How to Self-Host Dozzle with Docker Compose

What Is Dozzle?

Dozzle is a lightweight, real-time Docker container log viewer that runs in your browser. Unlike Grafana Loki or Graylog, Dozzle doesn’t store logs — it streams them directly from Docker, making it zero-maintenance and nearly zero-resource. It supports multi-host monitoring via remote agents, optional authentication, SQL-based log querying, and live container metrics. The entire application is a 7 MB Docker image that uses about 50-100 MB of RAM.

Updated March 2026: Verified with latest Docker images and configurations.

Official site · GitHub

Prerequisites

A Linux server (Ubuntu 22.04+ recommended)
Docker and Docker Compose installed (guide)
100 MB of free RAM
Docker socket access (default: /var/run/docker.sock)

Docker Compose Configuration

Create a docker-compose.yml file:

services:
  dozzle:
    image: amir20/dozzle:v10.1.2
    container_name: dozzle
    volumes:
      # Mount Docker socket as read-only — Dozzle only reads logs
      - /var/run/docker.sock:/var/run/docker.sock:ro
    ports:
      - "8080:8080"
    environment:
      # Number of log lines loaded on initial view
      DOZZLE_TAILSIZE: "300"
      # Log level for Dozzle itself (debug, info, warn, error)
      DOZZLE_LEVEL: "info"
    restart: unless-stopped

Start the stack:

docker compose up -d

Dozzle is now available at http://your-server:8080. No setup wizard, no database, no configuration — it immediately shows all running containers and their logs.

Initial Setup

There is no initial setup. Open Dozzle in your browser and you’ll see a sidebar listing all containers on the Docker host. Click any container to view its live log output.

The interface includes:

Container list in the left sidebar with status indicators
Real-time log streaming that updates as new lines appear
Search with regex support across visible logs
SQL querying for structured log analysis (powered by DuckDB via WebAssembly)
Split view for monitoring multiple containers simultaneously
Live metrics showing CPU and memory usage per container

Configuration

Adding Authentication

By default, Dozzle has no authentication. To add user-based access control:

Generate a password hash:

docker run amir20/dozzle:v10.1.2 generate admin --password "your-secure-password"

This outputs a users.yml entry. Save the output to a file:

# users.yml
users:
  admin:
    password: "$2a$10$..."  # bcrypt hash from the generate command
    name: "Admin"

Mount the file and enable authentication:

services:
  dozzle:
    image: amir20/dozzle:v10.1.2
    container_name: dozzle
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./users.yml:/users.yml:ro
    ports:
      - "8080:8080"
    environment:
      DOZZLE_AUTH_PROVIDER: "simple"
      DOZZLE_TAILSIZE: "300"
    restart: unless-stopped

Restart:

docker compose up -d

Filtering Containers

To show only specific containers, use the filter environment variable:

environment:
  DOZZLE_FILTER: "status=running"

Or filter by label:

environment:
  DOZZLE_FILTER: "label=logging=enabled"

Enabling Container Actions

By default, Dozzle is read-only. To allow start/stop/restart actions and shell access from the UI:

environment:
  DOZZLE_ENABLE_ACTIONS: "true"
  DOZZLE_ENABLE_SHELL: "true"

Only enable these on trusted networks — they grant control over your containers through the web UI.

Environment Variables Reference

Variable	Default	Purpose
`DOZZLE_ADDR`	`:8080`	Listen address and port
`DOZZLE_TAILSIZE`	`300`	Initial log lines loaded
`DOZZLE_LEVEL`	`info`	Dozzle’s own log level
`DOZZLE_FILTER`	(none)	Container filter expression
`DOZZLE_AUTH_PROVIDER`	`none`	`none` or `simple`
`DOZZLE_ENABLE_ACTIONS`	`false`	Allow container start/stop/restart
`DOZZLE_ENABLE_SHELL`	`false`	Allow browser shell access
`DOZZLE_MODE`	`docker`	`docker`, `swarm`, or `k8s`
`DOZZLE_REMOTE_AGENT`	(none)	Remote agent addresses

Advanced Configuration (Optional)

Multi-Host Monitoring with Remote Agents

To monitor containers across multiple Docker hosts, deploy a Dozzle agent on each remote host and point the main instance to them.

On each remote host — deploy the agent:

# remote-host/docker-compose.yml
services:
  dozzle-agent:
    image: amir20/dozzle:v10.1.2
    container_name: dozzle-agent
    command: agent
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    ports:
      - "7007:7007"
    restart: unless-stopped

On the main host — configure Dozzle to connect to agents:

services:
  dozzle:
    image: amir20/dozzle:v10.1.2
    container_name: dozzle
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    ports:
      - "8080:8080"
    environment:
      DOZZLE_REMOTE_AGENT: "server2:7007,server3:7007"
      DOZZLE_TAILSIZE: "300"
    restart: unless-stopped

Replace server2 and server3 with the hostnames or IPs of your remote hosts. All containers from all hosts appear in a single UI.

