Skip to content

sivel/dpxy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
.github/workflows
.github/workflows
 
 
contrib
contrib
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

dpxy

dpxy watches a Docker or Podman daemon for container start and stop events and automatically manages port forwarding between the local machine and a remote host. When a container with published ports starts, dpxy listens on each host port and forwards TCP connections to the corresponding port on the remote host. When the container stops, the forwards are torn down.

This is useful when running Docker or Podman on a remote VM (e.g. via DOCKER_HOST) and wanting published container ports to be accessible locally without manually managing tunnels.

Requirements

  • SSH access to the remote host (for ssh:// URLs)

Usage

dpxy [-host <host-url>] [-remote-binary <binary>]

If -host is not provided, dpxy falls back to the DOCKER_HOST environment variable, or CONTAINER_HOST if DOCKER_HOST is not set.

The -remote-binary flag controls the container runtime binary invoked on the remote host for the dial-stdio connection. It defaults to docker and can be set to podman or a full path (e.g. /usr/bin/docker) if the binary is not on the remote host's default PATH.

# SSH-based remote Docker host
dpxy -host ssh://user@myhost

# SSH-based remote Podman host
dpxy -host ssh://user@myhost -remote-binary podman

# Using the environment variable
DOCKER_HOST=ssh://user@myhost dpxy

Binding to Privileged Ports

On Linux, binding to ports below 1024 requires elevated privileges by default. To allow dpxy to bind to these ports as a non-root user, grant the binary the CAP_NET_BIND_SERVICE capability:

sudo setcap cap_net_bind_service=+ep /usr/local/bin/dpxy

Note that setcap must be reapplied whenever the binary is replaced.

When running under systemd, the provided unit file handles this automatically via AmbientCapabilities instead, so setcap is not needed in that case.

Running as a Service

Linux (systemd)

Copy the unit file and create an environment file, then enable and start the service:

sudo cp contrib/dpxy.service /etc/systemd/system/dpxy.service
echo "DOCKER_HOST=ssh://user@myhost" | sudo tee /etc/default/dpxy
sudo systemctl daemon-reload
sudo systemctl enable --now dpxy

Configuration is read from /etc/default/dpxy. Supported variables:

Variable Description
DOCKER_HOST Host URL (e.g. ssh://user@myhost)
CONTAINER_HOST Host URL, used if DOCKER_HOST is not set (Podman native)

macOS (launchd)

Edit contrib/net.sivel.dpxy.plist and replace the DOCKER_HOST placeholder with your Docker host URL, then load it:

cp contrib/net.sivel.dpxy.plist ~/Library/LaunchAgents/
launchctl bootstrap gui/$(id -u) ~/Library/LaunchAgents/net.sivel.dpxy.plist

Logs are written to /usr/local/var/log/dpxy.log.

To unload:

launchctl bootout gui/$(id -u) ~/Library/LaunchAgents/net.sivel.dpxy.plist

About

Automatic localhost port forwarding for remote docker or podman servers

Resources

Readme

License

Apache-2.0 license
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

Latest Build Latest
Mar 2, 2026

Packages

 
 
 

Contributors

Languages