GitHub release (latest by date) GitHub Repo stars License Package Registry Docker Image Size Buy Me a Coffee
Dockpeek is a lightweight, self-hosted Docker dashboard for quick access to your containers. Open web interfaces, view logs, monitor ports, and update images — all from one clean, intuitive interface. It automatically detects Traefik labels and works out of the box with zero configuration.
- One-click web access — Instantly open your containers’ dashboards and web apps
- Automatic port mapping — Detect and display all published ports
- Live container logs — Stream logs in real time
- Traefik integration — Automatically extract service URLs from labels
- Multi-host management — Control multiple Docker daemons from one interface
- Image update checks — Detect and upgrade outdated containers
Add labels to your containers to tag them, customize their appearance, or control how dockpeek interacts with them.
dockpeek.https— Force HTTPS protocol for specific portsdockpeek.link— Turn container names into clickable linksdockpeek.ports— Add custom ports to display alongside detected onesdockpeek.port-range-grouping— Control port range grouping (true/false)dockpeek.tags— Organize and categorize containers with custom tags
Dockpeek automatically groups consecutive ports into ranges for cleaner display. For example, ports 601, 602, 603, 604, 605, 606 will be displayed as a single range "601-606" instead of individual port badges.
Per-Container Configuration:
labels: - "dockpeek.port-range-grouping=false" # Disable for this container - "dockpeek.port-range-grouping=true" # Enable for this container (overrides global)
Dockpeek Night mode screenshot
Container logs view
Checking for updates
Updates available
Light mode
The easiest way to get started with dockpeek:
services: dockpeek: image: dockpeek/dockpeek:latest container_name: dockpeek environment: - SECRET_KEY=your_secure_secret_key # Required: Set a secure secret key - USERNAME=admin # username - PASSWORD=admin # password # Server name for UI (optional, auto-detected from Docker API if not set) # - DOCKER_HOST_NAME= ports: - "3420:8000" volumes: - /var/run/docker.sock:/var/run/docker.sock restart: unless-stopped
Tip
You can add labels to your other containers to tag them or control how dockpeek interacts with them.
Learn more about available dockpeek labels.
For enhanced security, use a socket proxy to limit Docker API access:
services: dockpeek: image: dockpeek/dockpeek:latest container_name: dockpeek environment: - SECRET_KEY=your_secure_secret_key - USERNAME=admin - PASSWORD=admin - DOCKER_HOST=tcp://socket-proxy:2375 # Connect via socket proxy ports: - "3420:8000" depends_on: - socket-proxy restart: unless-stopped socket-proxy: # alternative: tecnativa/docker-socket-proxy image: lscr.io/linuxserver/socket-proxy:latest container_name: dockpeek-socket-proxy environment: - CONTAINERS=1 - IMAGES=1 - PING=1 - VERSION=1 - INFO=1 - POST=1 # Required for container updates - ALLOW_START=1 - ALLOW_STOP=1 - ALLOW_RESTARTS=1 - NETWORKS=1 volumes: - /var/run/docker.sock:/var/run/docker.sock read_only: true tmpfs: - /run restart: unless-stopped
Manage multiple Docker hosts from a single dashboard:
services: dockpeek: image: dockpeek/dockpeek:latest container_name: dockpeek restart: unless-stopped ports: - "3420:8000" environment: - SECRET_KEY=your_secure_secret_key - USERNAME=admin - PASSWORD=admin # --- Docker Host 1 (Local) --- - DOCKER_HOST_1_URL=unix:///var/run/docker.sock # Local Docker socket # DOCKER_HOST_1_NAME= is Optional: Auto-detected from Docker API if not set # DOCKER_HOST_1_PUBLIC_HOSTNAME= is optional; uses host IP by default # --- Docker Host 2 (Remote Server) --- - DOCKER_HOST_2_URL=tcp://192.168.1.100:2375 # Remote socket proxy - DOCKER_HOST_2_NAME=Production Server # Optional: Auto-detected from Docker API if not set - DOCKER_HOST_2_PUBLIC_HOSTNAME=server.local # Optional: Custom hostname for links # --- Docker Host 3 (Tailscale) --- - DOCKER_HOST_3_URL=tcp://100.64.1.5:2375 # Tailscale IP - DOCKER_HOST_3_NAME=Remote VPS # Optional: Auto-detected from Docker API if not set - DOCKER_HOST_3_PUBLIC_HOSTNAME=vps.tailnet.ts.net # Optional: Tailscale FQDN # --- Continue pattern for additional hosts (4, 5, etc.) --- volumes: # Required only if you are connecting to a local socket - /var/run/docker.sock:/var/run/docker.sock:ro
Tip
Install a Docker Socket Proxy on each remote host for secure API access.
