Common questions about ProxyStack, configuration, SSL, Docker, and more.
ProxyStack is a portable Windows web stack that bundles Apache (TLS reverse proxy), an app runner, Docker management, PostgreSQL, SSL certificate management, and SentinelAI security monitoring into a single portable ZIP. It provides a modern GUI with 14 tabs for managing all aspects of your web infrastructure. No installation required — extract and run.
ProxyStack runs on Windows 10 and Windows 11. It requires .NET 8 Runtime (included in the portable ZIP). The GUI is a native Windows Forms application.
ProxyStack is available in two editions: Full (~210 MB, includes PostgreSQL) and Lite (~170 MB, without PostgreSQL). Contact IAVC Holdings for licensing information.
No. ProxyStack is fully portable. Extract the ZIP to any folder and run ProxyStackGUI.exe. All configuration, certificates, logs, and data are stored within the ProxyStack folder. You can move it to a USB drive or another machine.
Full Edition includes everything: Apache, PostgreSQL, win-acme, OpenSSL, SentinelAI agent, templates, and documentation. Lite Edition is the same but without the bundled PostgreSQL binaries (you can still auto-download PostgreSQL from the GUI if needed).
Click "Check for Updates" on the Dashboard. If a new version is available, click "Download & Install". The updater automatically preserves your configuration, certificates, logs, backups, and other user data while updating binaries and system files.
ProxyStack generates Apache virtual host configurations from your proxystack.json settings. Each site can be a reverse proxy (forwarding to a backend like Node.js, Python, etc.), a static file server, or a hybrid of both. Apache handles TLS termination, WebSocket proxying, and HTTP/HTTPS routing.
Yes. Add multiple sites in the Sites tab, each with its own domain and proxy target. ProxyStack generates separate virtual hosts for each domain. You can also define per-path proxy routes within a single site (e.g., /api goes to one backend, /ws goes to another).
Yes. Enable the WebSocket option on any site or proxy route. ProxyStack configures Apache's mod_proxy_wstunnel with proper upgrade headers for WebSocket connections.
Yes. Set both a documentRoot and proxyRoutes on a site. Static files are served from the document root, while specific paths are proxied to backends. Enable spaFallback for single-page applications that need index.html served for all non-file routes.
Common causes: (1) Port 80 or 443 is already in use by another application — check with netstat -ano | findstr :80. (2) Configuration error — click "Validate" in the GUI. (3) Missing or invalid SSL certificate paths. Check the Dashboard console and logs/error.log for details.
Go to the Certs tab, click "Let's Encrypt", enter your domain and email. ProxyStack uses the bundled win-acme ACME client to request a certificate via HTTP-01 validation. Apache is automatically stopped during validation (to free port 80) and restarted after.
Yes. The Certs tab has a "Generate Self-Signed" option that uses the bundled OpenSSL to create a certificate and key pair. Self-signed certs are useful for local development but will show browser warnings.
ProxyStack automatically detects matching certificate files in the certs/ folder based on the domain name. If it finds files like yourdomain.com-crt.pem and yourdomain.com-key.pem, it fills in the paths automatically and saves them to your configuration.
Certificates are stored in the certs/ folder within your ProxyStack directory. Win-acme generates PEM files named {domain}-crt.pem, {domain}-key.pem, and {domain}-chain.pem.
Win-acme creates a scheduled task for automatic renewal. You can also manually renew from the Certs tab. ProxyStack monitors certificate expiry dates and shows warnings in the Dashboard when certificates are approaching expiration.
The Apps tab lets you define backend applications (Node.js, Python, Go, etc.) that ProxyStack manages. You specify the command, working directory, and port. ProxyStack can auto-start apps, auto-restart on crash, and manage sub-processes.
Sub-processes are additional commands that run alongside your main app. For example, you might run npx supabase start as a sub-process alongside npm run dev. Sub-processes start before the main command and stop together when the app is stopped. All commands auto-accept prompts.
Yes. Define as many apps as you need in the Apps tab. Each runs as a separate process with its own working directory and port. ProxyStack tracks all running processes and provides start/stop controls for each.
No. Docker integration is optional. If Docker Desktop is installed and running, ProxyStack can manage containers, images, Compose projects, and networks through the Docker tab. Without Docker, all other features work normally.
Click "Start PostgreSQL" in the Docker tab. If PostgreSQL isn't installed, ProxyStack auto-downloads it (~300 MB) with a progress bar. PostgreSQL runs portably from the postgres/ folder — no system-wide installation needed. Data is stored in postgres/data/.
Yes. Go to the Advanced tab and open the Database Console. Enter your connection details (host, port, database, user) and execute SQL queries directly from the GUI. Results are displayed in a table format.
All configuration is stored in proxystack.json in the ProxyStack root folder. This file defines sites, apps, security settings, and SentinelAI configuration. You can edit it directly or use the GUI.
The auto-updater preserves: proxystack.json, proxystack.settings.json, certs/, logs/, backups/, profiles/, sites/, team.json, plugins.json, and postgres/data/. Only system binaries and templates are updated.
Click "Backup" on the Dashboard. ProxyStack creates a timestamped backup in the backups/ folder containing your configuration, settings, and team data. You can also manually copy proxystack.json.
Yes. Store profiles in the profiles/ folder (e.g., proxystack.development.json, proxystack.production.json). Switch between profiles from the Security tab's Environment dropdown.
ProxyStack includes: HSTS headers, X-Frame-Options, X-Content-Type-Options, XSS protection headers, IP whitelist/blacklist, REST API authentication, team-based access control (Admin, Developer, Operator, Viewer roles), encrypted secrets vault, and SentinelAI integration for endpoint security.
Yes. Enable it from the Security tab ("Enable REST API on port 9090"). Endpoints include: /api/status, /api/health, /api/config, /api/sites, /api/apps, /api/apache/start, /api/apache/stop, /api/apache/restart. API key authentication is available for production use.
ProxyStack includes a SentinelAI tab that connects to your SentinelAI dashboard for real-time security monitoring. You can view agents, threats, and security status directly from the ProxyStack GUI. The SentinelAI Windows agent can also be launched from ProxyStack.
ProxyStack can send alerts via Slack webhooks and email (SMTP) when services go down or health checks fail. Configure alert channels in the Security tab. Alerts have a 5-minute cooldown to prevent spam from flapping services.
ProxyStack has a Plugin Marketplace in the Advanced tab. Plugins extend functionality with features like authentication middleware, caching layers, rate limiting, and more. Install, configure, and manage plugins from the GUI.
Yes. The Advanced tab includes API versioning (/v1, /v2), path prefix routing, per-version rate limiting, request/response header rewriting, and URL rewriting rules.
The Observability tab provides request tracing, performance metrics, and a service dependency graph showing how your sites and backends are connected. Metrics can be exported via the Metrics Exporter plugin.
Yes. The Team tab supports multiple users with role-based access control: Admin (full access), Developer (manage sites/apps), Operator (start/stop services), and Viewer (read-only). All actions are logged in an audit trail.