{"id":49580250,"url":"https://github.com/floppy007/floppyguard","last_synced_at":"2026-06-07T02:02:02.298Z","repository":{"id":355453881,"uuid":"1228159978","full_name":"floppy007/floppyguard","owner":"floppy007","description":"WireGuard VPN management + nginx reverse proxy in one platform. Fork of nginx-proxy-manager.","archived":false,"fork":false,"pushed_at":"2026-05-27T08:26:25.000Z","size":23635,"stargazers_count":1,"open_issues_count":5,"forks_count":0,"subscribers_count":0,"default_branch":"develop","last_synced_at":"2026-05-27T10:17:58.523Z","etag":null,"topics":["nginx","nginx-proxy-manager","nodejs","reverse-proxy","self-hosted","typescript","vpn","wireguard"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"NginxProxyManager/nginx-proxy-manager","license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/floppy007.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":"ROADMAP.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-05-03T17:12:01.000Z","updated_at":"2026-05-27T08:26:29.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/floppy007/floppyguard","commit_stats":null,"previous_names":["floppy007/floppyguard"],"tags_count":18,"template":false,"template_full_name":null,"purl":"pkg:github/floppy007/floppyguard","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/floppy007%2Ffloppyguard","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/floppy007%2Ffloppyguard/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/floppy007%2Ffloppyguard/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/floppy007%2Ffloppyguard/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/floppy007","download_url":"https://codeload.github.com/floppy007/floppyguard/tar.gz/refs/heads/develop","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/floppy007%2Ffloppyguard/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34006037,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-07T02:00:07.652Z","response_time":124,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["nginx","nginx-proxy-manager","nodejs","reverse-proxy","self-hosted","typescript","vpn","wireguard"],"created_at":"2026-05-03T19:02:04.314Z","updated_at":"2026-06-07T02:02:02.293Z","avatar_url":"https://github.com/floppy007.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\"frontend/public/images/floppyguard-logo.png\" alt=\"FloppyGuard\" width=\"280\" /\u003e\n\u003c/p\u003e\n\n# FloppyGuard\n\n\u003e Nginx reverse proxy manager with integrated WireGuard VPN management, a visual topology map, remote agent support and a hardened host-based runtime.\n\n[![License: AGPL-3.0](https://img.shields.io/badge/License-AGPL--3.0-blue.svg)](LICENSE)\n[![Version](https://img.shields.io/badge/version-1.3.19-blue.svg)](CHANGELOG.md)\n[![CI](https://github.com/floppy007/floppyguard/actions/workflows/ci.yml/badge.svg)](https://github.com/floppy007/floppyguard/actions/workflows/ci.yml)\n\n---\n\n## Features\n\n**Inherited from nginx-proxy-manager**\n- Proxy hosts, redirection hosts, streams, 404/dead hosts\n- Let's Encrypt certificates (HTTP + DNS challenge)\n- Access lists, multiple users, audit log\n\n**Added by FloppyGuard**\n- WireGuard interface, peer and link management with visual topology map\n- WireGuard tunnel creation from the UI — name, type, DNS, platform (desktop/mobile), full tunnel toggle\n- WireGuard peer CRUD — create, update and delete peers live from the UI\n- Peer config export with QR code for mobile enrollment\n- DNS/nameserver auto-config per interface or link, with platform-aware AllowedIPs\n- Road warrior peers auto-inherit all remote site networks in AllowedIPs\n- Planning layer: links go through discover → shape → validate → ready stages\n- Remote agent system — push WireGuard configs to remote hosts (native Linux + UniFi-compatible mode)\n- Auto-MASQUERADE — cross-site LAN traffic gets NAT rules auto-generated and pushed to agents\n- Live bandwidth monitoring with per-peer sparklines and donut gauges\n- Platform dashboard — proxy stats, WireGuard summary, gateway overview, fail2ban status in one view\n- Fail2Ban UI — view jails and banned IPs, unban with one click\n- nftables firewall hardening (strict INPUT policy, only required ports open)\n- Strict CIDR/IP validation on all WireGuard network inputs — network values flow into root-executed routing rules, so anything that is not a clean address/CIDR is rejected\n- Multilanguage UI — English, German, French\n- Dark mode with compact glassmorphism header and theme toggle\n\n---\n\n## Architecture\n\nFloppyGuard runs **host-based** — no Docker container for the application itself.