Skip to main content
Dockhand can be configured using environment variables. This guide covers all available configuration options.

Environment Variables

Core Settings

PORT
string
default:"3000"
Port number for the web server. The application listens on 0.0.0.0 by default.
HOST
string
default:"0.0.0.0"
Host address to bind the web server. Use 0.0.0.0 to accept connections from any interface.
DATA_DIR
string
default:"/app/data"
Directory for storing application data (database, stacks, cache). Should be mounted as a volume for data persistence.
DOCKHAND_HOSTNAME
string
default:"auto-detected"
Override the detected Docker host hostname. Useful for licensing and multi-host setups.
If not set, Dockhand automatically detects the hostname from the Docker daemon.

Database Configuration

DATABASE_URL
string
default:"sqlite"
PostgreSQL connection string. If not set, Dockhand uses SQLite (stored in DATA_DIR/dockhand.db).
Format: postgres://USERNAME:PASSWORD@HOST:PORT/DATABASE
Ensure the PostgreSQL database exists before starting Dockhand. Migrations run automatically.
DB_FAIL_ON_MIGRATION_ERROR
boolean
default:"true"
Stop application startup if database migrations fail. Set to false to continue despite migration errors (not recommended).
DB_VERBOSE_LOGGING
boolean
default:"false"
Enable verbose SQL query logging for debugging database issues.
SKIP_MIGRATIONS
boolean
default:"false"
Skip database migrations entirely. Useful for read-only replicas or troubleshooting.
Only use this if you know what you’re doing. Missing migrations will cause application errors.

Docker Connection

DOCKER_SOCKET
string
default:"/var/run/docker.sock"
Path to the Docker socket inside the container. Useful when Docker socket is mounted at a non-standard location.
DOCKER_HOST
string
default:"unix:///var/run/docker.sock"
Docker daemon connection URL. Supports Unix socket, TCP, and SSH protocols.
When using TCP, configure TLS certificates via the web UI (Settings > Environments) for secure connections.
DOCKER_API_VERSION
string
default:"auto-negotiated"
Force a specific Docker API version. Normally auto-negotiated with the daemon.
HOST_DATA_DIR
string
default:"auto-detected"
Host path to the data directory. Used for translating container paths when creating stacks. Auto-detected by inspecting Dockhand’s own container.
HOST_DOCKER_SOCKET
string
default:"auto-detected"
Host path to the Docker socket. Used for socket-proxy scenarios or non-standard socket locations.

Security & Authentication

ENCRYPTION_KEY
string
default:"auto-generated"
Base64-encoded 32-byte encryption key for encrypting sensitive data (passwords, tokens, certificates). Auto-generated if not provided.
Generate a key with: openssl rand -base64 32
Store this securely! Loss of the encryption key means loss of all encrypted credentials.
Force secure cookies (HTTPS-only). Auto-detected based on x-forwarded-proto header.
  • true: Always use Secure flag (requires HTTPS)
  • false: Never use Secure flag (allows HTTP)
  • Not set: Auto-detect based on x-forwarded-proto: https header
DISABLE_LOCAL_LOGIN
boolean
default:"false"
Disable username/password authentication and require SSO/OIDC login.
Ensure you have a working OIDC provider configured before enabling this, or you’ll be locked out.

User & Permissions

PUID
integer
default:"1001"
User ID to run the application as. Useful for matching host user permissions.
The container automatically configures the dockhand user with this UID on startup.
PGID
integer
default:"1001"
Group ID to run the application as. Useful for matching host group permissions.

Performance & Timeouts

COMPOSE_TIMEOUT
integer
default:"900"
Timeout in seconds for Docker Compose operations (up, down, pull). Increase for slow networks or large images.
SKIP_DF_COLLECTION
boolean
default:"false"
Skip disk usage collection (df command). Recommended for Synology NAS and other systems where df is slow.
Disabling this removes disk usage graphs from the dashboard but significantly improves performance on affected systems.
MEMORY_MONITOR
boolean
default:"false"
Enable memory usage tracking and RSS snapshots for debugging memory leaks. Enables the /api/debug/memory endpoint.
This is a debugging feature and adds overhead. Only enable when troubleshooting memory issues.
SNAPSHOT_INTERVAL
integer
default:"60"
Interval in minutes for memory snapshots when MEMORY_MONITOR=true.
DISABLE_METRICS
boolean
default:"false"
Disable metrics collection subprocess. Metrics include container stats, system info, and resource usage.
DISABLE_EVENTS
boolean
default:"false"
Disable Docker event stream monitoring. Events drive real-time UI updates.

Git Integration

GIT_REPOS_DIR
string
default:"$DATA_DIR/git-repos"
Directory for storing cloned Git repositories (for Git-based stacks).

Configuration Examples

Production Deployment with PostgreSQL

docker-compose.yaml

Remote Docker Host Management

docker-compose.yaml
Configure TLS certificates for the remote Docker host via the web UI (Settings > Environments).

High-Performance Configuration

docker-compose.yaml

Debugging Configuration

docker-compose.yaml

Session Management

Session timeout is configured via the web UI:
1

Navigate to Settings

Go to Settings > Authentication in the web interface.
2

Set Session Timeout

Configure Session Timeout in seconds:
  • Minimum: 1 second
  • Maximum: 2592000 seconds (30 days)
  • Default: 86400 seconds (24 hours)
3

Save Changes

Click Save. New sessions will use the updated timeout.
Sessions are stored in the database and survive container restarts.

TLS & HTTPS

Dockhand does not include a built-in TLS/HTTPS server. Use a reverse proxy for production deployments.

Nginx Reverse Proxy Example

nginx.conf
The X-Forwarded-Proto: https header enables automatic secure cookie mode.

Traefik Reverse Proxy Example

docker-compose.yaml

Backup & Restore

SQLite Database

PostgreSQL Database

Troubleshooting

Symptoms: “Migration failed” errors on startupSolutions:
  1. Check database connectivity:
  2. Verify DATABASE_URL format:
  3. Skip migrations temporarily (for diagnosis only):
Symptom: Slow dashboard, high CPU usageSolution: Disable disk usage collection
The df command is extremely slow on Synology DSM and can freeze the UI.
Symptom: Container memory grows over timeSolution: Enable memory monitoring
Then access: http://localhost:3000/api/debug/memory
Symptom: Stack deployments fail with “timeout” errorsSolution: Increase timeout
Useful for large images or slow networks.
Symptom: “Permission denied” or “Socket not accessible”Solutions:
  1. Add Docker socket group:
  2. Verify socket is mounted:
  3. Check entrypoint logs:
Solution: Temporarily re-enable local login
Then configure OIDC provider before re-enabling.

Next Steps

Authentication

Configure OIDC/SSO and LDAP authentication

Stacks

Deploy and manage Docker Compose stacks

API Reference

Integrate Dockhand with automation tools

Deployment Guide

Production deployment best practices