Implementation of a Container Web Console Using GoTTY

With the widespread adoption of container technology, many companies are integrating containers into their business to improve production and operation efficiency. As the number of containers grows, managing them becomes a critical challenge.

Traditional methods for accessing a container’s shell involve querying the host IP, SSH-ing into the host, and using docker exec to enter the container. This approach has drawbacks such as credential management, security risks, and time consumption.

The Web Console offers a better solution by providing an interactive web-based interface that behaves like a direct shell, allowing users to execute commands without SSH.

Technical Principle

The Web Console relies on WebSocket communication. After establishing a WebSocket connection between the browser and the backend, commands entered in the browser are sent to the backend, which uses docker exec to run them inside the container. The command output is read from the container’s stdout and sent back through the WebSocket to be displayed in the browser.

GoTTY Overview

GoTTY is a simple CLI tool that converts command-line applications into web applications. It is written in Go and can be built after installing Go. By running GoTTY with the -w option, user input can be captured in the browser.

Implementation Details

Four static files ( index.html, favicon.png, hterm.js, gotty.js) are stored in memory after gzip compression. gotty.js opens a WebSocket, creates a terminal emulator (hterm), forwards keyboard input to the backend, and writes backend output back to the terminal.

When a user request arrives, GoTTY launches the target process, obtains its stdin/stdout, and runs two goroutines: one reads the process output and writes it to the WebSocket, the other reads from the WebSocket and writes to the process input.

Deployment Models

Two agent models are discussed:

Distributed agent : Deploy a Web Console agent on each node. The frontend determines the node hosting the container and contacts the corresponding agent directly.

Centralized agent : Deploy a single Web Console agent for the whole cluster, requiring high availability. The frontend sends the host IP and container ID to this agent. When using Docker, the Docker engine must expose a fixed port for docker exec -H; with Kubernetes, kubectl exec can be used.

Security Auditing

To record user actions, the stdout of the command process is logged to a file while being streamed to the browser via WebSocket.

Container Process Cleanup

If a browser tab is closed abruptly, the shell process inside the container may remain alive, leading to orphan processes. The solution is to save the shell’s PID when the connection is established and, upon disconnection, kill the saved PID using docker exec.

Result

The Web Console becomes a sub‑feature of the container management platform, allowing users to click a console button in the UI and interact with containers directly from the browser.