Self-hosted infrastructure, made simple.
A lightweight, modern server control panel for managing web apps, databases, Docker containers, and security β without the complexity of Kubernetes or the cost of managed platforms.
English | EspaΓ±ol | δΈζη | PortuguΓͺs
Features Β· Quick Start Β· Screenshots Β· Architecture Β· Roadmap Β· Docs Β· Contributing Β· Discord
Captured from a mock-data demo build β every hostname, IP, domain, and metric below is fictional.
Dashboard β Live server metrics, KPI cards, your apps at a glance, and a recent-activity feed
AI Assistant β Built-in, Prompture-powered assistant β reads page context, answers questions, and runs tools on your infra
Services β Static, Node.js, Python, PHP, and Docker apps with status, domain, and last-deploy
Service Detail β Per-app deployments, git connection, live resource usage, logs, and settings
WordPress β Per-site WordPress dashboard β status, core version, disk, DB config, Quick Actions, and live site-health checks
Docker β Containers, images, volumes, and networks with live CPU/RAM per container
Databases β MySQL / PostgreSQL / SQLite explorer with a live source tree and SQL console
SQL Console β Run SQL against any database from the browser with a live, typed results grid
Domains β Domains mapped to sites with SSL status, expiry tracking, and auto-renew
DNS Zones β Multi-provider DNS β Cloudflare, Route 53, DigitalOcean β with full record editing
Monitoring β Live host gauges, threshold-based alert rules, delivery channels, and alert history
Security β Security posture score, ClamAV malware scanning, file integrity, firewall, and Fail2Ban
Backups β Scheduled app/database/file backups with S3/B2 remote sync and one-click restore
Mail β Full mail stack β Postfix, Dovecot, OpenDKIM, SpamAssassin, Roundcube β with DKIM/SPF/DMARC
Cron Jobs β Scheduled tasks with cron expressions, human-readable timing, and enable toggles
File Manager β Browse, edit, and upload files from the browser with per-mount disk usage
Logs & Terminal β In-browser log viewer, process list, journald, and full SSH terminal sessions
Servers β Manage every server from one panel with live CPU/RAM/disk telemetry per host
Agent Fleet β Fleet health, agent version distribution, staged rollouts, and command queue
Remote Access β Expose a private/NAT-ed home service publicly by WireGuard-pairing two agents β no port forwarding
Workflow Builder β Node-based visual automation β chain triggers, builds, deploys, and notifications on a canvas
Settings β Profile, security, appearance/branding, users, connections, and notification channels
Login β Email/password sign-in with SSO (Google/GitHub/GitLab) and 2FA support
PHP / WordPress β PHP-FPM 8.x with one-click WordPress installation
Python Apps β Deploy Flask and Django with Gunicorn
Node.js β PM2-managed applications with log streaming
Manual & Zip Deploys β Deploy from a local/manual path or a zip upload, alongside Git and Docker sources
Workflow Builder β Node-based visual automation for server tasks, deployments, and CI/CD
Environment Pipeline β Multi-environment management for WordPress (Prod/Staging/Dev) with code/DB promotion
WordPress Publishing β Publish managed sites at a real subdomain (not localhost:port), safely swap a site's URL with preview, and attach a custom domain with automatic DNS and wildcard HTTPS
Docker β Full container and Docker Compose management with real-time log streaming and terminal access
Container Lifecycle β Image-update detection with one-click apply, auto-sleep for idle containers, and CPU-driven horizontal auto-scaling
Marketplace β Over 60+ one-click templates for popular apps (Immich, Ghost, Authelia, etc.)
Build Packs β Zero-Dockerfile detection that inspects a repo and generates a Dockerfile + compose from a build plan (defers to an author-provided Dockerfile when present)
Declarative Templates β A documented catalog schema with auto-resolved ${SERVICE_*} magic variables (password/user/FQDN/URL/base64) so templates never hardcode generated secrets or hosts
Projects & Environments β Group applications into a Workspace β Project β Environment hierarchy with workspace-scoped access and resource counts
Config Snapshots β Immutable, secret-masked configuration snapshots captured before each deploy, with diff and one-click restore + redeploy
Container Status β One deterministic health status per app, aggregated from its containers and pushed live (healthy / degraded / restarting / unhealthy)
PR Preview Environments β Ephemeral previews driven by a pull-request webhook that open, redeploy, and tear down per PR
Domain Management β Nginx virtual hosts with easy configuration
DNS Zone Management β Full DNS record management with propagation checking (A, AAAA, CNAME, MX, TXT, CAA, etc.)
