Domain Locker

Domain Locker is a self‑hosted, all‑in‑one domain management platform designed for developers who need granular control over a large portfolio of domains. From the backend, it aggregates data across multiple registrars and DNS providers, normalizes that information into a unified schema, and exposes it through a RESTful API, Prometheus metrics endpoint, and webhooks. The core objective is to replace fragmented registrar dashboards with a single source of truth that can be queried programmatically, visualized in custom tooling, or used to trigger automated workflows.

Architecture & Technical Stack

The application is built on Go (Golang) for its concurrency model and static binary output, which simplifies containerization. The service layer is a modular set of micro‑services that communicate over gRPC, while the public API uses JSON‑REST for compatibility. Data persistence is handled by PostgreSQL with a logical replication setup that allows the database to scale horizontally using read replicas. The front‑end is a single‑page application written in React with TypeScript, consuming the API via GraphQL for efficient data fetching. A background worker pool powered by Celery‑like Go workers performs scheduled domain audits, SSL checks (via acme.sh integration), and DNS record verification.

Core Capabilities & APIs

• Domain Asset Discovery: Periodic crawlers query registrar APIs (e.g., GoDaddy, Namecheap) and DNS providers to pull SSL certificates, host records, IP addresses, and subdomains. The data model exposes relationships between domains, certificates, and DNS zones.
• Metrics & Export: Prometheus metrics expose domain health scores, expiration windows, and change frequencies. Users can also export data to CSV or iCal feeds for calendar integrations.
• Eventing & Webhooks: Domain change events (expiration, DNS updates, WHOIS changes) trigger webhooks that can be consumed by external CI/CD pipelines or alerting systems. Supported transports include email, Slack, Telegram, Signal, and custom HTTP endpoints.
• Audit Trail: Every external change is logged with a timestamp, source registrar, and payload diff. This audit log can be queried via the API for compliance reporting.

Deployment & Infrastructure

Domain Locker ships as a Docker Compose stack with optional Helm charts for Kubernetes. The container image is statically linked, making it lightweight (≈ 70 MB). For production, the recommended deployment is a stateful set with PostgreSQL running in a separate cluster or managed service. Horizontal scaling is achieved by adding API replicas behind a load balancer; the worker pool can be scaled independently to handle high-frequency audit loads. The system is designed for zero-downtime upgrades: rolling updates to the API service do not affect the background workers, and vice versa.

Integration & Extensibility

The platform exposes a plugin SDK that allows developers to write custom data collectors or notification handlers in Go. Plugins are loaded at runtime via a simple plugins/ directory, and can register new endpoints or event listeners without modifying the core codebase. Additionally, a webhook dispatcher supports conditional routing rules (e.g., send SSL expiry alerts only to a specific Slack channel), making it easy to integrate with existing DevOps toolchains. The open‑source nature encourages community-contributed connectors for niche registrars or DNS services.

Developer Experience

Domain Locker’s documentation follows a developer‑first approach: the README includes clear API reference tables, schema diagrams, and example payloads. The codebase is well‑structured with extensive unit tests (≈ 85 % coverage) and a continuous integration pipeline that runs static analysis with golangci-lint. Community support is active on GitHub Discussions and a dedicated Discord server, where contributors can request new features or report bugs. The configuration is driven by environment variables and a declarative config.yaml, allowing seamless integration into CI/CD pipelines or infrastructure-as-code setups.

Use Cases

• Enterprise Domain Portfolios: Companies managing hundreds of domains across multiple registrars can centralize renewal alerts and security checks, reducing manual oversight.
• DevOps Automation: Integrate domain expiry events into Terraform or Ansible workflows to trigger automated renewal scripts.
• Security Audits: Use the audit trail and security recommendations API to feed into SIEM systems or compliance dashboards.
• Custom Dashboards: Export Prometheus metrics to Grafana and build bespoke visualizations tailored to specific business KPIs.

Advantages

Developers choose Domain Locker over proprietary registrar dashboards because it offers full programmatic control, a license-free open‑source core, and the ability to run it on any infrastructure—whether a local VM or a cloud Kubernetes cluster. Its lightweight Go binaries provide low memory footprints, while the plugin system and webhook flexibility give teams the agility to adapt to evolving tooling ecosystems. Performance is bolstered by concurrent workers and a read‑replica database strategy, ensuring that even large domain inventories remain responsive.