Dev Tools · 2h ago
Mooring: A security-first self-hosted PaaS separates read and write planes
Mooring is a new self-hosted PaaS that runs as an unprivileged systemd service, not root, and uses a read-only Docker socket proxy for dashboards. It separates the read plane (logs, health) from the write plane (deploy, restart) to limit attack surface. The Go binary embeds all assets, uses SQLite, and supports TOTP 2FA with session revocation on credential changes.
Meridian48 take
Mooring's focus on least-privilege design is a practical response to the over-privileged defaults of many self-hosted PaaS tools, but it's early-stage and faces an uphill battle against established alternatives.
Read the full reporting
The part of a PaaS you use most should have the least power — so I built Mooring →
DEV Community
self-hosted-paassecurity