Developer builds Mooring, a security-first self-hosted PaaS that splits read and write access
A solo developer frustrated with the security trade-offs of existing self-hosted deployment tools has built Mooring, a lightweight PaaS for managing Docker containers on personal servers. The core design principle separates the 'read plane' — dashboards and logs — from the 'write plane' — actions that modify the system — so the most-used interface holds the least privilege. Mooring ships as a single static Go binary, runs as an unprivileged systemd service rather than as root, and routes dashboard views through a read-only Docker socket proxy. Additional security features include TOTP two-factor authentication, session revocation on credential changes, digest-pinned images, and CIDR-bound API tokens. The project is an early-stage, open solo effort targeting the same space as tools like Coolify, Dokku, and Kamal, but with a deliberate focus on minimising the attack surface on a real, secrets-bearing VPS.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in