributing

Contributing

Security policy

Security policy
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 23

v0.0.50 Latest
Mar 4, 2026
+ 22 releases

Packages

 
 
 

Contributors

Languages