I got tired of SSH and Loki for four containers, so I built DockLog

If you run a few containers on one VPS or homelab box, you've probably lived this loop:

1. SSH in
2. docker logs -f something
3. Realize someone else on your team needs the same thing
4. Either hand out SSH keys or start designing an observability stack you don't actually need yet

I hit that wall with staging and random homelab services on the same machine. I didn't want Elasticsearch or Loki for four containers. I also didn't want everyone having shell access just to read stdout.

So I built DockLog — a self-hosted Docker log viewer and light admin UI. One container on the socket. No agents. No external telemetry.

What it does

• Live logs over WebSockets (stdout/stderr, not polling)
• Host + container CPU/memory, with about 30 days of samples in SQLite
• Multi-user auth with per-user container patterns (wildcards and regex)
• Optional actions — start, stop, restart, delete, shell — gated by server env flags and per-user permissions
• Audit log when auth mode uses a persistent database
• Native apps (Android, Windows, Linux) that connect to DockLog servers you host — save multiple servers and switch between them in the app

Typical RAM use for me is around 30–40 MB. Image is aimldev/docklog:latest on Docker Hub (amd64 and arm64). MIT licensed.

What it doesn't try to be

Being upfront about scope:

• One Docker engine per DockLog instance — not fleet-wide aggregation in a single dashboard (that's on the roadmap)
• Not a replacement for Loki/ELK/Grafana at cluster scale
• Not a hosted SaaS — you run it, you own the data
• docker.sock is still privileged — treat it like any admin tool

Quick start

services:
  docklog:
    image: aimldev/docklog:latest
    container_name: docklog
    ports:
      - "8888:8000"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./data:/app/data
    environment:
      - SECRET_KEY=change-me-use-openssl-rand-base64-32
      - DB_PATH=/app/data/docklog.db
      - CLIENT_ACCESS=strict
      - ENV=production
    restart: unless-stopped

Open http://localhost:8888. A fresh install seeds admin / admin123 and prompts you to change the password on first login.

Or with docker run:

docker pull aimldev/docklog:latest

docker run -d \
  --name docklog \
  -p 8888:8000 \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -v $(pwd)/data:/app/data \
  -e SECRET_KEY=your-secure-key-here \
  -e DB_PATH=/app/data/docklog.db \
  -e CLIENT_ACCESS=strict \
  --restart unless-stopped \
  aimldev/docklog:latest

RBAC that isn't just UI theater

A question I got early on (fair one): if you restrict containers per user, is that only hidden in the UI?

No. allowed_containers patterns are checked server-side before container lists, log WebSocket streams, stats, and actions. Action rights use two layers: server ALLOW_* flags and per-user can_* flags in the database — both have to pass, including for admin accounts.

In no-auth mode (fine for a local laptop, not for the public internet), the ALLOW_* env vars are the only gate.

Stack

• Go backend talking to the Docker API
• Vue 3 UI embedded in the same image
• SQLite for users, RBAC, audits, and short metric history
• WebSockets for logs, events, and optional shell sessions
• Flutter for the mobile/desktop companion apps

The image also ships a docklog CLI on PATH (reset-password, config, version, and agent subcommands for future fleet work).

Try it without installing

There's a public demo if you want to click around first:

• https://demo.docklog.dev
• login: demo / Demo@1106

Shared sandbox don't put real secrets there.

Mobile / desktop clients

The apps are clients for servers you already run. Add your URL, sign in, tail logs without keeping a browser tab open. You can store prod, staging, and homelab instances in one app and flip between them.

Each host still runs its own DockLog container. The app is multi-server management, not one merged view of every container across every machine yet.

Downloads: https://www.docklog.dev/app

I reached for something heavier when multiple people needed access with different container visibility without giving everyone the Docker socket through SSH.

DockLog is aimed at that middle ground: faster than standing up a full logging stack, more structured than shared SSH access.

Links

• Site: https://www.docklog.dev
• Docs: https://www.docklog.dev/docs
• GitHub: https://github.com/dockloghq/docklog
• Docker Hub: https://hub.docker.com/r/aimldev/docklog

If you try it, I'd genuinely like to know what you use today for single-host Docker logs and what's still missing. Issues and feedback welcome on GitHub.