╔══════════════════════════════════════════════════════════════════╗
║ 27,375 lines of Go · 49 API handlers · 59 database tables ║
║ 38,894 lines of TypeScript · 66 React pages · 40 routes ║
║ 4 CI/CD workflows · amd64 + arm64 + armv7 · 0 runtime deps ║
╚══════════════════════════════════════════════════════════════════╝
|
One-line (recommended) curl -fsSL https://raw.githubusercontent.com/\
KenyanRedwoods01/Orbit/main/install.sh \
| sudo bash |
Docker docker run -d --name orbit \
-p 5000:5000 \
-v /var/run/docker.sock:/var/run/docker.sock \
-v orbit-data:/data \
--cap-add CAP_NET_ADMIN \
--cap-add CAP_SYS_PTRACE \
ghcr.io/kenyanredwoods01/orbit:latest |
From source git clone https://github.com/KenyanRedwoods01/Orbit
cd Orbit
make build
sudo ./orbit |
Open
http://localhost:5000— setup wizard runs automatically on first boot.
| Metric | Live | |
|---|---|---|
| ⭐ | Stars |  |
| 🍴 | Forks |  |
| 👥 | Contributors |  |
| 👁 | Watchers |  |
| 🐛 | Open issues |  |
| ✅ | Closed issues |  |
| 🔀 | Open PRs |  |
| 📦 | Latest release |  |
| 📅 | Last commit |  |
| 🔥 | Commits/month |  |
| 💾 | Repo size |  |
| 📝 | Code size |  |
| 🏷️ | Release date |  |
| 🌐 | Top language |  |
┌─────────────────────────────────────────────────────────────────────────────┐
│ ORBIT v0.1.0 │
│ Single Go binary · Port 5000 · Zero deps │
├───────────────────────┬─────────────────────────┬───────────────────────────┤
│ React 18 SPA │ Go 1.22 HTTP/2 API │ Persistence Layer │
│ TypeScript 5 │ │ │
│ 38,894 lines │ 49 handlers │ SQLite (WAL mode) │
│ 66 pages / 40 routes│ 27,375 lines │ 59 tables │
│ Zustand stores │ WebSocket hub │ BoltDB ring buffer │
│ Custom SVG icons │ JWT + TOTP auth │ 24h metric history │
│ Dark + Light theme │ Audit middleware │ /var/lib/orbit/ │
└───────────────────────┴─────────────────────────┴───────────────────────────┘
│
┌─────────────────┴──────────────────┐
▼ ▼
Unix socket MCP Prometheus /metrics
/run/orbit/mcp.sock Grafana-scrapable
AI agent access 40+ labeled metrics
github.com/BurntSushi/toml v1.3.2 — config file parsing
github.com/golang-jwt/jwt/v5 v5.2.1 — JWT auth tokens
github.com/gorilla/websocket v1.5.1 — WebSocket hub
github.com/mattn/go-sqlite3 v1.14.22 — SQLite (CGO)
github.com/shirou/gopsutil/v3 v3.24.2 — OS metrics
go.etcd.io/bbolt v1.3.9 — BoltDB metric ring
golang.org/x/crypto v0.21.0 — bcrypt + SSH + TOTP
github.com/creack/pty v1.1.24 — real PTY sessions
8 direct dependencies. No Kubernetes. No Docker daemon. No Node runtime.
No other open-source server panel manages all four of these tools. Not Webmin. Not Cockpit. Not HestiaCP. Not Coolify. Not Portainer.
|
CrowdSec Status · alerts · decisions bouncers · LAPI · hub collections · config allowlists · install |
Fail2ban All jails · ban/unban per-jail stats · log parse config read/write filter list · sqlite3 |
Suricata Rule management alert stream · interfaces stats · socket control eve.json tail |
Wazuh Agent status · alerts rules · decoder config · service control log analysis |
Plus: UFW firewall (1,641 lines — largest handler) with NAT/port-forward, custom chains, real-time log stream, app profiles, jail integration.