| Variable | Description |
|---|---|
SECRET_KEY |
Required. Essential for application functionality and session security |
USERNAME |
Required. Username for dashboard login |
PASSWORD |
Required. Password for dashboard login |
| Variable | Default | Description |
|---|---|---|
PORT |
8000 |
Port on which the application listens |
DISABLE_AUTH |
false |
Set to true to disable authentication |
DOCKER_HOST |
Local socket | Primary Docker connection URL |
DOCKER_HOST_NAME |
Auto-detected | Display name for the primary server (auto-detected from Docker API if not set) |
DOCKER_HOST_PUBLIC_HOSTNAME |
Auto-detected | Optional hostname or IP for generating clickable links |
DOCKER_CONNECTION_TIMEOUT |
0.5 |
Connection timeout in seconds for Docker host discovery |
UPDATE_FLOATING_TAGS |
disabled |
Update check mode: latest, major (e.g., 8.3.3 → 8), or minor (e.g., 8.3.3 → 8.3) (default: exact tags) |
TRUST_PROXY_HEADERS |
false |
Set to true to enable proxy header support (X-Forwarded-*) |
TRUSTED_PROXY_COUNT |
1 |
Number of trusted proxies when TRUST_PROXY_HEADERS=true |
TRAEFIK_LABELS |
true |
Set to false to hide Traefik column |
TAGS |
true |
Set to false to hide tags column |
PORT_RANGE_GROUPING |
true |
Set to false to disable port range grouping globally |
PORT_RANGE_THRESHOLD |
5 |
Minimum number of consecutive ports to group as a range |
For additional Docker hosts, use the pattern DOCKER_HOST_N_*:
| Variable | Description |
|---|---|
DOCKER_HOST_N_URL |
Docker API URL (e.g., tcp://host:2375) |
DOCKER_HOST_N_NAME |
Display name in the dashboard (auto-detected from Docker API if not set) |
DOCKER_HOST_N_PUBLIC_HOSTNAME |
Optional public hostname for links |
Important
Important Configuration Requirements:
SECRET_KEYmust always be set - dockpeek will not function without itUSERNAMEandPASSWORDare required unlessDISABLE_AUTH=true- Multi-host variables require matching
Nidentifiers (URL, name, hostname)
Customize how containers appear and behave in dockpeek:
services: webapp: image: nginx:latest ports: - "3001:80" labels: - "dockpeek.ports=8080,9090" # Show additional ports - "dockpeek.https=3001,8080" # Force HTTPS for these ports - "dockpeek.link=https://myapp.local" # Make container name clickable - "dockpeek.tags=frontend,production" # Add organization tags
| Label | Purpose | Example |
|---|---|---|
dockpeek.ports |
Show additional ports | dockpeek.ports=8080,9090 |
dockpeek.https |
Force HTTPS for ports | dockpeek.https=9002,3000 |
dockpeek.link |
Custom container link | dockpeek.link=https://app.com |
dockpeek.port-range-grouping |
Control port range grouping | dockpeek.port-range-grouping=false |
dockpeek.tags |
tags | dockpeek.tags=web,prod |
Dockpeek natively supports Docker Swarm, You can deploy dockpeek as a stack, with a single socket-proxy instance, and view/manage all Swarm services and tasks in the dashboard. This configuration is ideal for production clusters using Traefik as an ingress proxy.
