DrydockDrydock
ConfigurationServer

Server

You can adjust the server configuration with the following environment variables.

You can adjust the server configuration with the following environment variables.

Variables

Env varRequiredDescriptionSupported valuesDefault value when missing
DD_PUBLIC_URLPublic-facing URL for OIDC callbacks and links (auto-detected from request if not set)URL (e.g., https://drydock.example.com)auto-detected
DD_SERVER_ENABLEDIf REST API must be exposedtrue, falsetrue
DD_SERVER_PORTHttp listener portfrom 0 to 655353000
DD_SERVER_TRUSTPROXYTrust X-Forwarded-For headers when behind a reverse proxytrue, false, or hop count (1, 2, etc.)false
DD_SERVER_TLS_ENABLEDEnable HTTPS+TLStrue, falsefalse
DD_SERVER_TLS_KEYTLS server key (required when DD_SERVER_TLS_ENABLED is enabled)File path to the key file
DD_SERVER_TLS_CERTTLS server certificate (required when DD_SERVER_TLS_ENABLED is enabled)File path to the cert file
DD_SERVER_CORS_ENABLEDEnable CORS Requeststrue, falsefalse
DD_SERVER_CORS_ORIGINSupported CORS origin*
DD_SERVER_CORS_METHODSSupported CORS methodsComma separated list of valid HTTP verbsGET,HEAD,PUT,PATCH,POST,DELETE
DD_SERVER_FEATURE_CONTAINERACTIONSEnable start, stop, restart, and update actions via API and UItrue, falsetrue
DD_SERVER_FEATURE_DELETEIf deleting operations are enabled through API & UItrue, falsetrue
DD_SERVER_FEATURE_WEBHOOKEnable the webhook API endpointstrue, falsetrue
DD_SERVER_WEBHOOK_TOKENBearer token for webhook authentication (required when webhooks enabled)Any string
DD_SERVER_METRICS_AUTHRequire authentication on /metrics endpointtrue, falsetrue
DD_SESSION_SECRETOverride the auto-generated session secret for cookie signingAny stringauto-generated
DD_RUN_AS_ROOTSkip privilege drop from root to node user (required for read-only socket mounts)true, falsefalse

Examples

Disable http listener

services:
  drydock:
    image: codeswhat/drydock
    ...
    environment:
      - DD_SERVER_ENABLED=false
docker run \
  -e DD_SERVER_ENABLED=false \
  ...
  codeswhat/drydock

Set http listener port to 8080

services:
  drydock:
    image: codeswhat/drydock
    ...
    environment:
      - DD_SERVER_PORT=8080
docker run \
  -e DD_SERVER_PORT=8080 \
  ...
  codeswhat/drydock

Enable HTTPS

services:
  drydock:
    image: codeswhat/drydock
    ...
    environment:
      - DD_SERVER_TLS_ENABLED=true
      - DD_SERVER_TLS_KEY=/drydock_certs/server.key
      - DD_SERVER_TLS_CERT=/drydock_certs/server.crt
docker run \
  -e "DD_SERVER_TLS_ENABLED=true" \
  -e "DD_SERVER_TLS_KEY=/drydock_certs/server.key" \
  -e "DD_SERVER_TLS_CERT=/drydock_certs/server.crt" \
  ...
  codeswhat/drydock

Reverse proxy (trust proxy)

services:
  drydock:
    image: codeswhat/drydock
    ...
    environment:
      - DD_SERVER_TRUSTPROXY=1
docker run \
  -e DD_SERVER_TRUSTPROXY=1 \
  ...
  codeswhat/drydock

Secrets from files

Any DD_* environment variable can be loaded from a file by appending __FILE to the variable name and setting the value to the file path. This is useful for Docker secrets and other secret management tools.

services:
  drydock:
    image: codeswhat/drydock
    ...
    environment:
      - DD_SERVER_WEBHOOK_TOKEN__FILE=/run/secrets/webhook_token
    secrets:
      - webhook_token

secrets:
  webhook_token:
    file: ./webhook_token.txt
docker run \
  -e DD_SERVER_WEBHOOK_TOKEN__FILE=/run/secrets/webhook_token \
  -v ./webhook_token.txt:/run/secrets/webhook_token:ro \
  ...
  codeswhat/drydock

Update Guard

Run security scanning, signature verification, and SBOM generation before applying container updates.

Storage

Persist drydock state by mounting /store as a volume.

On this page

VariablesExamplesDisable http listenerSet http listener port to 8080Enable HTTPSReverse proxy (trust proxy)Secrets from files