DEV Community

Fran
Fran

Posted on

usulnet v26.2.7 — open-source Docker infrastructure platform

#devops #docker #opensource #showdev

usulnet is an open-source, self-hosted Docker infrastructure platform. One binary, one web UI — containers, security, backups, reverse proxy, DNS, VPN, monitoring, terminal, file browser, multi-node orchestration. No vendor lock-in, no telemetry, no cloud dependency.

GitHub: github.com/fr4nsys/usulnet
Website: usulnet.com

v26.2.7 is the biggest release yet: 11 new features, 17 bug fixes (several critical), and a complete proxy simplification.

What's New in v26.2.7

Embedded DNS Server

Full authoritative DNS server built into usulnet, powered by miekg/dns (the Go library behind CoreDNS). Runs in-process — no external DNS software to install or manage.

  • Zone management — Create primary, secondary, and forward zones with full SOA configuration. Serial auto-increments on every record change.
  • 10 record types — A, AAAA, CNAME, MX, TXT, NS, SRV, PTR, CAA, SOA. Per-record TTL and enable/disable toggle.
  • TSIG keys — Transaction Signature keys for secure zone transfers. Secrets encrypted at rest with AES-256-GCM.
  • Upstream forwarding — Non-authoritative queries forwarded to configurable upstreams (default: Cloudflare 1.1.1.3 + 1.0.0.3 malware-blocking DNS).
  • Live statistics — Real-time query counters, zones loaded, server uptime, health check.
  • Audit logging — Every zone/record/key change logged with user, action, resource, and timestamp.
  • 8 new UI pages — Zone list, create/edit, detail with inline record management, DNS settings, audit log.

DNS Service Discovery

Running Docker containers are automatically registered as DNS records — no manual configuration.

  • A records: redis.containers.local → container IP. Registered on container start, removed on container stop/die.
  • SRV records: Exposed ports get _8080._tcp.myapp.containers.local for service discovery by name and port.
  • Real-time: Docker event stream callbacks — instant registration/deregistration, no polling.
  • Reconciliation: Periodic full-state sync catches events missed during transient Docker API disconnects. 
dns:
  enabled: true
  listen_addr: ":53"
  service_discovery:
    enabled: true
    domain: "containers.local"
    create_srv: true
Enter fullscreen mode Exit fullscreen mode

WireGuard VPN Management

Native WireGuard VPN from the web UI. No CLI, no config file editing.

  • Create and manage multiple WireGuard interfaces per host
  • Add peers with auto-generated Curve25519 keys and preshared keys
  • Client config generation (copy-paste or QR code)
  • Transfer statistics (rx/tx) per interface and per peer
  • Post-up/post-down script support for routing rules

Firewall Manager

Visual iptables/nftables management — create, edit, apply, and sync firewall rules from the browser.

  • Chains: INPUT, OUTPUT, FORWARD, DOCKER-USER
  • Protocols: TCP, UDP, ICMP, ALL
  • Actions: ACCEPT, DROP, REJECT, LOG
  • Audit log: Every rule change recorded with user, action, timestamp, and rule details
  • Auto-detection: Detects whether the host uses iptables or nftables and applies through the correct backend
  • One-click sync: Apply individual rules or sync the entire ruleset to the host

SSL Observatory

SSL Labs-style TLS scanner for monitoring certificate health across your infrastructure.

  • Certificate scanning: Analyzes protocol versions (TLS 1.0–1.3), cipher suites, certificate chains, OCSP stapling, HSTS, and Certificate Transparency logs
  • Grading: A+ to F letter grades with 0–100 numeric scoring
  • Dashboard: Grade distribution chart and expiring certificate alerts
  • Detailed reports: Per-target breakdown with actionable remediation guidance

Backup Verification

Automated backup integrity verification — proving backups are actually restorable, not just present.

  • Three methods: Extract (unpack and validate), Container (mount and verify), Database (restore to temp instance and query)
  • Integrity checks: Checksums, file readability, container accessibility, data integrity
  • Schedulable: Cron expressions for recurring automated verification
  • History: Full run log with status, method, duration, and error details

Container Image Builder

Build Docker images from Dockerfiles directly in the web UI.

  • Multi-stage build support
  • Build arguments and platform targeting
  • Reusable Dockerfile templates

Automated Rollback

Automatic stack rollback when deployments fail or health checks break.

  • Configurable rollback policies
  • Retry limits and cooldown periods
  • Full execution history

Crontab Manager

Web-based cron job scheduling — create, edit, enable/disable, and execute jobs from the UI.

  • Three command types: Shell commands (with working directory), Docker exec (target container), HTTP webhooks (GET/POST/PUT/DELETE)
  • Cron scheduling: Standard 5-field expressions via robfig/cron/v3
  • Execution history: Every run recorded — status, stdout/stderr, exit code, duration
  • Run Now: Execute any job immediately, independent of schedule
  • Auto-cleanup: Records older than 30 days pruned automatically

Interactive Network Topology Graph

The /topology page upgraded from static cards to an interactive D3.js force-directed graph.

  • Force-directed layout: Networks as rectangles, containers as circles, physics-based positioning
  • Drag & drop: Rearrange nodes, pin in place
  • Zoom & pan: Mouse wheel and drag, reset button
  • Hover highlighting: Hovering a node highlights connections, dims everything else
  • Click details: Sidebar panel with driver, subnet, state, connections
  • Color-coded: Networks by driver (bridge=blue, overlay=green), containers by state (running=green, stopped=red)
  • Fullscreen mode: For large topologies

Container Marketplace (Business)

Curated app marketplace for one-click Docker Compose deployments.

