Documentation
¶
Overview ¶
Package config loads runtime configuration from flags and environment variables and resolves sensible cross-platform defaults.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
// Addr is the listen address. Defaults to loopback only; binding to a
// public interface is an explicit, conscious choice by the operator.
Addr string
// DataDir holds the SQLite database and any persisted secrets.
DataDir string
// SessionTTL is how long a logged-in session token stays valid.
SessionTTL time.Duration
// Dev enables developer conveniences (e.g. permissive CORS for Vite).
Dev bool
// UpdateCheck enables the periodic GitHub-release update check that backs
// the admin "update available" banner. On by default; set DC_UPDATE_CHECK=0
// (or -update-check=false) to disable outbound calls on air-gapped hosts.
UpdateCheck bool
// MetricsToken, when set, requires a bearer token to scrape /metrics.
// Empty means the endpoint is open (fine for loopback-only use).
MetricsToken string
// TLSCert/TLSKey are paths to a PEM certificate and key. When both are set,
// the server speaks HTTPS directly (otherwise plain HTTP behind a proxy).
TLSCert string
TLSKey string
// MCPEnabled turns on the remote MCP server (and its OAuth endpoints). Off by
// default: when false the /mcp, /oauth and MCP /.well-known routes are not
// mounted, so a request is an unknown path (it falls through to the SPA, or a
// 404 without an embedded UI) — no hint the feature exists. It exposes Docker
// read/control to AI tooling over the network — enable consciously, behind
// HTTPS. Startup logs the resolved on/off state.
MCPEnabled bool
// MCPPublicURL is the externally reachable base URL of this server
// (e.g. https://docker.example.com), used as the canonical resource
// identifier for OAuth audience binding and the protected-resource metadata.
// Empty is fine for Bearer-only (Claude Code header) use; the OAuth flow
// needs it set.
MCPPublicURL string
// Version is the build version string, set by main (not from flags/env).
Version string
// ConfigFile is the config file that was loaded, or "" if none.
ConfigFile string
// Metrics history backend. RedisAddr empty → in-memory ring buffer.
RedisAddr string
RedisPassword string
RedisDB int
MetricsRetention time.Duration
// MetricsInterval is how often the monitor samples every running container's
// stats (feeding the charts/history and resource alert rules). Lower means
// fresher data but more CPU on the app and the Docker daemon; raise it on a
// host with many containers where the sweep is costly.
MetricsInterval time.Duration
// PProf exposes Go's net/http/pprof profiling endpoints under /debug/pprof.
// Off by default; when on, the endpoints are restricted to loopback clients
// (use an SSH tunnel) since they leak goroutine stacks and heap detail.
PProf bool
// TrustedProxies is the set of reverse-proxy networks whose forwarded client
// IP (X-Forwarded-For) we trust. Empty (default) means forwarded headers are
// IGNORED and the real TCP peer is used for every IP-based decision (rate
// limits, the loopback 2FA exemption, audit) — so a remote client cannot
// spoof its address. Set it (e.g. 127.0.0.1/32,::1/128) only for the actual
// proxy in front of this server.
TrustedProxies []*net.IPNet
}
Config holds all runtime options.
func Load ¶
Load parses flags/env/config-file and returns the resolved configuration.
Precedence (highest first): command-line flag → environment variable → config file → built-in default. The config file is a simple "KEY=VALUE" file using the same DC_* keys as the environment. Its path comes from -config, then $DC_CONFIG, then the platform default (/etc/docker-commander/ commander.conf on Unix, %ProgramData%\docker-commander\commander.conf on Windows); a missing default file is ignored, a missing explicit one errors.
Source Files
Click to show internal directories.
Click to hide internal directories.