Dynamic DNS β Token-authenticated A/AAAA updates for home servers and changing IPs, synced through your DNS provider
SSL / TLS β Automatic Let's Encrypt with auto-renewal, optional (best-effort) HTTPS that never blocks an install, hardened TLS 1.2+/AEAD ciphers, Cloudflare-aware configs, and automatic CAA records
Databases β MySQL/MariaDB and PostgreSQL with user management and query interface
Cloud Provisioning β Provision servers on DigitalOcean, Hetzner, Vultr, and Linode with cost tracking
Connections β One place to link every external account: source (GitHub/GitLab), cloud infrastructure, DNS providers, domain registrars with expiry tracking, SMTP relays, and S3/B2 storage β credentials encrypted at rest
Firewall β UFW/firewalld with visual rule management and port presets
Cron Jobs β Schedule tasks with a visual editor
File Manager β Browse, edit, upload, and download files via web interface, including browsing and previewing S3 / Backblaze B2 buckets
FTP Server β Manage vsftpd users and access
Backup & Restore β Automated backups to S3, Backblaze B2, or local storage with scheduling, retention policies, one-click restore, and optional client-side encryption
Secrets & Webhook Gateway β Encrypted secrets store plus an inbound webhook gateway for triggering automation from external events
Email Server β Postfix + Dovecot with DKIM/SPF/DMARC, SpamAssassin, Roundcube webmail, email forwarding rules
Two-Factor Auth β TOTP-based with backup codes
Passkeys / WebAuthn β Passwordless and second-factor sign-in with hardware keys, Touch ID, and Windows Hello
Web Application Firewall β Per-app ModSecurity v3 + OWASP Core Rule Set with detect/block modes, tunable paranoia, and audit-log events
Malware Scanning β ClamAV integration with quarantine
File Integrity Monitoring β Detect unauthorized file changes
Fail2ban & SSH β Brute force protection, SSH key management, IP allowlist/blocklist
Vulnerability Scanning β Lynis security audits with reports and recommendations
Container CVE Scanning & SBOM β Per-image vulnerability scanning with grype and software bill-of-materials generation with syft
Encrypted Secrets at Rest β Provider credentials and system-setting secrets sealed with Fernet encryption
Automatic Updates β unattended-upgrades / dnf-automatic for OS-level patching
Agent-Based Architecture β Cross-platform Go agent (Linux, Windows, macOS) with HMAC-SHA256 authentication and a real-time WebSocket gateway (with HTTP-poll fallback). Native Windows service + MSI installer, plus .deb/.rpm and ARM64 builds. See agent/README.md.
Fleet Management β Agent inventory, connection status, approval queue, rollouts, LAN auto-discovery (UDP), and command queue
Windows Desktop Agent β Native Windows service plus an optional desktop app: WebView2 console, system-tray controls, and a guided pairing wizard for one-click enrollment
Agent Enrollment β Two ways to adopt a server: a secure short-code pairing flow (type a rotating code + passphrase into the panel and verify the key fingerprint) or a pre-shared registration token; host credentials are stored AES-GCM-encrypted. See docs/pairing.md
Fleet Monitor β Cross-server heatmaps, metric comparison charts, alert thresholds, anomaly detection, and capacity forecasting
Agent Plugins β Extensible plugin system with capabilities, permissions, and per-server installation
Server Templates β Configuration templates with compliance tracking, drift detection, and auto-remediation
Remote Docker β Agent-backed Docker operations for connected servers; remote app/site deployment is still evolving
Remote Service Tunnels β Expose a private or NAT'd service (e.g. a home media server) through an edge server over an agent-managed WireGuard tunnel, reusing nginx, DNS, and certificates
API Key Rotation β Secure credential rotation with acknowledgment handshake
Server Onboarding β A guided onboarding state machine (validate β install prerequisites β install Docker β pair agent β ready) driven on the job bus with a live progress log
