What problem will this feature address?
Currently, native applications and databases in Dokploy seem to share a single global network (dokploy-network). While this makes communication between services easy out-of-the-box, it introduces a security risk, especially in multi-tenant architectures or when strictly separating environments (e.g., staging vs. production). If one application is compromised, it theoretically has network-level access to all other databases and apps hosted on the same server, regardless of the project they belong to.
Describe the solution you'd like
Implement automatic network isolation at the Project/Environment level, bridging the gap between Dokploy's ease of use and Docker Compose's native security.
Specifically:
-
Isolated Default Networks: Each project (or environment) should automatically generate and use its own isolated Docker network (e.g., projectA-production_network, projectB-staging_network).
-
Auto-Assignment: When a user creates a new resource (App, Database, or Compose) inside a project, it should be attached to this isolated project network by default, rather than a global one.
-
Network Management UI: Add a "Manage Networks" button on the Project page. This would allow users to see their project's default network, create custom internal networks, or manually attach specific services to shared networks if they explicitly want them to communicate across projects.
Describe alternatives you've considered
-
Using Docker Compose exclusively: Deploying all services strictly through Docker Compose rather than using Dokploy's native Application/Database creation tools. While this natively provides the desired network isolation, it entirely defeats the purpose of using Dokploy's intuitive UI and convenient click-to-deploy features.
-
Manual Network Management via CLI: Connecting to the server via SSH to manually create Docker networks (docker network create...) and then overriding the network settings for each individual service within Dokploy. This process is tedious, error-prone, and goes against the seamless PaaS (Platform as a Service) experience that Dokploy aims to provide.
Additional context
This approach would align Dokploy's native deployments with standard security best practices (similar to how standard Docker Compose isolates environments by default), while keeping the "click-and-deploy" magic that makes the platform great.
Will you send a PR to implement it?
No
What problem will this feature address?
Currently, native applications and databases in Dokploy seem to share a single global network (dokploy-network). While this makes communication between services easy out-of-the-box, it introduces a security risk, especially in multi-tenant architectures or when strictly separating environments (e.g., staging vs. production). If one application is compromised, it theoretically has network-level access to all other databases and apps hosted on the same server, regardless of the project they belong to.
Describe the solution you'd like
Implement automatic network isolation at the Project/Environment level, bridging the gap between Dokploy's ease of use and Docker Compose's native security.
Specifically:
Isolated Default Networks: Each project (or environment) should automatically generate and use its own isolated Docker network (e.g., projectA-production_network, projectB-staging_network).
Auto-Assignment: When a user creates a new resource (App, Database, or Compose) inside a project, it should be attached to this isolated project network by default, rather than a global one.
Network Management UI: Add a "Manage Networks" button on the Project page. This would allow users to see their project's default network, create custom internal networks, or manually attach specific services to shared networks if they explicitly want them to communicate across projects.
Describe alternatives you've considered
Using Docker Compose exclusively: Deploying all services strictly through Docker Compose rather than using Dokploy's native Application/Database creation tools. While this natively provides the desired network isolation, it entirely defeats the purpose of using Dokploy's intuitive UI and convenient click-to-deploy features.
Manual Network Management via CLI: Connecting to the server via SSH to manually create Docker networks (docker network create...) and then overriding the network settings for each individual service within Dokploy. This process is tedious, error-prone, and goes against the seamless PaaS (Platform as a Service) experience that Dokploy aims to provide.
Additional context
This approach would align Dokploy's native deployments with standard security best practices (similar to how standard Docker Compose isolates environments by default), while keeping the "click-and-deploy" magic that makes the platform great.
Will you send a PR to implement it?
No