Managing Docker Across Multiple Servers with Komodo

The multi-host Docker problem

Once you’re running Docker on more than two or three servers, things get messy fast. You SSH into one machine to check logs, another to restart a container, a third to update a Compose stack, and before long you’ve lost track of what’s running where.

Most people reach for Portainer at this point, and it’s a solid choice. But if you want something lighter, fully open-source, and designed from the ground up for multi-host management, Komodo is worth a look.

In this guide we’ll deploy Komodo Core on a management server, install Periphery agents on remote hosts, and manage everything, containers, stacks, builds, and monitoring, from a single dashboard.

What is Komodo?

Komodo is an open-source (GPL-3.0) build and deployment system written in Rust and TypeScript. It follows a Core + Agent architecture:

Komodo Core — the central server with a web dashboard and API. It connects to your remote hosts and orchestrates deployments.
Komodo Periphery — a lightweight agent installed on each managed server. It receives instructions from Core and executes Docker operations locally.

Key features:

Deploy and monitor Docker containers or stacks (compose projects) across multiple servers from one UI
Create, edit, and deploy Docker Compose stacks remotely
Build Docker images from Git repositories with webhook triggers
Clone and manage Git repos on remote servers
Monitor server resources (CPU, RAM, disk) with configurable polling intervals
Role-based user access and optional OIDC/OAuth authentication
Database support: MongoDB, PostgreSQL (via FerretDB), or SQLite

See: Komodo documentation.

Prerequisites

At least two Linux servers (Ubuntu 22.04 or 24.04 recommended) — one for Komodo Core, one or more to manage remotely
Docker and Docker Compose installed on all servers — Core runs in Docker, and Periphery manages Docker on each remote host, so Docker must be present everywhere
SSH access to all servers

1. Deploy Komodo Core

Create a project directory on your management server:

mkdir -p ~/komodo
cd ~/komodo

Create `compose.yaml`

This runs MongoDB and Komodo Core:

services:
  mongo:
    image: mongo
    labels:
      komodo.skip: # Prevents Komodo's StopAllContainers from shutting itself down
    command: --quiet --wiredTigerCacheSizeGB 0.25
    restart: unless-stopped
    networks:
      - komodo-net
    volumes:
      - ./data/mongo-data:/data/db
      - ./config/mongo-config:/data/configdb
    environment:
      MONGO_INITDB_ROOT_USERNAME: ${KOMODO_DB_USERNAME}
      MONGO_INITDB_ROOT_PASSWORD: ${KOMODO_DB_PASSWORD}

  core:
    image: ghcr.io/moghtech/komodo-core:${COMPOSE_KOMODO_IMAGE_TAG:-latest}
    labels:
      komodo.skip: # Prevents Komodo's StopAllContainers from shutting itself down
    restart: unless-stopped
    depends_on:
      - mongo
    ports:
      - 9120:9120
    networks:
      - komodo-net
    env_file: .env
    environment:
      KOMODO_DATABASE_ADDRESS: mongo:27017
      KOMODO_DATABASE_USERNAME: ${KOMODO_DB_USERNAME}
      KOMODO_DATABASE_PASSWORD: ${KOMODO_DB_PASSWORD}
    volumes:
      - ${COMPOSE_KOMODO_BACKUPS_PATH:-./backups}:/backups

networks:
  komodo-net:

--wiredTigerCacheSizeGB 0.25 caps MongoDB’s RAM at 250 MB. The komodo.skip label prevents Komodo from shutting down its own containers when you trigger “Stop All Containers”.

Create `.env`

Create a .env file with the essential variables:

## Image version
COMPOSE_KOMODO_IMAGE_TAG=latest

## Database backups path
COMPOSE_KOMODO_BACKUPS_PATH=./backups

## Database credentials
KOMODO_DB_USERNAME=komodo
KOMODO_DB_PASSWORD=<generate-a-strong-password>

## Passkey for Core ↔ Periphery authentication
KOMODO_PASSKEY=<generate-a-random-passkey>

## Your timezone (for scheduled tasks)
TZ=Europe/Bucharest

## Public URL of your Komodo instance
KOMODO_HOST=https://komodo.example.com
KOMODO_TITLE=Komodo

## Monitoring intervals
KOMODO_MONITORING_INTERVAL=15-sec
KOMODO_RESOURCE_POLL_INTERVAL=1-hr

## Secrets for webhooks and JWT tokens
KOMODO_WEBHOOK_SECRET=<generate-a-random-secret>
KOMODO_JWT_SECRET=<generate-a-random-jwt-secret>
KOMODO_JWT_TTL=1-day

## Local auth (username + password login)
KOMODO_LOCAL_AUTH=true
KOMODO_INIT_ADMIN_USERNAME=admin
KOMODO_INIT_ADMIN_PASSWORD=<your-admin-password>
KOMODO_DISABLE_USER_REGISTRATION=false
KOMODO_ENABLE_NEW_USERS=false

Warning

Generate unique, strong values for KOMODO_PASSKEY, KOMODO_WEBHOOK_SECRET, and KOMODO_JWT_SECRET. These authenticate communication between Core and Periphery and sign session tokens. Generate each one with:

openssl rand -base64 32

Start Komodo Core

cd ~/komodo
sudo docker compose up -d

Verify everything is running:

sudo docker compose ps
sudo docker compose logs --tail=50 core

You should see Core listening on port 9120. Open http://<your-server-ip>:9120 in your browser and log in with the admin credentials from your .env.