Per-Server Proxy Stack β Opt-in Dockerized Traefik or Caddy per server with a compose preview before switching; host nginx remains the default
Cross-Server Metrics β Historical metrics with comparison charts and retention policies
Real-time Metrics β CPU, RAM, disk, network monitoring via WebSocket
GPU Monitoring β NVIDIA GPU utilization, memory, temperature, and power, with per-process and per-container usage
Uptime Tracking β Historical server uptime data and visualization
Status Pages β Public status pages with HTTP/TCP/DNS/Ping health checks, component monitoring, and incident management
Notifications β Discord, Slack, Telegram, email (HTML templates), and generic webhooks
Per-User Preferences β Individual notification channels, severity filters, and quiet hours
Multi-User β Admin, developer, and viewer roles with team invitations
Workspaces β Multi-tenant workspace isolation with quotas and member management
RBAC β Granular per-feature permissions (read/write per module)
SSO & OAuth β Google, GitHub, OpenID Connect, and SAML 2.0 with account linking
Audit Logging β Track all user actions with detailed activity dashboard
API Keys β Tiered API keys (standard/elevated/unlimited) with rate limiting, usage analytics, and OpenAPI documentation
API Token Scopes β Fine-grained, additive scopes for API keys (enforced for programmatic X-API-Key callers; JWT/session users stay RBAC-governed)
Shared Resources β Polymorphic tags and attachable shared variable groups with a merged "resolved" view and masked secrets
Webhook Subscriptions β Event-driven webhooks with HMAC signatures, retry logic, and custom headers
Sidebar Presets β Switch between Full, Web Hosting, Email Admin, DevOps, and Minimal views with one click
Collapsible Navigation β Sidebar groups auto-expand on navigation and collapse when switching sections
Accent Colors β 8 preset accent colors plus custom hex picker
Custom Branding β White-label the sidebar with your own logo, brand name, or full-width banner
Dashboard Widgets β Toggle and reorder dashboard widgets to fit your workflow
β±οΈ Up and running in under 2 minutes
curl -fsSL https://serverkit.ai/install.sh | bashWorks on Ubuntu 22.04+, Debian 12+, Fedora, and RHEL/Rocky/AlmaLinux 9+. Sets up everything automatically.
Optional:
PANEL_DOMAIN=panel.example.comsets the domain and tries Let's Encrypt;SERVERKIT_OFFLINE_TARBALL=...installs from a local tarball.
sudo serverkit updateAtomic blue/green update with pre-flight checks, DB backup, migration, and
automatic rollback. Use --dry-run to preview, --branch dev for dev builds,
or --release [version] for release tarballs.
git clone https://github.com/jhd3197/ServerKit.git
cd ServerKit
cp .env.example .env # then edit .env with your secrets
docker compose up -d # access at http://localhostSee the Installation Guide for step-by-step instructions.
| Minimum | Recommended | |
|---|---|---|
| OS | Ubuntu 22.04 LTS | Ubuntu 24.04 LTS |
| CPU | 1 vCPU | 2+ vCPU |
| RAM | 1 GB | 2+ GB |
| Disk | 10 GB | 20+ GB |
| Docker | 24.0+ | Latest |
View More Screenshots
ββββββββββββββββββββ
β INTERNET β
ββββββββββ¬ββββββββββ
β
βΌ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β YOUR SERVER β
β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β NGINX (Reverse Proxy) β β
β β :80 / :443 β β
β β β β
β β app1.com βββ app2.com βββ api.app3.com βββ β β
β βββββββββββββββββΌββββββββββββββββββΌββββββββββββββββββββββΌββββββββββββββ β
β β proxy_pass β proxy_pass β proxy_pass β
β βΌ βΌ βΌ β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β DOCKER CONTAINERS β β
β β β β
β β βββββββββββββ βββββββββββββ βββββββββββββ β β
β β β WordPress β β Flask β β Node.js β ... β β
β β β :8001 β β :8002 β β :8003 β β β
β β βββββββ¬ββββββ βββββββββββββ βββββββββββββ β β
β ββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β β
β βΌ β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β DATABASES β β
β β MySQL :3306 PostgreSQL :5432 Redis :6379 β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
View Full Architecture Documentation β β Request flow, template system, port allocation, database linking, and troubleshooting.
