PalebloodSky
commented
4 days ago Yes Docker creates invalid iptable rules, needs to be migrated to nftables. The Luci page for docker puts an error banner at the top for example. Seems related to: https://github.com/openwrt/packages/issues/17766
The luci-app-dockerman is a nice app that allows to configure and manage Docker containers. The app is initially developed in the https://github.com/lisaac/luci-app-dockerman and also added to the ImmortalWrt https://github.com/immortalwrt/luci/tree/master/applications/luci-app-dockerman. The official luci-app-dockerman live on its own and far behind of the original repository. We need to grab the changes and adapt them for the Luci coding standards. But it makes too much as for the app e.g. it creates some iptables rules, has a checkbox to disable the docker service, etc.
The apps pages are written in Lua and needs to be rewritten to JS. Inside of the app it calls the Docker Engine API similarly to what the docker client does itself.
It should be other ready to use Docker Web UI that works directly with the API. I found the https://github.com/kevana/ui-for-docker/ that works in this way: plain html and JS that sends docker API requests. It has a small reverse proxy to the Docker unix socket. The Docker can be configured to expose the REST API endpoint but it requires for enabled HTTPS and authorization. So the reverse proxy makes it easier to start without configuring the Docker. The author of the ui-for-docker later created Portainer.io which is more powerful but has own backend.
Another one similar project is https://github.com/gohutool/docker.ui/ that has thin backend that re-sends commands from WebSocket to the Docker socket.
If it's possible to reuse the existing code and just use the Luci styles then we may get the powerful UI.
To avoid creating of the reverse proxy by creating an RPCD service that we can call with UBUS. Internally it can just get the JSON payload and resend it with curl into a unix socket or remote https. But to make the UBUS script will be almost the same as the Docker Engine API so it makes a little sense. Even for scripting it would be easier to just call the API with curl.