Port monitoring and service discovery on multiple hosts quickly becomes a headache when juggling containers, VMs, and host processes. Manual spreadsheets or scattered tooling are error-prone and time-consuming. Portracker addresses this by automating real-time port discovery, monitoring, and visualization in a lightweight, self-hosted package. Its peer-to-peer architecture lets you federate data from multiple servers into a single dashboard, while platform-specific collectors handle Docker and TrueNAS environments with fine-grained port visibility.
what portracker does and how it works
Portracker is a JavaScript-based tool designed to scan host systems automatically and build a live map of running services and their ports. It distinguishes itself by integrating platform-specific collectors for Docker containers and TrueNAS systems, enabling it to differentiate between internal container ports and the ports published on the host. This is crucial for container-heavy environments where port mappings can be opaque.
Architecturally, Portracker runs as a single lightweight process with an embedded SQLite database. This design choice means it has no external dependencies like PostgreSQL or Redis, significantly simplifying deployment and maintenance.
The peer-to-peer architecture is a key feature: multiple Portracker instances can run on different servers and report their data to a unified dashboard. This dashboard supports hierarchical grouping, so nested server structures — such as virtual machines hosted on physical servers — are represented accurately.
The UI is modern and responsive, with support for light and dark modes, live filtering of services, and multiple layout views. Since version 1.2.0, Portracker also offers optional authentication to secure dashboard access.
why portracker’s peer-to-peer design and Docker socket proxy matter
Portracker’s peer-to-peer federation model is what sets it apart from many other port monitoring tools. Instead of relying on a centralized server to poll all hosts, each node maintains its local state and shares it with the dashboard. This design reduces single points of failure and scales naturally as you add more servers without burdening a central instance.
The Docker integration is another interesting aspect. Portracker does not require direct access to the Docker socket, which is a common security risk. Instead, it supports running a Docker socket proxy container that exposes a read-only, limited Docker API. This proxy restricts operations to safe, read-only calls, reducing attack surface and improving security posture.
Using an embedded SQLite database is a tradeoff that favors simplicity and ease of deployment over massive scale or distributed storage. For most homelab or small-to-medium server clusters, SQLite’s footprint and performance are more than adequate. However, if you need to monitor a very large number of hosts or require high availability, this design might become a bottleneck.
The UI’s support for hierarchical grouping reflects real-world complexity where services run inside VMs or containers nested on physical hosts. This attention to detail improves usability and helps operators understand service topology at a glance.
quick start with Docker and authentication
Portracker’s README provides a detailed example for running it with Docker Compose using a Docker socket proxy for enhanced security. Here’s the YAML snippet:
services:
docker-proxy:
image: tecnativa/docker-socket-proxy:latest
container_name: portracker-docker-proxy
restart: unless-stopped
environment:
- CONTAINERS=1
- IMAGES=1
- INFO=1
- NETWORKS=1
- POST=0
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
ports:
- "2375:2375"
portracker:
image: mostafawahied/portracker:latest
container_name: portracker
restart: unless-stopped
pid: "host"
cap_add:
- SYS_PTRACE
- SYS_ADMIN
security_opt:
- apparmor:unconfined
volumes:
- ./portracker-data:/data
ports:
- "4999:4999"
environment:
- DOCKER_HOST=tcp://docker-proxy:2375
depends_on:
- docker-proxy
For those who prefer running containers manually, the Docker proxy can be started with:
# Start the Docker proxy
docker run -d \
--name portracker-docker-proxy \
--restart unless-stopped \
-p 2375:2375 \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
-e CONTAINERS=1 \
-e IMAGES=1 \
-e INFO=1 \
-e NETWORKS=1 \
-e POST=0 \
tecnativa/docker-socket-proxy:latest
Portracker’s optional authentication can be enabled by setting environment variables. For example, to enable auth with a session secret:
services:
portracker:
image: mostafawahied/portracker:latest
environment:
- ENABLE_AUTH=true
- SESSION_SECRET=your-random-secret-here-change-this
On first login, an admin account setup wizard is presented. This feature is important for deployments exposed to wider networks.
verdict
Portracker strikes a practical balance for homelabbers and small server clusters who want real-time port monitoring without the complexity of heavy dependencies or centralized monitoring stacks. Its peer-to-peer design and platform-aware collectors mean it fits well in containerized and virtualization-heavy environments.
The Docker socket proxy approach adds a layer of security often overlooked in similar tools, which tend to require full Docker socket access. The embedded SQLite database keeps the footprint minimal, although it might limit scalability for very large deployments.
The UI’s thoughtful features like hierarchical grouping and filtering improve developer experience, making it easier to understand service topologies at a glance.
If your environment involves multiple Docker hosts or TrueNAS systems and you need a self-hosted, lightweight monitoring solution with decent security considerations, Portracker is worth evaluating. It’s not a full-fledged network scanner or vulnerability assessment tool, but it solves the specific problem of port tracking with minimal fuss and reasonable tradeoffs.
Related Articles
- Portracker: A lightweight self-hosted port monitoring tool with secure Docker proxy integration — Portracker is a self-hosted port monitoring tool with embedded SQLite and Docker socket proxy for secure, read-only Dock
- Portr: a self-hosted SSH tunnel with built-in request inspection and logs — Portr is a TypeScript-based self-hosted tunnel solution using SSH remote port forwarding. It offers local HTTP, TCP, and
- PortPal: interactive cross-platform desktop port monitor with D3.js network visualization — PortPal is a Tauri-based desktop app that visualizes listening ports and network topology in real time with D3.js, repla
- DockMon: secure multi-host Docker monitoring with a lightweight Go agent and real-time metrics — DockMon offers secure multi-host Docker monitoring with a Go agent using mTLS, FastAPI backend, React frontend, real-tim
- Sampler: lightweight terminal telemetry with Go-powered sparklines — Sampler is a Go CLI tool for terminal telemetry, visualizing server metrics via sparklines from various data sources. Ea
→ GitHub Repo: Mostafa-Wahied/portracker ⭐ 2,169 · JavaScript