All 49 handlers with exact line counts — click to expand
| Handler | Lines | What it does |
|---|---|---|
firewall.go |
1,641 | UFW exec, NAT, port-forward, app profiles, jails, real-time log WS |
database.go |
1,471 | MySQL/Postgres/Redis/SQLite/MongoDB/MariaDB, queries, users, stats |
multiserver.go |
1,426 | SSH exec to remote fleet, server groups, bulk commands |
uptime.go |
1,384 | HTTP/TCP monitors, incident tracking, background polling goroutine |
settings_extended.go |
1,173 | 7 categories: appearance, auth policy, notif config, backup config |
suricata.go |
1,031 | Rule mgmt, alert stream, interface config, stats, socket |
wazuh.go |
1,020 | Agent status, alerts, rules, decoder, config |
apps.go |
1,019 | Application install/remove/status/control |
ports.go |
970 | ss + iptables + /proc/net, risk scoring, service name lookup |
filesystem.go |
872 | Browse/read/write/upload/download/chmod/chown/compress/extract/hex |
webserver.go |
835 | Nginx site CRUD, config read/write, SSL, performance, reload |
crowdsec.go |
738 | cscli + LAPI, alerts, decisions, bouncers, hub, collections |
logs.go |
711 | journalctl tail, /var/log scan, WS stream, log-level parse, search |
fail2ban.go |
700 | fail2ban-client, jails, ban/unban, log parse, config, filter list |
ssh.go |
691 | Key vault (Ed25519+RSA gen), saved hosts, snippets, port-forward |
containers.go |
680 | Docker socket — list/start/stop/remove, images, volumes, stats WS |
server.go |
675 | HTTP/WS router, middleware chain, graceful shutdown, route groups |
pipelines.go |
674 | CI/CD stages, env vars, runs, approval gates, cancel, shell exec |
github_actions.go |
672 | GitHub API — workflows, runs, logs, dispatch, HMAC webhook |
plugins.go |
501 | Plugin registry CRUD, install/remove hooks |
notifications.go |
475 | SMTP + Slack + webhook, channel CRUD, test, event history |
certificates.go |
451 | Self-signed gen, certbot Let's Encrypt, expiry check |
ftp.go |
423 | FTP user management, quotas, config |
security.go |
417 | sshd_config audit, open ports, apt vuln scan |
processes.go |
397 | gopsutil list, kill, renice, detail (FDs/env/threads/CWD) |
cron.go |
390 | Scheduler goroutine, job CRUD, history, run-now |
deploy.go |
362 | Webhook CRUD, HMAC verify, shell exec, log capture |
totp.go |
355 | RFC 6238, QR code, backup codes, separate login route |
openapi.go |
351 | OpenAPI 3.1 spec, embedded Swagger UI at /api/docs |
backup.go |
347 | Scheduler goroutine, tar+gzip, run history |
audit.go |
334 | Every mutation: user/method/path/status/IP/body SHA-256 |
alert_rules.go |
295 | Threshold rules, eval on WS tick, dispatch notification |
metrics.go |
291 | WS hub, snapshot broadcast, BoltDB history, summary |
agent.go |
284 | Remote agent: register/heartbeat/metrics-push, staleness |
services.go |
272 | systemctl exec — start/stop/restart/enable/disable, journal WS |
users.go |
229 | User CRUD, roles (admin/viewer), password change |
ssh_collab.go |
208 | Shared terminal sessions, invite tokens, participant management |
prometheus.go |
179 | 40+ metrics: CPU times, IOPS, await_ms, packets, drops |
mcp.go |
158 | Token CRUD, scopes, SHA-256 hash, last-used, audit |
sysinfo.go |
143 | OS/kernel/distro, logged-in users, pending updates |
setup.go |
116 | First-boot wizard, admin creation, config write |
terminal.go |
104 | creack/pty PTY session, xterm-256color, resize protocol |
auth.go |
77 | JWT issue/validate, bcrypt compare, HttpOnly cookie |
settings.go |
69 | Settings key/value read/write |
middleware.go |
44 | requireAuth, CORS, rate-limit |
static.go |
38 | Embedded SPA serve, SPA catch-all fallback |
helpers.go |
37 | Shared exec helpers, shell sanitize |
filesystem_unix.go |
21 | Unix-specific FS helpers |
suricata_socket.go |
15 | Suricata Unix socket I/O |
Total: 27,375 lines across 49 handlers
