Skip to main content

Overview

Docker deployment allows you to:
  • Isolated environment - Run CCS Dashboard in a container with all dependencies
  • Persistent configuration - Keep your config, credentials, and CLI tools across restarts
  • Resource limits - Control memory and CPU usage for production deployments
  • Easy deployment - Deploy to any system with Docker installed
  • Pre-installed CLIs - claude, gemini, grok, opencode, and ccs ready to use

Architecture

┌─────────────────────────────────────────────────────┐
│ Docker Container (ccs-dashboard)                    │
│                                                      │
│  Port 3000 ──▶ CCS Dashboard Web UI                 │
│  Port 8317 ──▶ CLIProxy API (OAuth providers)       │
│                                                      │
│  Volumes:                                            │
│  • /home/node/.ccs      (CCS config, credentials)   │
│  • /home/node/.claude   (Claude sessions, logs)     │
│  • /home/node/.opencode (OpenCode config)           │
│  • /home/node/.grok-cli (Grok CLI config)           │
└─────────────────────────────────────────────────────┘

Prerequisites

  • Docker 20.10+ or Docker Desktop
  • Docker Compose 2.0+ (optional, for compose setup)
  • 1GB free disk space
  • Ports 3000 and 8317 available

Quick Start (Docker Run)

1

Build the Image

Clone the CCS repository and build the Docker image:
git clone https://github.com/kaitranntt/ccs.git
cd ccs
docker build -f docker/Dockerfile -t ccs-dashboard:latest .
Build time: ~5-10 minutes (one-time operation).
2

Run the Container

Start the CCS Dashboard container:
docker run -d \
  --name ccs-dashboard \
  --restart unless-stopped \
  -p 3000:3000 \
  -p 8317:8317 \
  -e CCS_PORT=3000 \
  -v ccs_home:/home/node/.ccs \
  ccs-dashboard:latest
Note: --restart unless-stopped ensures the container restarts on system reboot.
3

Access the Dashboard

Open your browser and navigate to:
http://localhost:3000
The CLIProxy API is available at http://localhost:8317 (used by OAuth providers and Dashboard features).

Docker Compose Setup

For production deployments, use Docker Compose for easier management.
1

Create .env File (Optional)

Create a .env file in the docker/ directory to customize ports and configuration:
# Ports
CCS_DASHBOARD_PORT=3000
CCS_CLIPROXY_PORT=8317

# CCS Configuration
CCS_DEBUG=0
NO_COLOR=0

# Remote Proxy (optional)
CCS_PROXY_HOST=
CCS_PROXY_PORT=
CCS_PROXY_PROTOCOL=https
CCS_PROXY_AUTH_TOKEN=

# Skip Options
CCS_SKIP_PREFLIGHT=0
CCS_WEBSEARCH_SKIP=0
2

Start with Compose

From the repository root:
docker-compose -f docker/docker-compose.yml up -d
View logs:
docker-compose -f docker/docker-compose.yml logs -f
3

Stop the Service

docker-compose -f docker/docker-compose.yml down
To remove volumes (delete all config):
docker-compose -f docker/docker-compose.yml down -v

Environment Variables

Common CCS environment variables supported in Docker:
VariablePurposeDefault
CCS_PORTDashboard HTTP port3000
CCS_DEBUGEnable verbose logging0
NO_COLORDisable ANSI colors0
CCS_SKIP_PREFLIGHTSkip API key validation0
CCS_WEBSEARCH_SKIPSkip WebSearch integration0
CCS_PROXY_HOSTRemote proxy hostname-
CCS_PROXY_PORTRemote proxy port-
CCS_PROXY_PROTOCOLhttp or httpshttps
CCS_PROXY_AUTH_TOKENRemote proxy auth token-
CCS_PROXY_TIMEOUTHealth check timeout (ms)2000
CCS_PROXY_FALLBACK_ENABLEDEnable local fallbacktrue
CCS_ALLOW_SELF_SIGNEDAccept self-signed certsfalse
Example with environment variables: 
docker run -d \
  --name ccs-dashboard \
  --restart unless-stopped \
  -p 3000:3000 \
  -p 8317:8317 \
  -e CCS_PORT=3000 \
  -e CCS_DEBUG=1 \
  -e NO_COLOR=1 \
  -e CCS_PROXY_HOST="proxy.example.com" \
  -e CCS_PROXY_PORT=443 \
  -e CCS_PROXY_PROTOCOL="https" \
  -v ccs_home:/home/node/.ccs \
  ccs-dashboard:latest

Persistent Storage

The container uses named volumes for persistent data:
VolumeContainer PathPurpose
ccs_home/home/node/.ccsCCS config, credentials, profiles
claude_home/home/node/.claudeClaude sessions, logs, todolists
opencode_home/home/node/.opencodeOpenCode configuration
grok_home/home/node/.grok-cliGrok CLI configuration
Note: Only ccs_home is required. Other volumes are optional (used if you run respective CLIs inside the container).

Backup Configuration

# Backup CCS config
docker run --rm -v ccs_home:/data -v $(pwd):/backup \
  ubuntu tar czf /backup/ccs-backup.tar.gz /data

# Restore CCS config
docker run --rm -v ccs_home:/data -v $(pwd):/backup \
  ubuntu tar xzf /backup/ccs-backup.tar.gz -C /

Resource Limits

For production deployments, limit container resources to prevent overconsumption.