  • Searchable catalog with category filtering
  • Featured and verified app badges
  • User ratings and reviews
  • Configurable deployment fields
  • Community app submission

Proxy Simplification: Nginx-Only

Caddy and Nginx Proxy Manager backends have been completely removed — ~6,000 lines of dead code eliminated. Nginx is now the sole reverse proxy backend, always enabled.

New capabilities:

  • DNS-01 wildcard certificates: *.example.com via Cloudflare DNS API

  • Docker exec mode: When nginx runs in a container, usulnet uses the Docker API to execute nginx -t and nginx -s reload inside it — no local nginx binary needed

  • Sidebar search: Compact filter input below the logo, filters navigation in real-time, Escape clears

Already in usulnet

If you're discovering usulnet for the first time, here's what the platform already includes:

Core Docker

  • Containers: Full lifecycle — create, start, stop, restart, pause, kill, remove. Bulk operations, real-time stats, settings editor, filesystem browser.
  • Images: Pull, inspect, remove, prune. Docker Hub + private registries. Layer history.
  • Volumes: CRUD + built-in file browser for volume contents.
  • Networks: Bridge, overlay, macvlan. Connect/disconnect containers.
  • Stacks: Docker Compose deployment from YAML, Git repos, or built-in catalog (20 apps).
  • Docker Swarm: Initialize clusters, manage nodes, scale services, promote/demote, live service logs, rollback.

Security

  • Trivy scanning: CVE detection with severity classification per container and image
  • Security scoring: 0-100 composite score per container and across infrastructure
  • SBOM generation: CycloneDX and SPDX formats
  • RBAC: 46 granular permissions, custom roles, team-based scoping
  • 2FA/TOTP: Google Authenticator, backup codes, account lockout
  • LDAP/OIDC: Active Directory, OAuth2 (GitHub, Google, Microsoft)
  • Audit logging: Every action logged to PostgreSQL with IP, timestamp, details
  • AES-256-GCM encryption for all secrets at rest

Monitoring & Alerting

  • Real-time CPU, memory, network, disk metrics per container and per host
  • Threshold-based alert rules (OK → Pending → Firing → Resolved)
  • 11 notification channels (Email, Slack, Discord, Telegram, Gotify, ntfy, PagerDuty, Opsgenie, Teams, Webhook)
  • Docker event stream with filtering
  • Prometheus /metrics endpoint

Backup & Recovery

  • Back up containers, volumes, or stacks
  • Cron-based scheduling with retention policies
  • S3, MinIO, Azure Blob, GCS, Backblaze B2, SFTP, local
  • gzip/zstd compression
  • One-click restore

Multi-Node

  • Master/agent architecture with NATS + JetStream
  • Internal PKI with mTLS for agent-master communication
  • Auto-deploy agents via SSH from the web UI
  • Gateway routing — API requests auto-route to the correct node

Developer Tools

  • Terminal: Multi-tab browser terminal (xterm.js) — container exec + host SSH
  • Monaco Editor: VS Code editor in the browser for container/host files
  • Neovim: Neovim with lazy.nvim in the browser via WebSocket
  • File browsers: Container filesystem, host filesystem, SFTP browser
  • 15 developer utilities: Base64, JSON formatter, UUID generator, regex tester, CIDR calculator, JWT decoder, and more
  • Snippets and command cheat sheet

Connections & Integrations

  • SSH (password/key auth, tunnels, port forwarding)
  • RDP/VNC via Guacamole (no client software needed)
  • Database browser (PostgreSQL, MySQL, MongoDB, Redis, SQLite)
  • LDAP browser
  • Git integration (Gitea, GitHub, GitLab — repos, PRs, issues, CI/CD)
  • Container registry browser (Docker Hub, GHCR, private OCI registries)

Automation

  • Outgoing webhooks with retry and delivery logs
  • Auto-deploy on Git push
  • Runbooks with approval gates
  • Scheduled jobs UI for all background tasks
  • Image update detection with batch apply + rollback

Reverse Proxy

  • Nginx with auto-HTTPS (Let's Encrypt)
  • HTTP-01 and DNS-01 (wildcard) certificate support
  • TCP/UDP stream proxying
  • Docker exec mode for containerized nginx

Operations

  • Docker daemon configuration (daemon.json) from the web UI — 50+ settings across 6 categories with risk badges
  • Drift detection (expected vs actual container state)
  • Change events feed (audit trail of infrastructure changes)
  • Resource cost optimization (rightsizing recommendations)
  • Session recording and replay
  • Operations calendar
  • Compliance PDF reports (CIS Docker Benchmark)

Tech Stack

Layer Technology
Language Go 1.25
Web Chi v5 router
Templates Templ (compiled, type-safe)
CSS Tailwind CSS (standalone CLI, no Node.js)
Frontend Alpine.js + HTMX
Terminal xterm.js v5
Editor Monaco v0.52 + Neovim
DNS miekg/dns
Database PostgreSQL 16 (54 migrations)
Cache Redis 8 (TLS)
Messaging NATS 2.12 (JetStream)
Auth JWT + OAuth2/OIDC + LDAP + TOTP
Scanner Trivy
Binary ~70 MB, no Node.js/Python runtime

Deploy in 60 Seconds 

curl -fsSL https://raw.githubusercontent.com/fr4nsys/usulnet/main/deploy/install.sh | sudo bash
Enter fullscreen mode Exit fullscreen mode

Auto-generates all secrets, starts PostgreSQL + Redis + NATS + Nginx + Guacamole. Access at https://your-server:7443 — default login: admin / usulnet.

Links

If you find usulnet useful, a star on GitHub goes a long way.

Top comments (0)