pamsler/proxydeck

By pamsler

Updated 4 months ago

Self-hosted reverse proxy with SSL, WAF, bot protection & analytics

Image
Networking
Security
1

10K+

pamsler/proxydeck repository overview

ProxyDeck

Enterprise-grade self-hosted reverse proxy management platform

Reverse Proxy | SSL Automation | WAF | Bot Protection | IP Reputation | Geo-Blocking | PIN Access | DNS Management | Anomaly Detection | Alerting | Analytics | SSO | MFA | Passkeys

Quick Start

mkdir proxydeck && cd proxydeck
curl -fsSL https://raw.githubusercontent.com/pamsler/proxydeck/main/docker-compose.prod.yml -o docker-compose.prod.yml
curl -fsSL https://raw.githubusercontent.com/pamsler/proxydeck/main/.env.example -o .env

Edit .env with your configuration, then:

mkdir -p backup
docker compose -f docker-compose.prod.yml up -d

Access the dashboard at http://your-server-ip:8080

Features

  • Reverse Proxy - Easy host configuration with load balancing, WebSocket, HTTP/2 & HTTP/3 support
  • SSL/TLS - Let's Encrypt integration with auto-renewal, wildcard certificates, DNS-01 challenges
  • WAF - SQL injection, XSS, path traversal protection with custom rules and host groups
  • IP Reputation - AbuseIPDB & AlienVault OTX integration, auto-ban for high-risk IPs, non-blocking checks
  • Bot Protection - JavaScript challenges, CAPTCHA, threat scoring, automatic banning
  • Access Control - Password authentication (Gate) and PIN-only access protection per host
  • Geo-Blocking - Country-based traffic filtering with GeoIP
  • Rate Limiting - DDoS protection with Redis-backed distributed limiting
  • DNS Management - Cloudflare and Hetzner DNS integration
  • Anomaly Detection - 14-day rolling baselines, z-score analysis, traffic/error/bandwidth anomaly alerts
  • Alerting - Slack, Discord, Telegram, Email, Webhooks with granular event filters
  • Scheduled Maintenance - Plan maintenance windows with custom pages, countdown timer, bilingual support
  • Analytics - Real-time dashboard, traffic analytics, response time percentiles (P50-P99), geographic distribution
  • API - RESTful API with tier-based rate limiting (Free/Basic/Pro/Enterprise/Unlimited) and usage analytics
  • Uptime Monitoring - TCP/HTTP health checks with latency tracking
  • Authentication - MFA (TOTP), Passkeys (WebAuthn/FIDO2), SSO (Microsoft Entra ID)
  • Multi-User - Role-based access control with audit logging
  • Backup & Restore - Encrypted automated backups

Environment Variables

VariableRequiredDescription
IMAGE_TAGNoDocker image version (default: latest)
ADMIN_USERYesAdmin username
ADMIN_PASSYesAdmin password
JWT_SECRETYesJWT signing secret (64+ chars)
MFA_ENCRYPTION_KEYYesMFA encryption key (64+ chars)
FRONTEND_URLYesDashboard domain (auto-creates proxy + SSL)
ACME_EMAILYesLet's Encrypt registration email
TZNoTimezone (default: Europe/Zurich)
ENABLE_H3NoEnable HTTP/3 QUIC (default: 1)

Ports

PortDescription
80HTTP traffic and ACME challenges
443HTTPS traffic
8080Management dashboard

Volumes

VolumeDescription
confdNginx configuration
dataApplication data
certsSSL certificates
acmeACME challenge files
le_etcLet's Encrypt config
le_varLet's Encrypt work directory
le_logLet's Encrypt logs
pgdataPostgreSQL database
redis_dataRedis persistence

Tags

TagDescription
latestLatest stable release (recommended)
v0.1.xBeta releases

Requirements

  • Docker and Docker Compose
  • 2GB RAM minimum (4GB recommended)
  • 2 CPU cores minimum
  • Ports 80, 443, and 8080 available
  • Domain name with ports 80/443 forwarded (for Let's Encrypt)

Documentation

Full documentation, screenshots, and source code available on GitHub:

https://github.com/pamsler/proxydeck

License

MIT License - see LICENSE for details.

Tag summary

Content type

Image

Digest

sha256:121a9f0c6

Size

3.5 MB

Last updated

4 months ago

docker pull pamsler/proxydeck:v0.1.43