[Docker] Dozzle on Synology NAS

If you’ve ever managed multiple Docker containers, you know how painful it can be to check logs. You end up typing commands like:

docker logs -f container-name

… over and over again, jumping between containers just to see what’s going on.

That’s where Dozzle comes in. It’s a lightweight web application that lets you view container logs in real time, from your browser. No need to SSH into your NAS or run repetitive commands — just open a clean web UI and watch the logs stream in.

For me, this was a perfect fit for my Synology NAS setup.

Why Dozzle?

• Real-time logs: Watch your container logs update live in the browser.
• All containers in one place: Switch between containers with a dropdown.
• Lightweight: Tiny memory footprint, no database required.
• Web-based: Works on desktop and mobile.

It doesn’t try to be a full log management system like ELK or Loki — and that’s the beauty of it. Dozzle is simple, fast, and does exactly one thing well.

Folder Structure

I keep all my projects organized under /volume1/docker/dozzle/. For Dozzle, the structure is simple:

/volume1/docker/dozzle/
├── docker-compose.yml
├── users.yml # authentication file

Reverse Proxy Setup

Instead of remembering port numbers, I set up a reverse proxy rule in Synology DSM:

https://logs.yourdomain.com → NAS-IP:9999

Steps:

1. Go to Control Panel → Login Portal → Advanced → Reverse Proxy.
2. Add a new rule:
   • Source: logs.yourdomain.com (port 443, HTTPS).
   • Destination: NAS local IP, port 9999.
3. Enable WebSocket support.

Now I can access Dozzle at a clean URL:

https://logs.yourdomain.com

User Authentication with users.yml

Dozzle no longer recommends using environment variables for authentication. Instead, you create a users.yml file that defines accounts.

Example:

users:
  your_own_id:
    email: your_own_email
    name: "Wody Lee"
    password: "$2a$12$bFgHuFwvBNabQC5ZLU2lsuXhQpqWtDRYZGSKShmdRjqC2ZRIxPcE6" # password must be generated by bcrypt hash
    filter:

🔐 How to generate the password hash

Instead of running shell commands, you can use an online generator such as bcrypt-generator.com.

1. Open the site.
2. Enter your desired password (e.g., mypassword).
3. Choose Cost Factor = 12 (this means bcrypt rounds = 12, the recommended balance between security and speed).
4. Click Generate.
5. Copy the resulting hash (it will start with $2y$12$...).

Paste that hash into your users.yml file.

Docker Compose File

Here’s my working docker-compose.yml with users.yml mounted:

services:
  dozzle:
    image: amir20/dozzle:latest
    restart: on-failure:5
    environment:
      - DOZZLE_AUTH_PROVIDER=simple
    secrets:
      - source: users
        target: /data/users.yml
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /volume1/docker/dozzle:/data:rw
    ports:
      - 9999:8080

First Login

Once the container is running, open:

https://logs.yourdomain.com

You’ll see a login prompt. Enter the username (admin) and the plain password you chose before generating the hash (e.g., mypassword).

Dozzle verifies it against the bcrypt hash in users.yml. After login, the dashboard appears with a list of running containers.

Impressions

I love how lightweight Dozzle is. Adding authentication via users.yml makes it secure enough to expose behind a reverse proxy, without worrying about anyone snooping on logs.

On my Synology NAS, where I run multiple services (Nextcloud, Matomo, FileBrowser, etc.), Dozzle saves me time and makes troubleshooting much easier.

Final Thoughts

If you want a simple, no-frills log viewer for Docker, Dozzle is the perfect tool. Adding a users.yml file with bcrypt-protected credentials keeps it safe, and with Synology’s reverse proxy you get a clean, SSL-protected domain.

For me, Dozzle has become part of my essential toolkit — right alongside Portainer and Netdata.