Lagoon Cockpit: A Mobile-First Dashboard for Native Docker Infrastructure Management

I built a mobile DevOps dashboard because managing Docker from my phone shouldn’t require SSH

Aboubakar Camara developed Lagoon Cockpit to eliminate the friction of managing VPS infrastructure via mobile terminal emulators. The system provides native monitoring for 16 containers across 5 Docker Compose stacks with biometric security. It leverages direct Docker Engine API access rather than shell command parsing for higher reliability.

Why This Matters

While desktop-first dashboards like Portainer provide comprehensive control, they suffer from poor usability on mobile devices, forcing engineers into high-friction SSH workflows for urgent container restarts. Lagoon Cockpit addresses the technical reality of on-call management by providing a dedicated API agent that interfaces directly with the Docker unix socket, delivering structured JSON data to a native mobile UI. This approach mitigates the risk of ‘fat-fingering’ commands in a terminal emulator and provides a more secure, role-based access model for remote infrastructure management.

Key Insights

• Direct Docker Engine API interaction via /var/run/docker.sock avoids the overhead and fragility of spawning and parsing Docker CLI shell commands.
• Automatic stack discovery is implemented by grouping containers based on the com.docker.compose.project label injected by Docker Compose.
• Real-time system metrics and container states are broadcast using Server-Sent Events (SSE), offering automatic reconnection over mobile networks compared to WebSockets.
• Security validation uses regex ^[a-zA-Z0-9][a-zA-Z0-9_.-]{0,127}$ for container IDs to prevent path traversal attacks against the Docker API.
• The management plane includes self-protection logic that detects its own container ID to prevent accidental self-termination via the dashboard.

Working Examples

API agent function for communicating with the Docker Engine API via unix socket.

function dockerAPI(method, path, body = null) {
return new Promise((resolve, reject) => {
const opts = {
socketPath: '/var/run/docker.sock',
path: `/v1.43${path}`,
method,
};
const req = http.request(opts, (res) => {
// parse JSON response
});
req.end();
});
}

Logic for discovering Docker Compose stacks using container labels.

const containers = await dockerAPI('GET', '/containers/json?all=true');
const stacks = {};
for (const c of containers) {
const project = c.Labels['com.docker.compose.project'];
if (project) (stacks[project] ??= []).push(c);
}

Docker Compose configuration for deploying the Lagoon Cockpit API agent.

services:
  cockpit-api:
    build: .
    container_name: lagoon_cockpit_api
    restart: unless-stopped
    env_file: .env
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /proc:/host/proc:ro
      - cockpit_data:/app/data
    networks:
      - your_proxy_network
    deploy:
      resources:
        limits: { cpus: '0.25', memory: 256M }

Practical Applications

• Multi-server management: Switching between production, staging, and development VPS environments within a single native mobile interface.
• SSL Certificate Monitoring: Proactively tracking domain expiration days (e.g., Let’s Encrypt status) to prevent downtime before certificates expire.
• Pitfall: Exposing the API container via public ports; users should restrict access via Tailscale, WireGuard, or IP-restricted reverse proxies to maintain security.
• Role-Based Access: Utilizing ‘operator’ roles for container restarts while restricting ‘admin’ privileges for full stack operations and user management.

References:

• https://dev.to/bigabou007dev/i-built-a-mobile-devops-dashboard-because-managing-docker-from-my-phone-shouldnt-require-ssh-4j6n
• github.com/Bigabou007-dev/lagoon-cockpit