ServerKit
Self-hosted infrastructure, made simple.
A lightweight, modern server control panel for managing web apps, databases, Docker containers, and security — without the complexity of Kubernetes or the cost of managed platforms.
English | Español | 中文版 | Português
Features · Quick Start · Screenshots · Architecture · Roadmap · Docs · Contributing · Discord
🎯 Features
🚀 Apps & Deployment
PHP / WordPress — PHP-FPM 8.x with one-click WordPress installation
Python Apps — Deploy Flask and Django with Gunicorn
Node.js — PM2-managed applications with log streaming
Workflow Builder — Node-based visual automation for server tasks, deployments, and CI/CD
Environment Pipeline — Multi-environment management for WordPress (Prod/Staging/Dev) with code/DB promotion
Docker — Full container and Docker Compose management with real-time log streaming and terminal access
Marketplace — Over 60+ one-click templates for popular apps (Immich, Ghost, Authelia, etc.)
🏗️ Infrastructure
Domain Management — Nginx virtual hosts with easy configuration
DNS Zone Management — Full DNS record management with propagation checking (A, AAAA, CNAME, MX, TXT, etc.)
SSL Certificates — Automatic Let's Encrypt with auto-renewal
Databases — MySQL/MariaDB and PostgreSQL with user management and query interface
Cloud Provisioning — Provision servers on DigitalOcean, Hetzner, Vultr, and Linode with cost tracking
Firewall — UFW/firewalld with visual rule management and port presets
Cron Jobs — Schedule tasks with a visual editor
File Manager — Browse, edit, upload, and download files via web interface
FTP Server — Manage vsftpd users and access
Backup & Restore — Automated backups to S3, Backblaze B2, or local storage with scheduling, retention policies, and one-click restore
Email Server — Postfix + Dovecot with DKIM/SPF/DMARC, SpamAssassin, Roundcube webmail, email forwarding rules
🔒 Security
Two-Factor Auth — TOTP-based with backup codes
Malware Scanning — ClamAV integration with quarantine
File Integrity Monitoring — Detect unauthorized file changes
Fail2ban & SSH — Brute force protection, SSH key management, IP allowlist/blocklist
Vulnerability Scanning — Lynis security audits with reports and recommendations
Automatic Updates — unattended-upgrades / dnf-automatic for OS-level patching
🖥️ Multi-Server Management
Agent-Based Architecture — Cross-platform Go agent (Linux, Windows, macOS) with HMAC-SHA256 authentication and a real-time WebSocket gateway (with HTTP-poll fallback). Native Windows service + MSI installer, plus .deb/.rpm and ARM64 builds. See agent/README.md.
Fleet Management — Agent inventory, connection status, approval queue, rollouts, LAN auto-discovery (UDP), and command queue
Windows Desktop Agent — Native Windows service plus an optional desktop app: WebView2 console, system-tray controls, and a guided pairing wizard for one-click enrollment
Agent Enrollment — Two ways to adopt a server: a secure short-code pairing flow (type a rotating code + passphrase into the panel and verify the key fingerprint) or a pre-shared registration token; host credentials are stored AES-GCM-encrypted. See docs/pairing.md
Fleet Monitor — Cross-server heatmaps, metric comparison charts, alert thresholds, anomaly detection, and capacity forecasting
Agent Plugins — Extensible plugin system with capabilities, permissions, and per-server installation
Server Templates — Configuration templates with compliance tracking, drift detection, and auto-remediation
Remote Docker — Agent-backed Docker operations for connected servers; remote app/site deployment is still evolving
API Key Rotation — Secure credential rotation with acknowledgment handshake
Cross-Server Metrics — Historical metrics with comparison charts and retention policies
📊 Monitoring & Alerts
Real-time Metrics — CPU, RAM, disk, network monitoring via WebSocket
Uptime Tracking — Historical server uptime data and visualization
Status Pages — Public status pages with HTTP/TCP/DNS/Ping health checks, component monitoring, and incident management
Notifications — Discord, Slack, Telegram, email (HTML templates), and generic webhooks
Per-User Preferences — Individual notification channels, severity filters, and quiet hours
👥 Team & Access Control
Multi-User — Admin, developer, and viewer roles with team invitations
Workspaces — Multi-tenant workspace isolation with quotas and member management
RBAC — Granular per-feature permissions (read/write per module)
SSO & OAuth — Google, GitHub, OpenID Connect, and SAML 2.0 with account linking
Audit Logging — Track all user actions with detailed activity dashboard
API Keys — Tiered API keys (standard/elevated/unlimited) with rate limiting, usage analytics, and OpenAPI documentation
Webhook Subscriptions — Event-driven webhooks with HMAC signatures, retry logic, and custom headers
🎨 Customization
Sidebar Presets — Switch between Full, Web Hosting, Email Admin, DevOps, and Minimal views with one click
Collapsible Navigation — Sidebar groups auto-expand on navigation and collapse when switching sections
Accent Colors — 8 preset accent colors plus custom hex picker
Custom Branding — White-label the sidebar with your own logo, brand name, or full-width banner
Dashboard Widgets — Toggle and reorder dashboard widgets to fit your workflow
🚀 Quick Start
⏱️ Up and running in under 2 minutes
Option 1: One-Line Install (Recommended)
curl -fsSL https://serverkit.ai/install.sh | bashWorks on Ubuntu 22.04+, Debian 12+, Fedora, and RHEL/Rocky/AlmaLinux 9+. Sets up everything automatically.
Option 2: Docker
git clone https://github.com/jhd3197/ServerKit.git
cd ServerKit
cp .env.example .env # then edit .env with your secrets
docker compose up -d # access at http://localhostOption 3: Manual Installation
See the Installation Guide for step-by-step instructions.
