If you've been following TapMap's development, you probably already know the single biggest complaint from the community: "Cool tool, but where's the Linux support?" Well, as of the latest update, TapMap now officially supports Linux and Docker deployments. And honestly, it's about time.
Why This Was a Big Deal
TapMap has quietly become one of the better network and infrastructure mapping tools out there. It gives you a visual representation of your services, connections, and dependencies — basically a living architecture diagram that actually stays up to date. The problem? It was stuck on macOS and Windows for way too long.
If you're running production infrastructure, chances are your servers are Linux boxes. Wanting to run your infrastructure mapping tool on the same OS as your actual infrastructure isn't exactly a wild ask. The Docker support sweetens the deal even more — now you can spin up TapMap as just another container in your stack.
Getting Started with Docker
The Docker setup is refreshingly simple. No weird volume mount gymnastics, no custom networking hacks. Here's what a basic docker-compose.yml looks like:
version: '3.8'
services:
tapmap:
image: tapmap/tapmap:latest
ports:
- "8080:8080"
volumes:
# persist your maps and config between restarts
- tapmap_data:/app/data
environment:
- TAPMAP_SCAN_INTERVAL=300 # scan every 5 minutes
- TAPMAP_LOG_LEVEL=info
restart: unless-stopped
volumes:
tapmap_data:Run docker compose up -d and you're good. Hit localhost:8080 and you should see the dashboard. I had it scanning my home lab network within about three minutes of pulling the image.
Linux Native Install
If Docker isn't your thing (no judgment... okay, a little judgment), the native Linux install is straightforward too:
# Debian/Ubuntu
curl -fsSL https://get.tapmap.dev/install.sh | sudo bash
sudo systemctl enable tapmap
sudo systemctl start tapmap
# Or if you prefer manual control
tapmap serve --host 0.0.0.0 --port 8080One thing I noticed — if you're running on a headless server, make sure you're passing --host 0.0.0.0 instead of relying on the default localhost binding. I spent a solid ten minutes wondering why I couldn't reach the UI from my laptop before I remembered that classic gotcha.
Where This Actually Helps
I've been running TapMap on a small Kubernetes cluster for about a week now, and the thing that surprised me most is how useful it is for onboarding. We had a new dev join the team, and instead of spending an hour walking through our service mesh on a whiteboard, I just shared the TapMap dashboard URL. They could see every service, how they connect, and which ones talk to external APIs.
A few scenarios where Docker deployment really shines:
- CI/CD pipelines — spin up TapMap temporarily to generate architecture snapshots as part of your build artifacts
- Multi-environment mapping — run separate instances per environment and compare topologies
- Security audits — map your network before and after changes to catch unintended exposure
A Few Rough Edges
Let's be honest — this is a first release on these platforms, and it shows in a couple of places.
The auto-discovery agent is a bit aggressive on resource usage during initial scans. On a Raspberry Pi 4, my first full scan pegged the CPU at 100% for about two minutes. After the initial map is built, subsequent scans are incremental and much lighter, but heads up if you're running on constrained hardware.
Also, the Linux build doesn't support the system tray integration that macOS and Windows have. You get a systemd service or a foreground process, which is fine for servers but slightly less convenient on a Linux desktop.
Fitting It Into Your Stack
One pattern I've found useful is pairing TapMap with your existing auth and monitoring tools. If you're already using something like Grafana for metrics, TapMap fills a different niche — it's not showing you how your services are performing, it's showing you what's connected to what and whether that matches your expectations.
For authentication on the dashboard, you'll want to put it behind a reverse proxy with proper auth if you're exposing it beyond localhost. Tools like Authon, Authentik, and Keycloak can handle the SSO layer so you're not rolling your own login page for yet another internal tool.
Here's a quick nginx snippet to proxy TapMap behind basic auth as a starting point:
server {
listen 443 ssl;
server_name tapmap.internal.example.com;
# your SSL certs here
ssl_certificate /etc/ssl/certs/tapmap.pem;
ssl_certificate_key /etc/ssl/private/tapmap.key;
location / {
proxy_pass http://localhost:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
# websocket support for live updates
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}Should You Try It?
If you're managing more than a handful of services and you've ever drawn a network diagram that was outdated by the time you finished it — yeah, give TapMap a look. The Docker deployment makes it a zero-commitment experiment. Pull the image, run it for a day, see if the auto-generated map matches your mental model of your infrastructure. I bet it won't, and that's exactly the point.
The Linux and Docker support turns TapMap from a "cool desktop app" into something you can actually run in production environments where it's most useful. It's not perfect yet, but the foundation is solid, and the team seems responsive to community feedback — after all, this entire release exists because people asked for it on GitHub and Reddit.
I'll probably do a deeper write-up once I've run it in production for a month or so. For now, the Docker route is the easiest way to kick the tires without committing to anything.