All 59 tables by domain — click to expand
| Domain | Tables |
|---|---|
| Auth | users · sessions · totp_backup_codes · api_tokens |
| Firewall | fw_rules · fw_nat_rules · fw_state · fw_app_profiles · fw_jails · fw_banned_ips · fw_logs |
| Deploy | deploy_hooks · deploy_log · pipelines · pipeline_stages · pipeline_envs · pipeline_runs · pipeline_stage_runs |
| GitHub | git_settings · git_workflows · git_runs · git_run_logs |
| Monitoring | alert_rules · alert_events · server_alerts |
| Uptime | uptime_monitors · uptime_events · uptime_incidents |
| SSH | ssh_keys · ssh_saved · ssh_sessions · ssh_snippets · ssh_port_forwards · ssh_recordings · ssh_collab_sessions · ssh_collab_participants |
| Fleet | managed_servers · server_groups · server_group_members · server_commands · agents · agent_metrics |
| System | cron_jobs · cron_history · backup_configs · backup_runs · ftp_users · ftp_quotas · certs |
| Apps | server_apps · plugins |
| Database | database_connections · db_query_history |
| Security | mcp_tokens · mcp_audit · audit_log |
| Notifications | notification_channels · notification_events |
| Config | settings |
| Orbit | Webmin | Cockpit | Coolify | Portainer | HestiaCP | |
|---|---|---|---|---|---|---|
| Single binary, no runtime | ✅ Go | ❌ Perl | ❌ C | ❌ PHP | ❌ Node | ❌ PHP |
| Modern React UI | ✅ | ❌ | ✅ | ✅ | ❌ | |
| Dark + light theme | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ |
| CrowdSec full management | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
| Fail2ban full management | ✅ | ❌ | ❌ | ❌ | ||
| Suricata management | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
| Wazuh management | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
| Prometheus /metrics export | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
| MCP / AI agent access | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
| Database manager (6 engines) | ✅ | ❌ | ❌ | ❌ | ||
| GitHub Actions integration | ✅ | ❌ | ❌ | ✅ | ❌ | ❌ |
| SSH collaboration sessions | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
| CI/CD pipelines | ✅ | ❌ | ❌ | ✅ | ❌ | ❌ |
| Docker containers | ✅ | ✅ | ✅ | ✅ | ❌ | |
| systemd services | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ |
| Cron + backup scheduler | ✅ | ✅ | ❌ | ❌ | ❌ | ✅ |
| Full audit log (SHA-256) | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
| TOTP 2FA (RFC 6238) | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ |
| OpenAPI 3.1 spec | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ |
| One-line install | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ |
Push to main ──► ci.yml golangci-lint · go vet · govulncheck
npm audit · TypeScript check · build test
concurrency: cancel-in-progress ✓
Tag v*.*.* ───► release.yml GoReleaser cross-compile (CGO):
orbit_linux_{amd64,arm64,armv7}.tar.gz
orbit_linux_{amd64,arm64}.{deb,rpm}
ghcr.io/kenyanredwoods01/orbit (multi-arch)
SHA256SUMS + signature
► pages.yml Docs site → GitHub Pages (auto)
► security.yml govulncheck + nancy dependency scan
| Layer | Implementation |
|---|---|
| Authentication | JWT HS256 · bcrypt cost 12 · HttpOnly secure cookie |
| 2FA | TOTP RFC 6238 · QR code generation · backup codes |
| Sessions | SQLite-persisted · expiry-aware · revocable |
| Process isolation | Dedicated orbit system user · no login shell |
| Capabilities | CAP_NET_ADMIN + CAP_SYS_PTRACE only — all others dropped |
| Audit trail | Every POST/PUT/PATCH/DELETE: user · method · path · status · IP · body SHA-256 |
| MCP tokens | Scoped · SHA-256 stored · last-used timestamp · revocable |
| Dependency scanning | govulncheck + nancy on every push |
| Disclosure | 72h acknowledgment · 7-day resolution · GitHub Security Advisories |
Report a vulnerability: GitHub Security Advisories — never open a public issue for security bugs.
