Dozzle - dozzle.dev
Dozzle is a small lightweight application with a web based interface to monitor Docker logs. It doesnโt store any log files. It is for live monitoring of your container logs only.
dozzle-dark.mp4
Features
- Intelligent fuzzy search for container names
๐ค - Search logs using regex
๐ฆ - Small memory footprint
๐ - Split screen for viewing multiple logs
- Download logs easy
- Live stats with memory and CPU usage
- Authentication with username and password
๐จ
Dozzle should work for most. It has been tested with hundreds of containers. However, it doesn't support offline searching. Products like Loggly, Papertrail or Kibana are more suited for full search capabilities.
Dozzle doesn't cost any money and aims to focus on real-time debugging.
Getting Dozzle
Dozzle is a very small Docker container (4 MB compressed). Pull the latest release from the index:
$ docker pull amir20/dozzle:latest
Using Dozzle
The simplest way to use dozzle is to run the docker container. Also, mount the Docker Unix socket with --volume to /var/run/docker.sock:
$ docker run --name dozzle -d --volume=/var/run/docker.sock:/var/run/docker.sock -p 8888:8080 amir20/dozzle:latest
Dozzle will be available at http://localhost:8888/. You can change -p 8888:8080 to any port. For example, if you want to view dozzle over port 4040 then you would do -p 4040:8080.
Connecting with Docker compose
version: "3"
services:
dozzle:
container_name: dozzle
image: amir20/dozzle:latest
volumes:
- /var/run/docker.sock:/var/run/docker.sock
ports:
- 9999:8080
Connecting to remote hosts
Dozzle supports connecting to multiple remote hosts via tcp:// using TLS or without. Appropriate certs need to be mounted for Dozzle to be able to successfully connect. At this point, ssh:// is not supported because Dozzle docker image does not ship with any ssh clients.
To configure remote hosts, --remote-host or DOZZLE_REMOTE_HOST need to provided and the pem files need to be mounted to /cert directory. The /cert directory expects to have /certs/{ca,cert,key}.pem or /certs/{host}/{ca,cert,key}.pem in case of multiple hosts.
Below are examples of using --remote-host via CLI:
$ docker run -v /var/run/docker.sock:/var/run/docker.sock -v /path/to/certs:/certs -p 8080:8080 amir20/dozzle --remote-host tcp://167.99.1.1:2376
Multiple --remote-host flags can be used to specify multiple hosts.
Or to use compose:
version: "3"
services:
dozzle:
image: amir20/dozzle:latest
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /path/to/certs:/certs
ports:
- 8080:8080
environment:
DOZZLE_REMOTE_HOST: tcp://167.99.1.1:2376,tcp://167.99.1.2:2376
You need to make sure appropriate certs are provided in /certs/167.99.1.1/{ca,cert,key}.pem and /certs/167.99.1.2/{ca,cert,key}.pem for both hosts to work.
Adding health check
Dozzle doesn't enable healthcheck by default as it adds extra CPU usage. healthcheck can be enabled manually.
version: "3"
services:
dozzle:
container_name: dozzle
image: amir20/dozzle:latest
volumes:
- /var/run/docker.sock:/var/run/docker.sock
ports:
- 8080:8080
environment:
DOZZLE_LEVEL: trace
healthcheck:
test: [ "CMD", "/dozzle", "healthcheck" ]
interval: 3s
timeout: 30s
retries: 5
start_period: 30s
Security
You can control the device Dozzle binds to by passing --addr parameter. For example,
$ docker run --volume=/var/run/docker.sock:/var/run/docker.sock -p 8888:1224 amir20/dozzle:latest --addr localhost:1224
will bind to localhost on port 1224. You can then use a reverse proxy to control who can see dozzle.
If you wish to restrict the containers shown you can pass the --filter parameter. For example,
$ docker run --volume=/var/run/docker.sock:/var/run/docker.sock -p 8888:1224 amir20/dozzle:latest --filter name=foo
this would then only allow you to view containers with a name starting with "foo". You can use other filters like status as well, please check the official docker command line docs for available filters. Multiple --filter arguments can be provided.