- Core infrastructure β Flask + React + JWT + WebSocket
- Application management β PHP, Python, Node.js, Docker
- Domain & SSL β Nginx virtual hosts, Let's Encrypt
- Databases β MySQL, PostgreSQL
- File & FTP management
- Monitoring & alerts β Metrics, webhooks, uptime tracking
- Security β 2FA, ClamAV, file integrity, Fail2ban, Lynis
- Firewall β UFW/firewalld integration
- Multi-server monitoring β Go agent, centralized dashboard
- Git deployment β Webhooks, auto-deploy, rollback, zero-downtime
- Backup & restore β S3, Backblaze B2, scheduled backups
- Email server β Postfix, Dovecot, DKIM/SPF/DMARC, Roundcube
- Team & permissions β RBAC, invitations, audit logging
- API enhancements β API keys, rate limiting, OpenAPI docs, webhook subscriptions
- SSO & OAuth β Google, GitHub, OIDC, SAML
- Database migrations β Flask-Migrate/Alembic, versioned schema
- Agent fleet management β Version rollouts, approval queue, discovery, command queue
- Cross-server monitoring β Fleet heatmaps, comparison charts, anomaly detection, capacity forecasting
- Remote app/site deployment through connected agents
- Agent plugin system β Extensible agent with capabilities, permissions, per-server install
- Server templates & config sync β Drift detection, compliance dashboards, auto-remediation
- Multi-tenancy β Workspaces with quotas, member management, isolation
- DNS zone management β Full record management with propagation checking
- Status pages β Public status pages with health checks, incident management
- Cloud provisioning β DigitalOcean, Hetzner, Vultr, Linode with cost tracking
- Customizable sidebar β Collapsible groups, view presets, accent colors, white-label branding
- Web Application Firewall β Per-app ModSecurity v3 + OWASP CRS
- Container security β Image CVE scanning (grype) + SBOM (syft)
- Passwordless auth β WebAuthn / passkeys
- Dynamic DNS β Token-authenticated A/AAAA updates
- GPU monitoring β NVIDIA utilization, memory, and processes
- Container lifecycle β Image-update apply, auto-sleep, horizontal auto-scaling
- TLS hardening β Optional HTTPS, Cloudflare-aware configs, automatic CAA
- Secrets manager & inbound webhook gateway
- Remote access β Expose private/NAT'd services via agent-managed WireGuard tunnels
- Connections hub β Unified external accounts (source, cloud, DNS, registrars, SMTP, storage)
- WordPress publishing β Real subdomains, URL-swap, custom domains, wildcard HTTPS
Full details: ROADMAP.md
| Document | Description |
|---|---|
| Architecture | System design, request flow, diagrams |
| Installation Guide | Complete setup instructions |
| Deployment Guide | CLI commands and production deployment |
| Agent | Install & run the multi-server agent (Linux/Windows/macOS) |
| Agent Pairing | Secure short-code agent enrollment |
| API Reference | REST API endpoints |
| New Features | Endpoint & page reference for the latest dev features |
| Enhancements | Guide to the ten developer-experience, team/scale, fleet, and security capabilities |
| Changelog | Release history and notable changes |
| Roadmap | Development roadmap and planned features |
| Contributing | How to contribute |
| Layer | Technology |
|---|---|
| Backend | Python 3.11, Flask, SQLAlchemy, Flask-SocketIO, Flask-Migrate |
| Frontend | React 18, Vite, SCSS, Recharts |
| Database | SQLite / PostgreSQL |
| Web Server | Nginx, Gunicorn (GeventWebSocket) |
| Containers | Docker, Docker Compose |
| Security | ClamAV, Lynis, Fail2ban, ModSecurity v3 + OWASP CRS, grype, syft, TOTP (pyotp), Fernet encryption |
| Auth | JWT, OAuth 2.0, OIDC, SAML 2.0, WebAuthn / passkeys |
| Postfix, Dovecot, SpamAssassin, Roundcube | |
| Agent | Go (multi-server), HMAC-SHA256, WebSocket |
Contributions are welcome! Please read CONTRIBUTING.md first.
fork β feature branch β commit β push β pull request
Priority areas: Cloud provider integrations, marketplace extensions, UI/UX improvements, documentation, test coverage.
Join the Discord to ask questions, share feedback, or get help with your setup.
ServerKit β Simple. Modern. Self-hosted.
Made with β€οΈ by Juan Denis
