jason/socktop-webterm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6e48c095ab
socktop-webterm/DOCKER_DEPLOYMENT.md
jasonwitty 6e48c095ab Initial commit: Socktop WebTerm with k3s deployment 
- Multi-architecture Docker image (ARM64 + AMD64)
- Kubernetes manifests for 3-replica deployment
- Traefik ingress configuration
- NGINX Proxy Manager integration
- ConfigMap-based configuration
- Automated build and deployment scripts
- Session monitoring tools
2025-11-28 01:31:33 -08:00

543 lines
11 KiB
Markdown
Raw Blame History

# Docker Deployment Guide for socktop webterm
## Overview
This guide explains how to build and deploy the socktop webterm application in a Docker container. The container includes:
- Debian Trixie Slim base
- Rust-based webterm server
- xterm.js 5.5.0 with Catppuccin Frappe theme
- Alacritty terminal emulator
- FiraCode Nerd Font
- socktop-agent for monitoring
- All your custom configurations
## Prerequisites
- Docker (20.10 or later)
- Docker Compose (1.29 or later)
- Configuration files in the `files/` directory
## Quick Start
### 1. Prepare Configuration Files
Copy your configuration files to the `files/` directory:
```bash
cd webterm
mkdir -p files
# Copy your Alacritty configuration
cp /path/to/your/alacritty.toml files/
cp /path/to/your/catppuccin-frappe.toml files/
# Copy socktop configuration
cp /path/to/your/profiles.json files/
# Copy SSH keys (ensure correct permissions)
cp /path/to/your/*.pem files/
chmod 600 files/*.pem
```
**Required files in `files/` directory:**
- `alacritty.toml` - Alacritty terminal configuration
- `catppuccin-frappe.toml` - Catppuccin theme for Alacritty
- `profiles.json` - socktop profiles configuration
- `rpi-master.pem` - SSH key for master node
- `rpi-worker-1.pem` - SSH key for worker 1
- `rpi-worker-2.pem` - SSH key for worker 2
- `rpi-worker-3.pem` - SSH key for worker 3
**Example files:**
If you don't have these files yet, you can use the example templates:
```bash
cp files/alacritty.toml.example files/alacritty.toml
cp files/catppuccin-frappe.toml.example files/catppuccin-frappe.toml
cp files/profiles.json.example files/profiles.json
```
### 2. Build and Run with Docker Compose
```bash
# Build the image
docker-compose build
# Start the container
docker-compose up -d
# View logs
docker-compose logs -f
# Stop the container
docker-compose down
```
### 3. Access the Application
Open your browser and navigate to:
```
http://localhost:8082
```
You should see the socktop webterm interface with:
- Beautiful Catppuccin Frappe theme
- Transparent terminal window
- Link buttons to GitHub, Crates.io, and APT repository
- Terminal automatically running `socktop -P local`
## Manual Docker Commands
If you prefer not to use Docker Compose:
### Build the Image
```bash
docker build -t socktop-webterm:latest .