# Create a scoped token
curl -X POST http://localhost:5000/api/mcp/tokens \
-H "Authorization: Bearer $ORBIT_JWT" \
-d '{"name":"claude-agent","scope":"read"}'
# Agent lists available tools
GET /api/mcp/tools
# Agent executes a tool
POST /api/mcp/execute {"tool":"get_metrics","token":"orb_read_..."}| Scope | Access |
|---|---|
read |
Metrics, logs, processes, ports, uptime status |
deploy |
Trigger hooks, run pipelines, view deployments |
admin |
Full read + write on all endpoints |
Every MCP execution is audit-logged: token ID · tool · params hash · status · timestamp.
# /etc/orbit/orbit.toml
[server]
port = 5000 host = "0.0.0.0" tls = false
[database]
path = "/var/lib/orbit/orbit.db"
[metrics]
retention = "24h" interval = "2s"
[auth]
jwt_secret = "" session_ttl = "24h" totp_enabled = true
[prometheus]
enabled = true path = "/metrics" token_required = false
[mcp]
socket = "/run/orbit/mcp.sock" tcp = false tcp_port = 5001Orbit/
├── cmd/orbit/ main.go · cli.go
├── internal/
│ ├── api/ 49 handlers — 27,375 lines
│ ├── collector/ gopsutil: CPUTimes/Memory/DiskIOPS/NetPackets/Load
│ ├── db/ 59-table SQLite schema + migrations
│ └── modules/ domain modules
├── web/src/
│ ├── pages/ 66 React 18 TypeScript pages — 38,894 lines
│ ├── components/ Modal · Toast · DataTable · StatCard · StatusBadge
│ ├── lib/api.ts 80+ typed fetch functions
│ ├── hooks/ useWebSocket · useMetricsStream
│ └── store/ Zustand: auth · toast
├── packaging/ Dockerfile · orbit.service · postinstall.sh
├── deploy/nginx/ reverse proxy config
├── docs/ GitHub Pages — 7 documentation pages
├── .github/workflows/ ci.yml · release.yml · pages.yml · security.yml
├── goreleaser.yml amd64/arm64/armv7 · deb/rpm/Docker
├── install.sh one-line installer
├── SECURITY.md
├── CHANGELOG.md
└── LICENSE AGPL-3.0
| 🚀 Installation | ⚙️ Configuration | 📡 API Reference |
| 🤖 MCP Guide | 🔁 GitHub Actions | 🔐 Security |
| 🤝 Contributing | 📋 Changelog | 🌐 Swagger UI |
git clone https://github.com/KenyanRedwoods01/Orbit && cd Orbit
go run ./cmd/orbit --dev --port 5000 # backend (Go 1.22+, CGO)
cd web && npm install && npm run dev # frontend (Node 20+, :5173)
Sponsors get: priority issue responses · name in CHANGELOG · company logo in README ($100+/mo)
◎ ORBIT — Go + React · AGPL-3.0 · kenyanredwoods01.github.io/Orbit
A ⭐ star takes 3 seconds and helps more people find this project.