Dockside is a tool for provisioning lightweight access-controlled IDEs, staging environments and sandboxes - aka devtainers - on local machine, self-hosted on-premises on bare metal or VM, or in the cloud.
By provisioning a devtainer for every fork and branch, Dockside allows collaborative software and product development teams to take lean and iterative development and testing to a highly parallelised extreme.
Core features:
- Instantly launch and clone an almost infinite multiplicity of disposable devtainers - one for each task, bug, feature or design iteration.
- Powerful VS Code-compatible IDE.
- HTTPS automatically provisioned for every devtainer.
- User authentication and access control to running devtainers and their web services.
- Fine-grained user and role-based access control to devtainer functionality and underlying system resources.
- Launch devtainers from stock Docker images, or from your own.
- Root access within devtainers, so developers can upgrade their devtainers and install operating system packages when and how they need.
Benefits for developers:
- Code in a clone of your production environment, avoiding troublesome deploy-time errors and bugfixing.
- Switch between and hand over tasks instantly. No more laborious branch switching, or committing code before it’s ready. ‘git stash’ will be a thing of the past.
- Work from anywhere. All you need is a browser.
- Unifying on an IDE within a team can deliver great productivity benefits for collaborative teams through improved knowledge-share, better choices and configuration of plugins and other tooling.
- Develop against production databases (or production database clones) when necessary.
Benefits for code reviewers:
- Access your colleagues’ devtainers directly for code review.
- No more staring at code wondering what it does, or time-consuming setup, when their code is already running.
- Annotate their code directly with your comments as to points they should address.
- To save time, when you know best, apply and test your own fixes directly to their code.
Benefits for product managers and senior management:
- High visibility of product development progress. Access always-on application revisions and works-in-progress, wherever you are in the world.
- Devs can be sometimes be fussy about their choice of IDE, but unifying on an IDE can deliver productivity benefits for collaborative teams through improved knowledge-share and tooling.
Advanced features:
- Runtime agnostic: use runC (Docker's default), sysbox, gvisor, or others.
- Apply Docker system resource limits to devtainers, and communicate available system resources to devtainers using LXCFS.
- Support for launching multi-architecture devtainers using qemu-user-static.
- Firewall or redirect outgoing devtainer traffic using custom Docker networks.
- Access Dockside devtainers via multiple domain names, when needed to stage or simulate multi-domain web applications.
Dockside is supported on Intel (amd64/x86), Apple M1/M2 (arm64) and Raspberry Pi (arm/v7) hardware platforms, via a multiarch Docker image that contains native binary implementations of Dockside for all three architectures.
Dockside is tested on:
- Intel (amd64/x86) platforms running Debian Linux and Docker Engine (via the
docker-ce
package suite) - MacOS (amd64/x86 and Apple Mac M1) running Docker Desktop
- Intel Windows 10 running Docker Desktop
- Raspberry Pi (arm/v7) running Raspbian Linux and Docker Engine (via the
docker-ce
package suite)
Dockside requires a host with a minimum of 1GB memory.
Installing Docker
Dockside is designed to be installed using Docker. To install Docker for your platform, go to https://www.docker.com/
Dockside needs an SSL certificate to run. For temporary/trial usage, Dockside may be launched with a built-in or self-signed SSL certificate.
For production usage on an Internet-connected server, Dockside should be launched on a dedicated public domain name (or sub-domain name) with a genuine wildcard SSL certificate for that domain.
Choose from the following options:
- Launch locally with built-in SSL cert
- Launch anywhere with self-signed SSL cert
- Launch in production with self-supplied SSL certificate
- Launch in production with auto-generated LetsEncrypt public SSL certificate
- Launch Dockside on a local machine, with a temporary and convenient built-in SSL certificate
mkdir -p ~/.dockside && \
docker run -it --name dockside \
-v ~/.dockside:/data \
-v /var/run/docker.sock:/var/run/docker.sock \
-p 443:443 -p 80:80 \
--security-opt=apparmor=unconfined \
newsnowlabs/dockside --ssl-builtin
-
In your browser, navigate to the Dockside homescreen at https://www.local.dockside.dev/. Sign in with the username
admin
and the auto-generated password output to the terminal, then follow the instructions displayed on-screen. -
You can now detach from the Dockside container running back in your terminal by typing
CTRL+P
CTRL+Q
. Alternatively you can instead launch withdocker run -d
instead ofdocker run -it
; if you do this, rundocker logs dockside
to display the terminal output and auto-generated admin password.