Docker Swarm Mode

For Swarm deployments, set the mode and deploy as a global service:

services:
  dozzle:
    image: amir20/dozzle:v10.1.2
    environment:
      DOZZLE_MODE: "swarm"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    deploy:
      mode: global

Webhooks and Alerts

Dozzle supports webhooks for sending log events to Slack, Discord, ntfy, or custom endpoints. Configure them through the web UI under Settings → Webhooks.

Reverse Proxy

Dozzle uses Server-Sent Events (SSE) for real-time log streaming. Your reverse proxy must not buffer these connections.

Nginx Proxy Manager / Nginx:

location / {
    proxy_pass http://dozzle:8080;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_buffering off;           # Required for SSE
    proxy_cache off;
    proxy_read_timeout 86400s;     # Keep connection open for streaming
}

The critical setting is proxy_buffering off — without it, logs appear delayed or not at all.

Reverse Proxy Setup

Backup

Dozzle stores no persistent data. There is nothing to back up. The Docker socket mount is read-only, and Dozzle streams logs directly without saving them to disk. If you’ve configured authentication, back up your users.yml file.

Backup Strategy

Troubleshooting

Docker Socket Permission Denied

Symptom: Dozzle starts but shows no containers, or fails with “permission denied.”

Fix: Ensure the Docker socket is mounted correctly with read-only access:

volumes:
  - /var/run/docker.sock:/var/run/docker.sock:ro

If you’re running rootless Docker, the socket path is different:

volumes:
  - /run/user/1000/docker.sock:/var/run/docker.sock:ro

Replace 1000 with your user’s UID (id -u).

Logs Don’t Update in Real Time

Symptom: Logs appear but don’t stream in real time — you have to refresh the page.

Fix: Your reverse proxy is buffering SSE connections. Set proxy_buffering off in Nginx. In Traefik, exclude text/event-stream from compression middleware.

Memory Metrics Missing on ARM Devices

Symptom: CPU metrics show but memory usage is blank on Raspberry Pi or other ARM devices.

Fix: Enable cgroup memory support. Edit /boot/cmdline.txt (or /boot/firmware/cmdline.txt on newer Raspberry Pi OS) and add:

cgroup_enable=memory cgroup_memory=1

Reboot the device.

Stopped Containers Not Visible

Symptom: Containers that are stopped don’t appear in the sidebar.

Fix: Enable “Show Stopped Containers” in the Dozzle UI settings (gear icon in the top right).

Resource Requirements

RAM: ~50-100 MB (Dozzle streams logs, doesn’t store them)
CPU: Minimal — no continuous processing
Disk: Negligible (7 MB image, no persistent storage)
Network: Low bandwidth unless monitoring many high-volume containers

Dozzle is one of the lightest self-hosted applications available. It runs comfortably on a Raspberry Pi alongside other services.

Verdict

Dozzle is the best lightweight Docker log viewer available. If you run Docker containers and want a quick way to check logs without SSH and docker logs commands, Dozzle is the answer — deploy it in 30 seconds, use 50 MB of RAM, and get real-time log streaming with search, multi-host support, and SQL querying.

It doesn’t replace Grafana Loki or Graylog for log aggregation, retention, and alerting. Those tools store and index logs for historical analysis. Dozzle is purely real-time — once a log line scrolls past, it’s gone (from Dozzle’s perspective; Docker still has it). Use Dozzle for quick debugging and monitoring, and a full logging stack for compliance and historical analysis.

Frequently Asked Questions

Does Dozzle store logs?

No. Dozzle streams logs directly from Docker in real time. It does not store, index, or persist any log data. Once you close the browser or scroll past a log line, it’s gone from Dozzle’s perspective (Docker still retains it per its logging driver configuration).

Is Dozzle safe to expose to the internet?

Not without authentication. Dozzle with DOZZLE_ENABLE_ACTIONS and DOZZLE_ENABLE_SHELL gives full container control. Always enable authentication (via users.yml) and put it behind HTTPS. Better yet, access it only via VPN like Tailscale.

Can Dozzle monitor containers on remote hosts?

Yes. Deploy the Dozzle agent (command: agent) on remote Docker hosts and point the main instance to them with DOZZLE_REMOTE_AGENT. All containers from all hosts appear in a single UI.

How does Dozzle compare to Portainer for log viewing?

Portainer is a full Docker management UI that includes log viewing. Dozzle is dedicated to log viewing with superior features: real-time streaming, SQL querying, multi-host support, and split view. Use Portainer for Docker management, Dozzle for log analysis.

Does Dozzle work with Docker Swarm?

Yes. Set DOZZLE_MODE: "swarm" and deploy as a global service. Dozzle will aggregate logs from all Swarm nodes.

Can I search logs with regex?

Yes. The search bar supports regex patterns. Dozzle also supports SQL-based querying (powered by DuckDB via WebAssembly) for more structured log analysis.