github yusing/godoxy v0.10.0-agent-workflow
v0.10.0
on GitHub

latest release: v0.10.0
6 days ago

What's changed

New

  • feature: GoDoxy Agent - maintain secure connection between main server and other docker nodes (agents) by authenticating and encrypting with mutual TLS (mTLS).

    • No more exposing docker socket: drops the need of docker-socket-proxy
    • No more exposing app ports: fewer attack surfaces 
    services:
  app:
    ...
    # ports: # this part is not needed on agent server
    #  - 6789
    • Secure: no one can connect to it except GoDoxy main server because of mTLS, plus connection is encrypted
    • Fetch info from agent server, e.g. CPU usage, Memory usage, container list, container logs, etc...

    Setup procedures:

    1. Create a directory for agent server, cd into it
    2. Navigate to Metrics tab in Web UI, click Add agent, fill in required information then click Copy docker compose
    3. Paste the docker compose into a file (e.g., compose.yml) on the agent server then start it with docker compose up -d

  • ui: enhanced Web UI design

  • ui: enhanced idlewaker loading page design (d105f86)

  • metrics: collect uptime and system information (e.g. CPU Usage, Memory Usage, Network I/O, etc.) and added "Metrics" page in Web UI (like Uptime Kuma and beszel)

    • added /app/data mount point for storing metrics data

  • docker: added "Docker" page in Web UI for rendering container logs (like Dozzle)

  • docker: blacklist certain docker images (e.g. headless browser containers, backend services) from proxying by default (3c515b0)

  • oidc: now GoDoxy redirects user to a block page when user or group not in the allow list. (f72d9ae)

  • oidc: support end_session_endpoint discovery, removed OIDC_LOGOUT_URL environment variable. (cba7338)

  • autocert: display cert information and button for cert renewal in Web UI (a557684)

  • misc: introduce GODOXY_FRONTEND_PORT environment variable (5ea8264)

Fixes

  • api: allow login when not using HTTPS (#73 login loop issue) by explicitly setting API_JWT_SECURE to false (f966ca8)
  • misc: fixed race condition in certain scenarios

Changes

  • api: GoDoxy now generates a random JWT secret if not present (2f24a1d)
  • CI/CD: improved GitHub workflow and Dockerfile (39381a1) (9006049)
  • security: validate route config to disallow proxying to GoDoxy itself (c893510)
  • security: sanitize path and URL from user input and other sources (f3840d5) (17ef5cb)
  • misc: use HTTP 308 (Permanent Redirect) instead of 301 (Moved Permanently) for redirectHTTP middleware (821e4a2)
  • misc: removed forwardAuth middleware
  • misc: removed some Prometheus metrics (subject to drop Prometheus support entirely) (366c891)
  • general performance improvements and reduced memory usage
  • dependencies upgraded
Check out latest releases or
releases around yusing/godoxy v0.10.0-agent-workflow

Don't miss a new godoxy release

NewReleases is sending notifications on new releases.

Get notifications