```
### Run the Container
```bash
docker run -d \
--name socktop-webterm \
-p 8082:8082 \
-v $(pwd)/files:/files:ro \
-v socktop-data:/home/socktop/.local/share/socktop \
--restart unless-stopped \
socktop-webterm:latest
```
### View Logs
```bash
# All logs
docker logs -f socktop-webterm
# Webterm logs only
docker exec socktop-webterm tail -f /var/log/supervisor/webterm.out.log
# Socktop agent logs only
docker exec socktop-webterm tail -f /var/log/supervisor/socktop-agent.out.log
```
### Stop and Remove
```bash
docker stop socktop-webterm
docker rm socktop-webterm
```
## Configuration
### Environment Variables
You can customize the container behavior with environment variables in `docker-compose.yml`:
```yaml
environment:
# Terminal type
- TERM=xterm-256color
# Timezone
- TZ=America/New_York
# Logging level (error, warn, info, debug, trace)
- RUST_LOG=info
```
### Port Mapping
The container exposes two ports:
- **8082**: Webterm HTTP server (web interface)
- **3000**: socktop-agent (internal, usually not exposed)
To expose the socktop-agent externally (not recommended for security):
```yaml
ports:
- "8082:8082"
- "3001:3001" # Uncomment to expose agent (container uses port 3001)
```
### Volume Mounts
#### Configuration Files (Required)
```yaml
volumes:
- ./files:/files:ro # Mount config files read-only
```
#### Persistent Data (Optional)
```yaml
volumes:
- socktop-data:/home/socktop/.local/share/socktop # Persist socktop data
- ./logs:/var/log/supervisor # Access logs on host
```
### Resource Limits
Adjust resource limits in `docker-compose.yml`:
```yaml
deploy:
resources:
limits:
cpus: '2.0' # Maximum CPU cores
memory: 1G # Maximum memory
reservations:
cpus: '0.5' # Minimum CPU cores
memory: 256M # Minimum memory
```
## Security Considerations
### Container Security
The container implements several security best practices:
1. **Non-root user**: Application runs as `socktop` user (not root)
2. **No new privileges**: `security_opt: no-new-privileges:true`
3. **Read-only config mounts**: Configuration files mounted as read-only
4. **Minimal attack surface**: Only necessary ports exposed
### SSH Key Security
**IMPORTANT**: Your SSH private keys are sensitive!
```bash
# Ensure correct permissions
chmod 600 files/*.pem
# Never commit keys to git
echo "files/*.pem" >> .gitignore
```
### Network Security
The container runs in an isolated Docker network by default. Consider:
1. **Use a reverse proxy** (nginx, Traefik) with HTTPS for production
2. **Don't expose socktop-agent port** (3000) to the internet
3. **Use firewall rules** to restrict access to port 8082
4. **Enable authentication** if exposing publicly
### Production Recommendations
For production deployments:
```bash
# Use a reverse proxy with SSL
# Example with nginx:
docker run -d \
--name nginx-proxy \
-p 80:80 \
-p 443:443 \
-v /path/to/certs:/etc/nginx/certs:ro \
-v /var/run/docker.sock:/tmp/docker.sock:ro \
jwilder/nginx-proxy
# Then expose webterm only to nginx
docker run -d \
--name socktop-webterm \
-p 127.0.0.1:8082:8082 \
-e VIRTUAL_HOST=socktop.yourdomain.com \
-e LETSENCRYPT_HOST=socktop.yourdomain.com \
socktop-webterm:latest
```
## Troubleshooting
### Container Won't Start
Check logs:
```bash
docker-compose logs
```
Common issues:
- **Missing config files**: Ensure all required files are in `files/` directory
- **Port already in use**: Change port mapping in `docker-compose.yml`
- **Permission denied**: Check file permissions, especially `.pem` files
### Terminal Not Connecting
1. Check if socktop-agent is running:
```bash
docker exec socktop-webterm ps aux | grep socktop-agent
```
2. Check agent logs:
```bash
docker exec socktop-webterm cat /var/log/supervisor/socktop-agent.out.log
```
3. Test agent connectivity:
```bash
docker exec socktop-webterm curl http://localhost:3001/health
```
### Configuration Not Loading
1. Verify files are mounted:
```bash
docker exec socktop-webterm ls -la /files
```
2. Check if files were copied:
```bash
docker exec socktop-webterm ls -la /home/socktop/.config/alacritty
