Direct answer
Hermes WebUI Docker deployments depend on more than a container starting. The WebUI must see the intended Hermes home, the workspace mount, the provider configuration, and the right host networking behavior. A green container can still be unusable if it mounted the wrong home directory or bound the service too broadly.
When this matters
- A homelab operator is moving from a local Python process into Docker Compose.
- A team wants named volumes for isolation but still needs predictable workspace access.
- A developer sees an empty workspace or missing config after running Docker with elevated permissions.
How to handle it
- Paste a redacted compose file, environment section, and mount summary.
- Inspect bind mounts, named volumes, UID/GID expectations, port binding, and password state.
- Flag two-container tool execution limits, host API access assumptions, and provider reachability gaps.
- Export a deploy order, verification guide, and evidence receipt for the selected plan.
Common risks
- Running compose with the wrong home expansion can mount an empty Hermes home.
- A two-container setup can place tool execution in the WebUI container instead of the agent container.
- Public port exposure without password protection is not a safe default.
How Launch Lab connects
Launch Lab turns Docker details into a clear pass, warning, or blocker map with paid exports for team reviews.