WARNING: The default Dockside installation embeds a non-secret SSL certificate, for
*.local.dockside.dev
resolving to 127.0.0.1, which should not be used for production usage.
- Launch Dockside on a local machine, on-premises server, VM or cloud instance, with a temporary and convenient self-signed SSL certificate, where
<my-domain>
is the domain name:
mkdir -p ~/.dockside && \
docker run -it --name dockside \
-v ~/.dockside:/data \
-v /var/run/docker.sock:/var/run/docker.sock \
-p 443:443 -p 80:80 \
--security-opt=apparmor=unconfined \
newsnowlabs/dockside --ssl-selfsigned --ssl-zone <my-domain>
-
In your browser, navigate to the Dockside homescreen at the hostname for your machine/VM in your browser. This must be
https://www.<my-domain>/
so you must configure your DNS or/etc/hosts
file accordingly. Sign in with the usernameadmin
and the auto-generated password output to the terminal, then follow the instructions displayed on-screen. -
You can now detach from the Dockside container running back in your terminal by typing
CTRL+P
CTRL+Q
. Alternatively you can instead launch withdocker run -d
instead ofdocker run -it
; if you do this, rundocker logs dockside
to display the terminal output and auto-generated admin password.
- Assuming your self-supplied
fullchain.pem
andprivkey.pem
files for the wildcard SSL certificate for your domain<my-domain>
are located in<certsdir>
then launch Dockside as follows:
mkdir -p ~/.dockside && \
docker run -d --name dockside \
-v ~/.dockside:/data \
-v <certsdir>:/data/certs \
-v /var/run/docker.sock:/var/run/docker.sock \
-p 443:443 -p 80:80 \
--security-opt=apparmor=unconfined \
newsnowlabs/dockside --ssl-selfsupplied
- In your browser, navigate to the Dockside homescreen at
https://www.<my-domain>/
. To view the launch logs and obtain the auto-generatedadmin
user password, rundocker logs dockside
. Sign in with the usernameadmin
and the displayed password, then follow the instructions displayed on-screen.
N.B. Should you update your certificates run
docker exec dockside s6-svc -t /etc/service/nginx
to tell Dockside to reload them.
In order for Dockside to auto-generate a public SSL certificate using LetsEncrypt, it must first be delegated responsibility for handling public internet DNS requests for your chosen domain and you must also configure the server (or VM or instance) on which you will run Dockside to accept UDP requests on port 53. So:
- Delegate the domain to the server running Dockside by installing the following two domain name records for
<my-domain>
:
<my-domain> A <my-server-ip>
<my-domain> NS <my-domain>
These records are needed to tell the public DNS infrastructure that DNS requests for <my-domain>
should be forwarded to <my-server-IP>
.
- Launch Dockside as follows:
mkdir -p ~/.dockside && \
docker run -d --name dockside \
-v ~/.dockside:/data \
-v /var/run/docker.sock:/var/run/docker.sock \
-p 443:443 -p 80:80 -p 53:53/udp \
--security-opt=apparmor=unconfined \
newsnowlabs/dockside --ssl-letsencrypt --ssl-zone <my-domain>
Assuming you have provisioned correctly, Dockside will use LetsEncrypt to generate a public SSL certificate on startup and to regenerate the certificate periodically to ensure it remains current.
- In your browser, navigate to the Dockside homescreen at
https://www.<my-domain>/
. To view the launch logs and obtain the auto-generatedadmin
user password, rundocker logs dockside
. Sign in with the usernameadmin
and the displayed password, then follow the instructions displayed on-screen.
Launch using Google Cloud Deployment Manager
An implementation of the above procedure within Google Deployment Manager is available here. To use it, you must first configure a managed zone within Google Cloud DNS.