docker exec socktop-webterm ls -la /home/socktop/.config/socktop
```
3. View entrypoint logs:
```bash
docker logs socktop-webterm 2>&1 | head -50
```
### Font Not Loading
1. Verify font installation:
```bash
docker exec socktop-webterm fc-list | grep -i firacode
```
2. Rebuild image if font is missing:
```bash
docker-compose build --no-cache
```
### Performance Issues
1. **Increase resource limits** in `docker-compose.yml`
2. **Check CPU/Memory usage**:
```bash
docker stats socktop-webterm
```
3. **Reduce transparency** in Alacritty config (opacity: 1.0)
4. **Disable backdrop blur** in terminal CSS
## Maintenance
### Updating the Container
```bash
# Pull latest code
git pull
# Rebuild image
docker-compose build --no-cache
# Restart container
docker-compose up -d
```
### Viewing Logs
```bash
# All supervisor logs
docker exec socktop-webterm ls /var/log/supervisor/
# Tail specific log
docker exec socktop-webterm tail -f /var/log/supervisor/webterm.out.log
# Export logs to host
docker cp socktop-webterm:/var/log/supervisor/ ./container-logs/
```
### Backing Up Configuration
```bash
# Backup volumes
docker run --rm \
-v socktop-data:/data \
-v $(pwd):/backup \
debian:trixie-slim \
tar czf /backup/socktop-backup-$(date +%Y%m%d).tar.gz /data
# Backup config files
tar czf socktop-config-backup-$(date +%Y%m%d).tar.gz files/
```
### Health Checks
The container includes a health check:
```bash
# Check health status
docker inspect --format='{{.State.Health.Status}}' socktop-webterm
# View health check logs
docker inspect socktop-webterm | jq '.[0].State.Health'
```
## Advanced Usage
### Running in Production
Example production `docker-compose.yml`:
```yaml
version: '3.8'
services:
socktop-webterm:
image: socktop-webterm:latest
container_name: socktop-webterm
restart: always
ports:
- "127.0.0.1:8082:8082" # Only localhost
volumes:
- ./files:/files:ro
- socktop-data:/home/socktop/.local/share/socktop
- /etc/localtime:/etc/localtime:ro # Use host timezone
environment:
- RUST_LOG=warn
- TZ=UTC
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
networks:
- web
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
networks:
web:
external: true
volumes:
socktop-data:
```
### Multi-Architecture Builds
Build for ARM (Raspberry Pi) and AMD64:
```bash
# Enable buildx
docker buildx create --use
# Build for multiple platforms
docker buildx build \
--platform linux/amd64,linux/arm64 \
-t socktop-webterm:latest \
--push \
.
```
### Kubernetes Deployment
Example Kubernetes manifests:
```yaml
# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: socktop-webterm
spec:
replicas: 1
selector:
matchLabels:
app: socktop-webterm
template:
metadata:
labels:
app: socktop-webterm
spec:
containers:
- name: socktop-webterm
image: socktop-webterm:latest
ports:
- containerPort: 8082
volumeMounts:
- name: config
mountPath: /files
readOnly: true
resources:
limits:
memory: "1Gi"
cpu: "2"
requests:
memory: "256Mi"
cpu: "500m"
volumes:
- name: config
secret:
secretName: socktop-config
```
## Development
### Building for Development
```bash
# Build without cache
docker-compose build --no-cache
# Build with verbose output
docker-compose build --progress=plain
# Build specific stage
docker build --target builder -t socktop-webterm:builder .
```
### Interactive Debugging
```bash
# Shell into running container
docker exec -it socktop-webterm bash
# Run container with shell
docker run -it --rm \
-v $(pwd)/files:/files:ro \
socktop-webterm:latest \
/bin/bash
# Override entrypoint
docker run -it --rm \
--entrypoint /bin/bash \
socktop-webterm:latest
```
### Testing Changes
```bash
# Test with local changes
docker-compose up --build
# Watch logs
docker-compose logs -f
# Restart services
docker-compose restart
```
## Support
For issues and questions:
- **GitHub Issues**: https://github.com/jasonwitty/socktop/issues
- **Documentation**: https://jasonwitty.github.io/socktop/
- **Docker Hub**: (if you publish the image)
## License
Same as socktop project.
---
**Happy monitoring!** 🚀📊
Reference in New Issue View Git Blame Copy Permalink