Requirements
| Minimum | Recommended | |
|---|---|---|
| OS | Ubuntu 22.04 LTS | Ubuntu 24.04 LTS |
| CPU | 1 vCPU | 2+ vCPU |
| RAM | 1 GB | 2+ GB |
| Disk | 10 GB | 20+ GB |
| Docker | 24.0+ | Latest |
📸 Screenshots
View More Screenshots
🏗️ Architecture
┌──────────────────┐
│ INTERNET │
└────────┬─────────┘
│
▼
┌──────────────────────────────────────────────────────────────────────────┐
│ YOUR SERVER │
│ │
│ ┌─────────────────────────────────────────────────────────────────────┐ │
│ │ NGINX (Reverse Proxy) │ │
│ │ :80 / :443 │ │
│ │ │ │
│ │ app1.com ──┐ app2.com ──┐ api.app3.com ──┐ │ │
│ └───────────────┼─────────────────┼─────────────────────┼─────────────┘ │
│ │ proxy_pass │ proxy_pass │ proxy_pass │
│ ▼ ▼ ▼ │
│ ┌─────────────────────────────────────────────────────────────────────┐ │
│ │ DOCKER CONTAINERS │ │
│ │ │ │
│ │ ┌───────────┐ ┌───────────┐ ┌───────────┐ │ │
│ │ │ WordPress │ │ Flask │ │ Node.js │ ... │ │
│ │ │ :8001 │ │ :8002 │ │ :8003 │ │ │
│ │ └─────┬─────┘ └───────────┘ └───────────┘ │ │
│ └──────────┼──────────────────────────────────────────────────────────┘ │
│ │ │
│ ▼ │
│ ┌─────────────────────────────────────────────────────────────────────┐ │
│ │ DATABASES │ │
│ │ MySQL :3306 PostgreSQL :5432 Redis :6379 │ │
│ └─────────────────────────────────────────────────────────────────────┘ │
└──────────────────────────────────────────────────────────────────────────┘View Full Architecture Documentation → — Request flow, template system, port allocation, database linking, and troubleshooting.
🗺️ Roadmap
- [x] Core infrastructure — Flask + React + JWT + WebSocket
- [x] Application management — PHP, Python, Node.js, Docker
- [x] Domain & SSL — Nginx virtual hosts, Let's Encrypt
- [x] Databases — MySQL, PostgreSQL
- [x] File & FTP management
- [x] Monitoring & alerts — Metrics, webhooks, uptime tracking
- [x] Security — 2FA, ClamAV, file integrity, Fail2ban, Lynis
- [x] Firewall — UFW/firewalld integration
- [x] Multi-server monitoring — Go agent, centralized dashboard
- [x] Git deployment — Webhooks, auto-deploy, rollback, zero-downtime
- [x] Backup & restore — S3, Backblaze B2, scheduled backups
- [x] Email server — Postfix, Dovecot, DKIM/SPF/DMARC, Roundcube
- [x] Team & permissions — RBAC, invitations, audit logging
- [x] API enhancements — API keys, rate limiting, OpenAPI docs, webhook subscriptions
- [x] SSO & OAuth — Google, GitHub, OIDC, SAML
- [x] Database migrations — Flask-Migrate/Alembic, versioned schema
- [x] Agent fleet management — Version rollouts, approval queue, discovery, command queue
- [x] Cross-server monitoring — Fleet heatmaps, comparison charts, anomaly detection, capacity forecasting
- [ ] Remote app/site deployment through connected agents
- [x] Agent plugin system — Extensible agent with capabilities, permissions, per-server install
- [x] Server templates & config sync — Drift detection, compliance dashboards, auto-remediation
- [x] Multi-tenancy — Workspaces with quotas, member management, isolation
- [x] DNS zone management — Full record management with propagation checking
- [x] Status pages — Public status pages with health checks, incident management
- [x] Cloud provisioning — DigitalOcean, Hetzner, Vultr, Linode with cost tracking
- [x] Customizable sidebar — Collapsible groups, view presets, accent colors, white-label branding
Full details: ROADMAP.md
📖 Documentation
| Document | Description |
|---|---|
| Architecture | System design, request flow, diagrams |
| Installation Guide | Complete setup instructions |
| Deployment Guide | CLI commands and production deployment |
| Agent | Install & run the multi-server agent (Linux/Windows/macOS) |
| Agent Pairing | Secure short-code agent enrollment |
| API Reference | REST API endpoints |
| Changelog | Release history and notable changes |
| Roadmap | Development roadmap and planned features |
| Contributing | How to contribute |
🧱 Tech Stack
| Layer | Technology |
|---|---|
| Backend | Python 3.11, Flask, SQLAlchemy, Flask-SocketIO, Flask-Migrate |
| Frontend | React 18, Vite, SCSS, Recharts |
| Database | SQLite / PostgreSQL |
| Web Server | Nginx, Gunicorn (GeventWebSocket) |
| Containers | Docker, Docker Compose |
| Security | ClamAV, Lynis, Fail2ban, TOTP (pyotp), Fernet encryption |
| Auth | JWT, OAuth 2.0, OIDC, SAML 2.0 |
| Postfix, Dovecot, SpamAssassin, Roundcube | |
| Agent | Go (multi-server), HMAC-SHA256, WebSocket |
🤝 Contributing
Contributions are welcome! Please read CONTRIBUTING.md first.
fork → feature branch → commit → push → pull requestPriority areas: Cloud provider integrations, marketplace extensions, UI/UX improvements, documentation, test coverage.
💬 Community
Join the Discord to ask questions, share feedback, or get help with your setup.