Overview
Webhooks enable continuous deployment by automatically pulling and deploying your compose stacks when changes are detected in your Git repository.Configuration
Enable Webhooks
1
Create Git stack
Navigate to Stacks > Add from Git and connect your repository.
2
Enable webhook
In the stack settings:
- Toggle Webhook Enabled
- Click Generate Secret (optional but recommended)
- Copy the webhook URL
3
Configure Git provider
Add the webhook URL to your Git repository settings.
Webhook URL Format
Git Provider Setup
- GitHub
- GitLab
- Gitea
- Generic Git
1
Open repository settings
Navigate to your GitHub repository > Settings > Webhooks
2
Add webhook
Click Add webhook and configure:
3
Select events
Choose Just the push event (default)
4
Save
Click Add webhook and GitHub will send a test ping
Signature Verification
GitHub signs webhook payloads with HMAC-SHA256:Webhook Security
Secret Verification
Webhook secrets prevent unauthorized deployments:1
Generate secret
In Dockhand, click Generate Secret for your webhook. This creates a secure random token.
2
Configure in Git
Add the secret to your Git provider’s webhook configuration.
3
Verification
Dockhand verifies every webhook request:
- GitHub: Validates HMAC-SHA256 signature
- GitLab: Compares X-Gitlab-Token header
- Others: Checks custom signature or token
Signature Validation
The webhook endpoint verifies signatures before processing:Branch Filtering
Configure which branch triggers deployments:Stack Configuration
Multiple Environments
Deploy different branches to different environments:Webhook Payload
Dockhand processes webhook payloads to extract repository information:GitHub Payload
GitLab Payload
Deployment Process
When a webhook is received:1
Validate request
- Verify webhook secret/signature
- Check payload format
- Validate repository ID
2
Check branch
- Extract branch from
reffield - Compare with configured branch
- Skip if branch doesn’t match
3
Clone repository
- Use configured Git credentials
- Clone or pull latest changes
- Checkout specified branch
4
Deploy stack
- Parse compose file
- Apply environment variables
- Run
docker compose up -d
5
Log event
- Record deployment in audit log
- Send notifications if configured
- Update last sync timestamp
Manual Webhook Trigger
Trigger deployments manually via GET request:- Testing webhook configuration
- Manual deployments outside Git workflow
- Scheduled deployments via cron
The
secret parameter must match the configured webhook secret.Monitoring Webhooks
View Webhook History
- Navigate to Stacks > select stack > Deployments
- View deployment history with:
- Trigger source (webhook/manual)
- Timestamp
- Commit hash
- Status (success/failed)
- Duration
Audit Logs
Webhook events are recorded in audit logs:Troubleshooting
Webhook not triggered
Webhook not triggered
- Verify webhook URL is correct and accessible from Git server
- Check webhook is enabled in both Git and Dockhand
- Review Git provider webhook delivery logs
- Test webhook manually:
- Check firewall allows inbound connections on webhook port
Signature verification failed
Signature verification failed
- Verify webhook secret matches between Git and Dockhand
- Check secret hasn’t expired or been regenerated
- For GitHub, ensure Content-Type is
application/json - Review webhook delivery logs in Git provider
- Try regenerating the secret on both sides
Deployment failed
Deployment failed
- Check Git credentials are valid and not expired
- Verify branch name matches configuration
- Ensure compose file exists at configured path
- Review deployment logs in Dockhand:
- Check Docker daemon is accessible from Dockhand
Wrong branch deployed
Wrong branch deployed
- Verify branch configuration in stack settings
- Check webhook payload includes correct
reffield - Multiple stacks may be listening to same repository
- Review webhook delivery logs for branch information
Advanced Configuration
Webhook with Basic Auth
If your Dockhand instance requires authentication:Custom Headers
Some Git providers support custom headers:Webhook Retry Logic
Git providers retry failed webhooks:- GitHub: Retries up to 3 times over several hours
- GitLab: Retries based on configuration (default: 3 times)
- Gitea: Configurable retry count and interval
API Reference
Webhook endpoints:Trigger deployment for repositoryParameters:
id: Repository ID
X-Hub-Signature-256: GitHub signatureX-Gitlab-Token: GitLab token
Manual deployment triggerQuery Parameters:
secret: Webhook secret
Security Best Practices
- Always use webhook secrets to verify requests
- Enable HTTPS for webhook URLs (required for production)
- Restrict webhook IPs in firewall if Git provider publishes IP ranges
- Rotate secrets periodically (every 90 days)
- Monitor webhook logs for suspicious activity
- Use read-only tokens for Git credentials when possible
- Audit deployments regularly to detect unauthorized changes
Next Steps
Git Integration
Learn more about Git stack management
Notifications
Configure deployment notifications