Then sign into Cloud Shell, and run:
git clone https://github.com/newsnowlabs/dockside.git cd dockside/examples/cloud/google-deployment-manager/ ./launch.sh --managed-zone <managed-zone> --dns-name <managed-zone-fully-qualified-subdomain>For example, if your managed zone is called
myzone
, the zone DNS name ismyzone.org
, and your chosen subdomain isdockside
then run./launch.sh --managed-zone myzone --dns-name dockside.myzone.org
.For full
launch.sh
usage, including options for configuring cloud machine type, machine zone, and disk size, run./launch.sh --help
.
Refer to Usage for how to use the Dockside UI and IDE.
See Configuring and administering Dockside
See Upgrading Dockside for strategies for upgrading Dockside, or Dockside components such as the Dockside Theia IDE.
See Securing profiles and devtainers
- LXCFS -- allows processes within devtainers to correctly report their own cpu, memory, and disk available resources and usage
- Multi-architecture devtainers -- support for devtainers running non-amd64 processor architectures
- Docker-in-Dockside devtainers -- support for running devtainers using the sysbox runtime
- Self-contained Docker-in-Dockside -- support for running Dockside using the sysbox runtime
- Backups -- strategies for backing up devtainers
Read the case study of how Dockside is used in production for all aspects of web application and back-end development and staging (including acceptance testing) of the websites https://www.newsnow.co.uk/ and https://www.newsnow.com/.
Where are we taking Dockside? As Dockside today satisfactorily serves the needs of the NewsNow development team, its roadmap currently remains highly flexible. We have a list of features we think could be great to add, but we now want to hear from you what you would most value to see added to Dockside.
For our current ideas/plans, see our draft roadmap.
See Developing Dockside to learn more about how to go about developing Dockside within Dockside, the Dockside application components and building Dockside images.
If you are experiencing an issue or believe you may have found a bug, please raise an issue or contact via on the NewsNow Labs Slack Workspace.
If you would like to contribute a bugfix, patch or feature, we'd be delighted.
Please just raise an issue or contact us on our NewsNow Labs Slack Workspace.
Github: Raise an issue
Slack: NewsNow Labs Slack Workspace
Email: dockside@NewsNow.co.uk
We are typically available Monday-Friday, 9am-5pm London time.
Thank you very much for using and/or contributing and/or spreading the word about Dockside. We hope you find it helps your team be more and more productive.
Thanks to Struan Bartlett for conceiving the model of iterative web development through the use of ready-built, stageable and disposable development environments running web-based IDEs, and for leading the development of Dockside.
Thanks also to other members of the NewsNow development team for contributing the Dockside Vue client, design and architectural ideas, support and advice, code and code-reviews; for coining the term devtainers; and for the Dockside logo concept.
Thanks also to the entire design and development, editorial and testing teams at NewsNow for so enthusiastically adopting containerised development working practices and for subjecting Dockside to so many years of robust use (and abuse) during the course of their daily iterative development, evaluation and testing of the NewsNow platform - and proving the value of this development model.
Thanks last but not least to NewsNow, The Independent News Discovery Platform, for sponsoring the development of Dockside.
The Dockside multiarch build is built thanks to Depot and we're grateful for their support.
This project (known as "Dockside"), comprising the files in this Git repository, is copyright 2017-2021 NewsNow Publishing Limited and contributors.
Dockside is an open-source project licensed under the Apache License, Version 2.0 (the "License"); you may not use Dockside or its constituent files except in compliance with the License.
You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
N.B. In order to run, Dockside relies upon other third-party open-source software dependencies that are separate to and independent from Dockside and published under their own independent licences.
Dockside Docker images made available at https://hub.docker.com/repository/docker/newsnowlabs/dockside are distributions designed to run Dockside that comprise: (a) the Dockside project source and/or object code; and (b) third-party dependencies that Dockside needs to run; and which are each distributed under the terms of their respective licences.
Dockside and devtainer are trade marks of NewsNow Publishing Limited. All rights reserved.