Docker Run

docker run -d \
  --name ccs-dashboard \
  --restart unless-stopped \
  --memory=1g \
  --cpus=2 \
  -p 3000:3000 \
  -p 8317:8317 \
  -v ccs_home:/home/node/.ccs \
  ccs-dashboard:latest

Docker Compose

Default limits are set in docker-compose.yml: 
deploy:
  resources:
    limits:
      memory: 1G
      cpus: '2'
    reservations:
      memory: 256M
      cpus: '0.5'
Adjust based on workload. Monitor usage with: 
docker stats ccs-dashboard

Healthcheck

The container includes a healthcheck that verifies:
  1. Dashboard HTTP server (port 3000)
  2. CLIProxy API (port 8317)
healthcheck:
  test: ["CMD-SHELL", "curl -fsS --max-time 2 http://localhost:3000/ >/dev/null && curl -sS --max-time 2 http://127.0.0.1:8317/ >/dev/null"]
  interval: 10s
  timeout: 3s
  retries: 12
  start_period: 30s
Check health status: 
docker inspect ccs-dashboard --format='{{.State.Health.Status}}'

Graceful Shutdown

CCS handles SIGTERM gracefully. When stopping the container: 
docker stop ccs-dashboard        # Sends SIGTERM, waits 10s, then SIGKILL
docker stop -t 30 ccs-dashboard  # Wait 30s for graceful shutdown
The init: true in docker-compose.yml ensures proper signal forwarding to the Node.js process.

Using Pre-installed CLIs

The container includes pre-installed CLI tools for convenience.

Execute Commands Inside Container

# Open shell
docker exec -it ccs-dashboard bash

# Claude (non-interactive mode)
docker exec -it ccs-dashboard claude -p "Hello from Docker"

# Gemini
docker exec -it ccs-dashboard gemini "Hello from Docker"

# Grok
docker exec -it ccs-dashboard grok "Hello from Docker"

# OpenCode
docker exec -it ccs-dashboard opencode --help

# CCS
docker exec -it ccs-dashboard ccs --help

Configure Credentials

Each CLI has its own authentication method. Refer to their respective documentation: 
docker exec -it ccs-dashboard claude --help
docker exec -it ccs-dashboard gemini --help

Troubleshooting

Permission Errors (EACCES)

If you see permission errors on startup: 
# Check volume permissions
docker exec ccs-dashboard ls -la /home/node/.ccs

# Fix by recreating volumes
docker-compose down -v
docker-compose up -d

Port Already in Use

# Check what's using the port
lsof -i :3000
lsof -i :8317

# Use different ports
docker run -p 4000:3000 -p 9317:8317 ...

# Or with compose
CCS_DASHBOARD_PORT=4000 CCS_CLIPROXY_PORT=9317 docker-compose up -d

Container Keeps Restarting

# Check logs for errors
docker logs ccs-dashboard --tail 50

# Check container health
docker inspect ccs-dashboard --format='{{.State.Health.Status}}'

# Check resource usage
docker stats ccs-dashboard

Debug Mode

Enable verbose logging: 
docker run -e CCS_DEBUG=1 ...
Or update docker-compose.yml: 
environment:
  CCS_DEBUG: "1"

Image Build Fails

Common issues: Network timeout during build: 
docker build --network=host -f docker/Dockerfile -t ccs-dashboard:latest .
Out of disk space: 
docker system prune -a
Cache issues: 
docker build --no-cache -f docker/Dockerfile -t ccs-dashboard:latest .

Security Best Practices

Secrets Management

For sensitive values like CCS_PROXY_AUTH_TOKEN: Option 1: .env file (not committed to git) 
echo "CCS_PROXY_AUTH_TOKEN=your-secret-token" >> .env
docker-compose up -d
Option 2: Docker secrets (Swarm mode) 
echo "your-secret-token" | docker secret create ccs_proxy_token -

Network Security

  • Bind to localhost only - For development: 
    docker run -p 127.0.0.1:3000:3000 -p 127.0.0.1:8317:8317 ...
  • Use reverse proxy - For production (nginx, traefik): 
    server {
    listen 443 ssl http2;
    server_name ccs.example.com;

    location / {
        proxy_pass http://localhost:3000;
    }
}

Updates

Regularly rebuild the image to get security patches: 
docker-compose build --pull
docker-compose up -d

Production Deployment

For production deployments, consider:
  1. Use Docker Compose - Easier management and configuration
  2. Set resource limits - Prevent resource exhaustion
  3. Enable healthcheck - Auto-restart on failures
  4. Use .env file - Separate config from code
  5. Backup volumes - Regular backups of ccs_home
  6. Monitor logs - Centralized logging (ELK, Loki)
  7. Reverse proxy - nginx/traefik with TLS
  8. Secret management - Docker secrets or vault

Next Steps

Remote Proxy Deployment

Deploy CLIProxyAPI on a remote server for centralized access

Multi-Account Setup

Manage multiple OAuth accounts in Docker