\n\n```\nInternet → nginx (80/443) → proxy host configs in /data/nginx/\n                          → port 81 (admin UI)\n\nPort 81   nginx serves frontend/dist (SPA) → /api/ → backend :3300\nPort 3300 FloppyGuard backend (Node.js, systemd unit: floppyguard-backend)\n```\n\n- **Backend**: Express.js (`backend/index.js`), managed by systemd\n- **Frontend**: React 19 + Vite, built to `frontend/dist`, served by nginx on port 81\n- **Database**: MySQL, PostgreSQL or SQLite (configured via environment variables)\n- **Nginx configs**: generated and written to `/data/nginx/`, loaded by system nginx\n- **Certs**: Let's Encrypt via certbot, stored at `/opt/npm/letsencrypt/`\n\n---\n\n## Installation\n\n### Prerequisites\n\n- Debian 12/13 or Ubuntu 22.04+\n- Node.js 22+ and Yarn\n- nginx (system package)\n- WireGuard tools (`wireguard-tools`)\n- nftables\n- fail2ban (optional but recommended)\n- MySQL or PostgreSQL (SQLite for dev/testing)\n\n### Quick install\n\n```bash\ncurl -fsSL https://raw.githubusercontent.com/floppy007/floppyguard/develop/scripts/install.sh | bash\n```\n\nThe script will:\n1. Check and install missing prerequisites\n2. Clone the repository to `/var/www/floppyguard`\n3. Install Node.js dependencies and build the frontend\n4. Create the systemd unit `floppyguard-backend`\n5. Write an nginx config for the admin UI (port 81)\n6. Set up environment variables for DB access\n\n### Manual installation\n\n```bash\n# 1. Clone\ngit clone https://github.com/floppy007/floppyguard.git /var/www/floppyguard\ncd /var/www/floppyguard\n\n# 2. Install dependencies\ncd backend \u0026\u0026 yarn install --frozen-lockfile \u0026\u0026 cd ..\ncd frontend \u0026\u0026 yarn install --frozen-lockfile \u0026\u0026 yarn build \u0026\u0026 cd ..\n\n# 3. Create data directory\nmkdir -p /data/nginx /opt/npm/letsencrypt\n\n# 4. Install systemd service\ncp docs/examples/floppyguard-backend.service /etc/systemd/system/\n# Edit the service file — set DB_MYSQL_* environment variables\nsystemctl daemon-reload\nsystemctl enable --now floppyguard-backend\n\n# 5. Configure nginx\ncp docs/examples/floppyguard-nginx.conf /etc/nginx/conf.d/floppyguard.conf\nnginx -t \u0026\u0026 nginx -s reload\n```\n\n### Environment variables\n\nSet these in the systemd unit file (`/etc/systemd/system/floppyguard-backend.service`):\n\n| Variable | Default | Description |\n|---|---|---|\n| `DB_MYSQL_HOST` | — | MySQL host |\n| `DB_MYSQL_PORT` | `3306` | MySQL port |\n| `DB_MYSQL_USER` | — | MySQL user |\n| `DB_MYSQL_PASSWORD` | — | MySQL password |\n| `DB_MYSQL_NAME` | — | MySQL database name |\n| `DB_SQLITE_FILE` | — | SQLite file path (alternative to MySQL, for dev/testing) |\n| `WG_CONF_DIR` | `/etc/wireguard` | WireGuard config directory |\n| `WG_HUB_HOST` | OS hostname | Public domain/IP for WireGuard endpoint in peer and agent configs |\n| `WG_DNS` | — | Default DNS for peer configs (comma-separated) |\n| `PORT` | `3300` | Backend listen port |\n\n---\n\n## Operations\n\n```bash\n# Status\nsystemctl status floppyguard-backend\n\n# Restart\nsystemctl restart floppyguard-backend\n\n# Logs (live)\njournalctl -u floppyguard-backend -f\n\n# nginx\nnginx -t \u0026\u0026 nginx -s reload\n\n# Check all routes\n./scripts/check-production-routes\n```\n\nSee [docs/OPERATIONS.md](docs/OPERATIONS.md) for the full runbook.\n\n---\n\n## Development\n\n### Prerequisites\n\n- Node.js 22+ and Yarn\n- MySQL (or SQLite for quick local dev)\n\n### Backend\n\n```bash\ncd backend\nyarn install\nnode index.js   # start backend (or use systemd)\nnpx biome lint .  # Biome linting\nnode --test internal/*.test.js  # unit tests\n```\n\n### Frontend\n\n```bash\ncd frontend\nyarn install\nyarn dev        # Vite dev server → http://localhost:5173\nyarn build      # TypeScript check + production build → dist/\nnpx biome lint .  # Biome linting\nnpx vitest run  # unit tests\n```\n\n---\n\n## Project structure\n\n```\nbackend/          Express.js API (Node 22+, ES modules)\nfrontend/         React 19 + TypeScript + Vite\nscripts/          Operational scripts (install, start, stop, check)\ndocs/             VitePress documentation + architecture notes\ntest/             Cypress E2E + Vacuum OpenAPI contract tests\n```\n\n---\n\n## Changelog\n\nSee [CHANGELOG.md](CHANGELOG.md).\n\n---\n\n## License\n\nAGPL-3.0 — see [LICENSE](LICENSE).\n\n**Additional Term (§7 AGPL-3.0):** Any deployment of this software over a network must retain a visible \"Powered by FloppyGuard\" notice with a link to this repository in the UI footer.\n\nFloppyGuard © Florian Hesse, [Comnic-IT](https://comnic-it.de).\nBuilt on top of [nginx-proxy-manager](https://github.com/NginxProxyManager/nginx-proxy-manager) by Jamie Curnow (MIT).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffloppy007%2Ffloppyguard","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffloppy007%2Ffloppyguard","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffloppy007%2Ffloppyguard/lists"}