Authentication
Dozzle supports a very simple authentication out of the box with just username and password. You should deploy using SSL to keep the credentials safe. See configuration to use --username and --password. You can also use docker secrets --usernamefile and --passwordfile.
Changing base URL
Dozzle by default mounts to "/". If you want to control the base path you can use the --base option. For example, if you want to mount at "/foobar",
then you can override by using --base /foobar. See env variables below for using DOZZLE_BASE to change this.
$ docker run --volume=/var/run/docker.sock:/var/run/docker.sock -p 8080:8080 amir20/dozzle:latest --base /foobar
Dozzle will be available at http://localhost:8080/foobar/.
Analytics collected
Dozzle collects anonymous user configurations using Google Analytics. Why? Dozzle is an open source project with no funding. As a result, there is no time to do user studies of Dozzle. Analytics is collected to prioritize features and fixes based on how people use Dozzle. This data is completely public and can be viewed live using Data Studio dashboard.
If you do not want to be tracked at all, see the --no-analytics flag below.
Environment variables and configuration
Dozzle follows the 12-factor model. Configurations can use the CLI flags or environment variables. The table below outlines all supported options and their respective env vars.
| Flag | Env Variable | Default |
|---|---|---|
--addr |
DOZZLE_ADDR |
:8080 |
--base |
DOZZLE_BASE |
/ |
--hostname |
DOZZLE_HOSTNAME |
"" |
--level |
DOZZLE_LEVEL |
info |
--filter |
DOZZLE_FILTER |
"" |
--username |
DOZZLE_USERNAME |
"" |
--password |
DOZZLE_PASSWORD |
"" |
--usernamefile |
DOZZLE_USERNAME_FILE |
"" |
--passwordfile |
DOZZLE_PASSWORD_FILE |
"" |
--no-analytics |
DOZZLE_NO_ANALYTICS |
false |
--remote-host |
DOZZLE_REMOTE_HOST |
Troubleshooting and FAQs
I installed Dozzle, but logs are slow or they never load. Help!
Dozzle uses Server Sent Events (SSE) which connects to a server using a HTTP stream without closing the connection. If any proxy tries to buffer this connection, then Dozzle never receives the data and hangs forever waiting for the reverse proxy to flush the buffer. Since version 1.23.0, Dozzle sends the X-Accel-Buffering: no header which should stop reverse proxies buffering. However, some proxies may ignore this header. In those cases, you need to explicitly disable any buffering.
Below is an example with nginx and using proxy_pass to disable buffering.
server {
...
location / {
proxy_pass http://<dozzle.container.ip.address>:8080;
}
location /api {
proxy_pass http://<dozzle.container.ip.address>:8080;
proxy_buffering off;
proxy_cache off;
}
}
What data does Dozzle collect?
Dozzle does collect some analytics. Analytics is anonymous usage tracking of the features which are used the most. See the section above on how to disable any analytic collection.
In the browser, Dozzle has a strict Content Security Policy which only allows the following policies:
- Allow connect to
api.github.comto fetch most recent version. - Only allow
<script>and<style>files fromself
Dozzle opens all links with rel="noopener".
We have tools that uses Dozzle when a new container is created. How can I get a direct link to a container by name?
Dozzle has a special route that can be used to search containers by name and then forward to that container. For example, if you have a container with name "foo.bar" and id abc123, you can send your users to /show?name=foo.bar which will be forwarded to /container/abc123.
I installed Dozzle but memory consumption doesn't show up!
This is an issue specific to ARM devices
Dozzle uses the Docker API to gather information about the containers' memory usage. If the memory usage is not showing up, then it is likely that the Docker API is not returning the memory usage.
You can verify this by running docker info, and you should see the following:
WARNING: No memory limit support
WARNING: No swap limit support
In this case, you'll need to add the following line to your /boot/cmdline.txt file and reboot your device.
cgroup_enable=cpuset cgroup_enable=memory cgroup_memory=1
License
Building
To Build and test locally: