Documentation

Configuration

The main configuration file is proxystack.json in the ProxyStack root folder.

Structure

{
  "settings": {
    "httpPort": 80,
    "httpsPort": 443,
    "serverAdmin": "admin@localhost",
    "environment": "development"
  },
  "sites": [...],
  "apps": [...],
  "security": {...},
  "sentinel": {...}
}

Settings File

GUI-specific settings are stored separately in proxystack.settings.json:

{
  "autoStartApache": true,
  "alertsEnabled": true,
  "slackWebhook": "https://hooks.slack.com/services/...",
  "alertEmail": "alerts@example.com"
}

Environment Profiles

Store profiles in profiles/ folder:

profiles/proxystack.development.json
profiles/proxystack.staging.json
profiles/proxystack.production.json

Switch profiles from the Security tab using the Environment dropdown.

Site Configuration

Reverse Proxy Site

{
  "domain": "app.example.com",
  "proxy": {
    "target": "http://localhost:3000",
    "timeout": 60,
    "websocket": true
  },
  "ssl": {
    "enabled": true,
    "cert": "certs/app.example.com-crt.pem",
    "key": "certs/app.example.com-key.pem"
  },
  "redirectHttpToHttps": true
}

Static Site with SPA Fallback

{
  "domain": "static.example.com",
  "documentRoot": "sites/my-react-app/build",
  "spaFallback": true,
  "ssl": { "enabled": true, "cert": "...", "key": "..." }
}

Hybrid Site (Static + Proxy Routes)

{
  "domain": "hybrid.example.com",
  "documentRoot": "sites/frontend",
  "spaFallback": true,
  "proxyRoutes": [
    { "path": "/api", "target": "http://localhost:8000" },
    { "path": "/ws", "target": "ws://localhost:8001", "websocket": true }
  ],
  "ssl": { "enabled": true, "cert": "...", "key": "..." }
}

All paths in proxystack.json are relative to the ProxyStack root folder. Use forward slashes: certs/cert.pem, not C:\ProxyStack\certs\cert.pem.

Site Fields

Field	Type	Description
`domain`	string	Primary domain name
`aliases`	string[]	Additional domain aliases
`proxy`	object	Main reverse proxy target
`documentRoot`	string	Static file directory
`proxyRoutes`	array	Per-path proxy routes
`ssl`	object	SSL certificate configuration
`redirectHttpToHttps`	bool	Auto-redirect HTTP to HTTPS
`spaFallback`	bool	Serve index.html for non-file routes

App Configuration

{
  "apps": [
    {
      "name": "My API",
      "command": "npm run dev",
      "workingDirectory": "apps/my-api",
      "port": 3000,
      "autoStart": true,
      "autoRestart": true,
      "subProcesses": [
        {
          "name": "Supabase",
          "command": "npx supabase start",
          "workingDirectory": null,
          "port": 54321,
          "autoStart": true
        }
      ]
    }
  ]
}

Sub-Processes

Field	Type	Description
`name`	string	Display name
`command`	string	Command to run
`workingDirectory`	string?	Working directory (inherits from parent if null)
`port`	int	Port the sub-process listens on (0 if N/A)
`autoStart`	bool	Start automatically with parent app

All commands are launched with echo y | piped to stdin and npm_config_yes=true set in the environment to auto-accept prompts. Sub-processes start before the main command and are killed together when the app is stopped.

SSL & Certificates

Let's Encrypt (Free Certificates)

Go to Certs tab
Click "Let's Encrypt"
Enter your domain and email
ProxyStack stops Apache, runs win-acme for HTTP-01 validation, then restarts Apache
Certificate files are saved to certs/

Your domain's DNS must point to this server, and port 80 must be accessible from the internet for HTTP-01 validation.

Self-Signed Certificates

Use the "Generate Self-Signed" option in the Certs tab. ProxyStack uses the bundled OpenSSL to create a certificate and key pair. Useful for local development.

Auto-Detection

When a site has SSL enabled but empty cert/key paths, ProxyStack automatically scans certs/ for matching files based on the domain name. Supported naming patterns:

Cert: {domain}-crt.pem, {domain}-cert.pem, {domain}.crt, {domain}-fullchain.pem
Key: {domain}-key.pem, {domain}.key, {domain}-privkey.pem
Chain: {domain}-chain.pem, {domain}-chain-only.pem

Docker Integration

The Docker tab provides comprehensive container management (requires Docker Desktop).

Container Management

View all containers (running and stopped) with status, ports, and image info
Start, stop, restart, and remove containers
View container logs with real-time streaming
Inspect container details (full JSON configuration)
Execute commands in running containers

Image Management

Pull Docker images with progress indicators
List local images with size and tag info
Remove unused images

Docker Compose

Compose Up/Down for multi-service deployments
Select any docker-compose.yml file

Container Templates

One-click deploy for common services: NGINX, Apache, Caddy, PostgreSQL, MySQL, MongoDB, Redis, Node.js, Python, Go, Adminer, pgAdmin.

Resource Monitoring

Real-time CPU usage, memory consumption, network I/O, and disk usage per container.

Portable PostgreSQL

ProxyStack can manage a portable PostgreSQL instance without Docker.

First Time Setup

Click "Start PostgreSQL" in the Docker tab
If not installed, you'll be prompted to download (~300 MB)
PostgreSQL extracts to postgres/ automatically
Database initializes on first run

Paths

Path	Description
`postgres/pgsql/bin/`	PostgreSQL binaries
`postgres/data/`	Database data directory
`postgres/data/log/`	PostgreSQL logs

Database Console

Go to Advanced tab → Database Console. Enter connection details and execute SQL queries directly from the GUI.

Security Features

{
  "security": {
    "enableHSTS": true,
    "enableXFrameOptions": true,
    "enableXContentTypeOptions": true,
    "enableXXSSProtection": true,
    "ipWhitelist": ["192.168.1.0/24"],
    "ipBlacklist": ["10.0.0.5"]
  }
}

Security Headers

ProxyStack automatically adds security headers to all HTTPS responses: X-Content-Type-Options, X-Frame-Options, and Referrer-Policy. Additional headers (HSTS, XSS Protection) can be enabled in the Security tab.

IP Access Control

Configure IP whitelists and blacklists to restrict access to your sites.

Encrypted Secrets Vault

The Secrets & Tools tab provides an encrypted vault for storing sensitive values like API keys, database passwords, and tokens.

Auto-Start on Boot

Enable "Start ProxyStack with Windows" and "Auto-start Apache" in the Security tab to run ProxyStack as a background service.

REST API Reference

Enable the API from Security tab → "Enable REST API (port 9090)".

Endpoints

Method	Endpoint	Description
GET	`/api/status`	Apache status and version
GET	`/api/health`	Health check for all services
GET	`/api/config`	Configuration summary
GET	`/api/sites`	List all configured sites
GET	`/api/apps`	List all configured apps
POST	`/api/apache/start`	Start Apache
POST	`/api/apache/stop`	Stop Apache
POST	`/api/apache/restart`	Restart Apache
GET	`/api/certs`	SSL certificate status
GET	`/api/metrics`	Performance metrics
POST	`/api/backup`	Trigger manual backup
GET	`/api/plugins`	List installed plugins

Authentication

For production use, enable API key authentication in the Production tab. Include the header X-API-Key: your-key with all requests.

Usage Examples

# PowerShell
Invoke-RestMethod -Uri "http://localhost:9090/api/status"
Invoke-RestMethod -Uri "http://localhost:9090/api/apache/restart" -Method POST

# curl
curl http://localhost:9090/api/health
curl -X POST http://localhost:9090/api/apache/restart

# Node.js
const res = await fetch('http://localhost:9090/api/status');
const status = await res.json();

Error Handling

All endpoints return JSON. Errors include an error field. HTTP status codes: 200 (success), 401 (unauthorized), 404 (not found), 500 (internal error).

Alerts & Notifications

Supported Channels

Channel	Setup
Slack	Enter Slack Incoming Webhook URL in Security tab
Email	Configure SMTP settings in `proxystack.settings.json`

Alert Types

Service Down — Sent when Apache, PostgreSQL, or an app stops responding
Service Up — Sent when a service recovers
SSL Expiry — Warning when certificates approach expiration

Cooldown

Default 5-minute cooldown prevents alert spam for flapping services. Each service has an independent cooldown timer.

Plugins

Extend ProxyStack with plugins from the Plugin Marketplace (Advanced tab).

Managing Plugins

Go to Advanced tab → Plugin Marketplace
Click "Install Plugin" to add a new plugin
Click "Configure" to set up plugin-specific settings
Reload Apache config to apply plugin changes

Plugin Configuration

Plugin configs are stored as JSON files in the plugins/ directory. Each plugin has its own configuration schema.

Team & Roles

The Team tab supports multi-user access with role-based permissions.

User Roles

Role	Permissions
Admin	Full access to all features
Developer	Manage sites, apps, and configuration
Operator	Start/stop services, view logs
Viewer	Read-only access

Audit Log

All actions (site changes, config updates, service starts/stops) are recorded in the audit log with timestamp, user, action, and details. Stored in team.json.

GUI Tabs Overview

Tab	Purpose
Dashboard	Start/Stop Apache, status cards, quick actions, update checker
Logs	Real-time Apache access and error log viewer
Config	Edit proxystack.json directly, validate configuration
Sites	Add/edit/remove domains, proxy targets, SSL settings
Certs	SSL certificate management, Let's Encrypt, self-signed generation
Apps	Backend process manager with sub-processes
Docker	Container management, Compose, PostgreSQL, templates
Monitor	CPU/RAM/Disk monitoring, service health checks
Security	Headers, IP lists, REST API, auto-start, environment profiles
Secrets & Tools	Encrypted vault, Port Scanner
Production	Backups, rate limiting, SSL expiry monitoring, remote management
Team	Users, roles, audit log
Observability	Request tracing, metrics, service dependency graph
Advanced	Rewriting, caching, API gateway, plugins, database console

File Locations

File/Folder	Purpose
`proxystack.json`	Main configuration
`proxystack.settings.json`	GUI settings
`team.json`	Users and audit log
`plugins.json`	Installed plugins list
`config/httpd.conf`	Generated Apache config
`config/vhosts.conf`	Generated virtual hosts
`certs/`	SSL certificates
`logs/`	Apache and application logs
`backups/`	Configuration backups
`profiles/`	Environment profiles
`sites/`	Static site files
`plugins/`	Plugin configuration files
`postgres/`	Portable PostgreSQL (Full edition)
`apache/`	Bundled Apache binaries
`win-acme/`	Let's Encrypt ACME client
`sentinel/`	SentinelAI agent files

Troubleshooting

Apache won't start

Check port conflict: netstat -ano | findstr :80
Click "Validate" to check configuration
Review logs/error.log
Verify all certificate paths exist

Apache won't stop

Run ProxyStackGUI.exe as Administrator
Manual kill: taskkill /F /IM httpd.exe

Let's Encrypt fails

Verify DNS points to this server: nslookup yourdomain.com
Ensure port 80 is open in Windows Firewall
Check for rate limiting (wait 1 hour)
ProxyStack auto-stops Apache during validation; ensure no other process holds port 80

Docker not found

Start Docker Desktop and wait 30-60 seconds
Verify: docker --version and docker ps

PostgreSQL won't start

Check port 5432: netstat -ano | findstr :5432
Verify postgres/pgsql/bin/pg_ctl.exe exists
Check postgres/data/log/ for errors

REST API not responding

Ensure GUI is running with API enabled (Security tab)
Check port 9090 is not blocked
Test: curl http://localhost:9090/api/status

Logs Location

Apache access log: logs/access.log
Apache error log: logs/error.log
Per-site logs: logs/{domain}-access.log, logs/{domain}-error.log
PostgreSQL: postgres/data/log/

Contents