Skip to content
dockmesh

Multi-Host Management

dockmesh can manage a fleet of Docker hosts from a single server. Remote hosts run a lightweight agent binary that connects outbound to the server over mTLS — no inbound ports required on the remote side.

Adding a remote host

Section titled “Adding a remote host”
  1. Hosts → Add host
  2. Enter a friendly name and tags (e.g. prod, eu-west)
  3. dockmesh generates an enrollment token — a one-time URL + secret

On the remote host, run the install script the UI shows:

Terminal window
curl -fsSL https://get.dockmesh.dev/agent | bash -s -- \
  --server https://dockmesh.example.com \
  --token <enrollment-token>

The script downloads the agent binary, installs a systemd service, performs mTLS handshake, and registers the host. Within seconds the host shows up in the UI as Online.

How the agent works

Section titled “How the agent works”
  • Outbound WSS (WebSocket + TLS) connection from agent to server
  • mTLS: agent presents a client certificate issued during enrollment; server presents its cert
  • Multiplexed over a single TCP connection — stats, logs, exec, deploy commands all share it
  • Auto-reconnect with exponential backoff
  • Auto-upgrade: when the server is updated, agents are upgraded transparently on next connect

Because the connection is outbound, you can put agents behind NAT, in home labs, on edge devices — as long as they can reach the server URL, they work.

Fan-out views

Section titled “Fan-out views”

Any list page (Containers, Stacks, Volumes, Images, Networks) has a host filter at the top. Leave it set to All hosts to see everything across the fleet with the host column populated. Filter to a single host for a focused view.

The Dashboard shows aggregate CPU, memory, and disk across all hosts, plus per-host tiles.

Host tags and groups

Section titled “Host tags and groups”

Tag hosts with arbitrary labels (prod, staging, gpu, eu-west-1). Most features accept a tag filter — e.g. alerts can target prod hosts only, backup jobs can run on gpu hosts only.

Removing a host

Section titled “Removing a host”

Hosts → select → Remove revokes the agent certificate and drops the host from the database. The agent binary on the remote host will log the revocation and exit. To re-enroll, just generate a new token.

See also

Section titled “See also”
  • Agent mTLS — certificate details and rotation
  • Drain Host — safely move workloads off a host before maintenance