2. Install Periphery on remote servers (and to the core server if you plan on deploying stacks there too)

Periphery is the lightweight agent that gives Komodo Core control over Docker on a remote host. The recommended approach is running it as a systemd service directly on the host (not in a container), since it needs full access to the host’s Docker daemon.

Run these commands on each remote server you want to manage:

# Switch to root
sudo su -

# Download and install Periphery
curl -sSL https://raw.githubusercontent.com/moghtech/komodo/main/scripts/setup-periphery.py | python3

# Enable and start the service
systemctl enable periphery
systemctl start periphery

# Verify it's running
systemctl status periphery

# Exit root shell
exit

The setup script detects your system architecture, downloads the appropriate binary, creates the systemd unit file, and generates a default config at /etc/komodo/periphery.config.toml.

Container-based Periphery Advanced

You can also run Periphery as a Docker container (see the Komodo compose examples), but the systemd approach is recommended. Running on the host gives Periphery direct access to the Docker socket without additional volume mount complexity, and avoids the chicken-and-egg problem of managing a container manager from inside a container.

3. Configure Periphery

Edit the Periphery configuration on each remote server:

sudo nano /etc/komodo/periphery.config.toml

The key settings to adjust are the directories where Periphery manages resources:

## Base directory for Periphery's managed resources
root_directory = "/opt/komodo"

## Where Periphery clones Git repositories
repo_dir = "/opt/komodo/repos"

## Where Periphery manages Docker Compose stacks
stack_dir = "/opt/komodo/stacks"

Make sure the directories exist and are writable:

sudo mkdir -p /opt/komodo/repos /opt/komodo/stacks

Restrict access to Periphery Important

By default, Periphery listens on port 8120 and accepts connections from any IP. In production, you should restrict this to only your Komodo Core server.

Option A: Firewall rules (recommended)

# Allow only your Komodo Core server's IP
sudo ufw allow from <core-server-ip> to any port 8120
sudo ufw deny 8120

Option B: Periphery config allowlist

Add to periphery.config.toml:

allowed_ips = ["<core-server-ip>"]

Apply your changes:

sudo systemctl restart periphery

4. Connect servers in Komodo

Open the Komodo web UI (the URL from Step 1)
Navigate to Servers in the sidebar
Click New Server
Give it a descriptive name (e.g. docker-host-01)
Set the server address:

For a server on a different machine from Core, use:

https://<remote-server-ip>:8120

Replace <remote-server-ip> with the actual IP of the server where you installed Periphery.

If Periphery runs on the same machine as Core (and Core runs in Docker), use the Docker host gateway address:

https://host.docker.internal:8120

You’ll also need to uncomment the extra_hosts block in your compose.yaml under the core service:

extra_hosts:
  - host.docker.internal:host-gateway

Then restart Core with sudo docker compose up -d.

Save the server configuration

If the connection fails, check that:

The KOMODO_PASSKEY in your Core .env matches what Periphery expects (the default passkey is empty — if you set one in Core, you need to set the same in periphery.config.toml)
Port 8120 is reachable from the Core server
The Periphery service is running (systemctl status periphery)

Once connected, Komodo shows the server’s system stats and running containers.

5. Deploy your first stack

Quick test — deploy a simple container through Komodo to verify everything works.

In the Komodo dashboard, navigate to Stacks
Click New Stack
Name it whoami-test
Select your remote server from the target dropdown
Paste this Compose definition:

services:
  whoami:
    image: traefik/whoami:latest
    ports:
      - "8080:80"
    restart: unless-stopped

Click Deploy

Komodo sends the definition to the Periphery agent, which runs docker compose up -d on the remote server.

Verify by visiting http://<remote-server-ip>:8080 — you should see the whoami response with hostname, IP, and request headers.

To clean up the test: in the Komodo dashboard, click the whoami-test stack, then Destroy to remove both the containers and the stack definition. You can then delete the stack.

Komodo vs Portainer

Both are capable Docker management tools, but Portainer locks advanced functionality behind a paywall (it also supports swarm which Komodo does only in beta).

Neither is objectively better. Portainer is more mature, has a larger community, and offers a more polished UI out of the box. Komodo is lighter, fully open-source with no feature restrictions, and better suited to multi-host setups where you want GitOps-style stack management. Pick the one that fits your workflow.

What’s next

Once Komodo is running, a few things worth setting up:

Reverse proxy with HTTPS — Caddy, nginx, or a Cloudflare Tunnel in front of the Core UI
OIDC/OAuth — hook into your identity provider instead of local accounts (Komodo docs)

For automated builds, GitOps with Resource Syncs, scheduled Procedures, and CLI management, see our follow-up guide:

Automating Docker with Komodo — Builds, Syncs, and Procedures

Use Komodo's Resource Syncs for GitOps, Procedures for automated workflows, Builds for CI/CD pipelines, and the CLI for headless Docker management.

Self-Hosting Hudu with Docker & Cloudflare Tunnel

A practical guide to installing Hudu with Docker Compose, maintaining it over time, and securely publishing it via Cloudflare Tunnel.