Click to see Example stack file (docker-compose-swarm-socket.yml)
services: dockpeek: image: dockpeek/dockpeek:latest environment: - SECRET_KEY=your_secure_secret_key - USERNAME=admin - PASSWORD=admin - TRAEFIK_LABELS=true - DOCKER_HOST=tcp://tasks.socket-proxy:2375 # Connect to Swarm manager via socket-proxy ports: - "3420:8000" networks: - traefik - dockpeek-internal deploy: replicas: 1 labels: - "traefik.enable=true" - "traefik.http.routers.dockpeek.rule=Host(`dockpeek.example.com`)" - "traefik.http.routers.dockpeek.entrypoints=websecure" - "traefik.http.routers.dockpeek.tls=true" - "traefik.http.services.dockpeek.loadbalancer.server.port=8000" socket-proxy: image: lscr.io/linuxserver/socket-proxy:latest environment: - CONTAINERS=1 - IMAGES=1 - PING=1 - VERSION=1 - INFO=1 - POST=1 - SERVICES=1 # Enable Swarm services API - TASKS=1 # Enable Swarm tasks API - NODES=1 # Enable Swarm nodes API volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - type: tmpfs target: /run tmpfs: size: 100000000 networks: - socket-proxy deploy: replicas: 1 placement: constraints: - node.role == manager networks: socket-proxy: traefik: external: true
How it works:
- The dockpeek and socket-proxy services share a private network for secure API access.
- The traefik network is external and should be pre-created by your Traefik deployment.
- Traefik labels on dockpeek expose the dashboard securely at your chosen domain.
- The DOCKER_HOST variable points to the socket-proxy service, which must run on a Swarm manager node.
- Dockpeek will auto-detect Swarm mode and show all services/tasks in the dashboard, with all the usual features (port mapping, Traefik integration, update checks, etc.).
Deploy with:
docker stack deploy -c docker-compose-swarm-socket.yml dockpeek
Answers to common questions:
Why do I see "Swarm mode" and no containers?
Dockpeek detected that Docker is running in Swarm mode, which changes how containers are managed (as "services" instead of standalone containers).
If you’re not intentionally using Docker Swarm, you can safely leave swarm mode with:
docker swarm leave --forceAfter running this command, refresh dockpeek — your regular containers should appear again.
How do I search for containers by port?
Use the format
:portin the search box. For example, typing:8080will show all containers exposing port 8080.
How do I search for available ports?
Use the
:freesearch syntax to find the next available port:
:free— Returns the next free port after the lowest occupied port:free 3420— Returns the next free port starting from port 3420 or higherThe search works per server when a specific server is selected, or across all servers when "All" is selected.
Click the copy button next to the result to copy the port number to your clipboard.
When does dockpeek use HTTPS automatically?
Dockpeek automatically uses HTTPS for:
- Container port
443/tcp- Host ports ending with
443(e.g.,8443,9443)- Ports specified with the
dockpeek.httpslabel
How do I make container names clickable?
Use the
dockpeek.linklabel:labels: - "dockpeek.link=https://myapp.example.com"This is especially useful with reverse proxies to link directly to public addresses.
How can I add ports for containers without port mapping?
Some containers (like those using host networking or behind reverse proxies) don't expose ports through Docker's standard port mapping. Use the
dockpeek.portslabel:labels: - "dockpeek.ports=8096,8920"
How does port range grouping work?
Dockpeek automatically detects consecutive ports and groups them into ranges for cleaner display:
- Input: 601, 602, 603, 604, 605, 606, 8080, 9000
- Output: 601-606, 8080, 9000
Configure threshold:
environment: - PORT_RANGE_THRESHOLD=3 # Only group 3+ consecutive portsDisable globally:
environment: - PORT_RANGE_GROUPING=falseDisable per-container:
labels: - "dockpeek.port-range-grouping=false"
How do I check updates for pinned versions like 8.2.2-alpine?
Use the
UPDATE_FLOATING_TAGSenvironment variable:Available modes:
latest- always checks thelatesttagmajor- for8.2.2checks8minor- for8.2.2checks8.2disabled(default) - checks exact tagenvironment: - UPDATE_FLOATING_TAGS=major # Checks 8-alpine instead of exact 8.2.2-alpine
How do I enable X-Forwarded-* headers behind a proxy?
Enable proxy header support with these environment variables:
environment: - TRUST_PROXY_HEADERS=true - TRUSTED_PROXY_COUNT=1 # Number of proxies between client and dockpeekThis allows dockpeek to correctly handle X-Forwarded-* headers (including X-Forwarded-Prefix for subpath deployments) from proxies.
How do I clear the search filter?
Click the dockpeek title at the top of the page to reset the search and return to the full container view.
Check releases