Apache TLS reverse proxy, app runner, Docker management, SentinelAI integration, OWASP compliance, WAF, Zero Trust mTLS, secrets vault, compliance reporting, security scanner — 17 sidebar views in a modern dark-themed GUI. Unzip and run.
A complete development and production web stack that runs from any folder. No installation, no registry changes, no admin required.
Apache 2.4 reverse proxy with TLS 1.2/1.3, SNI multi-domain support, Let's Encrypt automation via bundled win-acme, self-signed cert generation with bundled OpenSSL. Auto-detects cert paths and generates vhost configs.
Start, stop, and monitor backend apps with health checks, auto-restart on crash, and multi-stage sub-processes. Run Supabase + npm dev simultaneously. Auto-accept prompts for npx/npm commands. Per-app environment variables.
Full Docker container management with Compose up/down, image pull, container logs. Portable PostgreSQL with one-click auto-install and progress bar. Database console for direct SQL queries. Supabase health monitoring.
Connect to your SentinelAI dashboard for 25+ real-time security monitors, 3-stage ML threat detection (local ML → heuristics → AI), ransomware canary files, fleet management, and remote agent commands.
10 automated checks against the OWASP Top 10 2025. Security score 0–100 with pass/fail breakdown per category. Color-coded OWASP cards for A01 through A10. Export compliance reports as CSV or TXT.
12 built-in rules covering SQL injection, XSS, path traversal, command injection, SSRF, and more. 3 modes: Detect Only, Block & Log, Block Silent. Custom rule editor with regex patterns. Export as ModSecurity .conf. Real-time threat log dashboard.
Quick Scan (11 checks) and Full Scan (18 checks) covering TLS config, headers, directory permissions, secrets exposure, network ports, containers, database security, and more. Severity breakdown: Critical, High, Medium, Low. Async scanning with progress bar. Results persisted and exportable.
DPAPI-encrypted key-value store (Windows CurrentUser scope). 8 categories: General, Database, API Key, OAuth, SSL/TLS, Cloud, Service, Internal. Reveal with 5-second auto-hide. Copy with 30-second clipboard auto-clear. One-click rotation with 32-char cryptographic random. Export as .env file. Backward compatible with legacy format.
4 frameworks: SOC2 Type II (9 controls), GDPR (6 articles), PCI-DSS v4.0 (8 requirements), HIPAA (5 safeguards). "All Frameworks" mode runs all 28 checks at once. Each check evaluates real config and provides evidence. Compliance score with pass/fail/N/A. Export as CSV or formatted TXT.
mTLS (mutual TLS) toggle with CA certificate generation (RSA 4096-bit, 10yr) and server certificate generation (RSA 2048-bit, 2yr) with auto-SAN from configured domains. Certificate-based auth policies: CN, OU, Issuer, Fingerprint, SAN match. Network segmentation zones with CIDR, port, and direction rules. Trust score 0–100. Export Apache .conf with SSLVerifyClient and SSLRequire directives.
Real-time CPU, RAM, and disk metrics. Request tracing with service dependency graph. P50/P95/P99 latency percentiles. Performance profiling and bottleneck detection. Custom alert thresholds with email and Slack notifications.
Multi-user RBAC with admin, editor, and viewer roles. Audit logging for all config changes. Share complete stack configs via .psxt templates (v1.1 bundles SSL certs as base64). Slack webhook notifications. Import creates missing site directories automatically.
Rate limiting per-IP and per-route. Geo-blocking by country code. Automated config backups with rotation. Load balancing across multiple backends. SSL certificate expiry monitoring with alerts. Remote management REST API for headless operation.
REST API for programmatic control. CLI tool and PowerShell module. VS Code extension for config editing. GitHub Actions deployment templates. 19 service blueprints (Next.js, Django, Flask, Express, etc.). Plugin marketplace with 6 official plugins.
Request/response rewriting with regex. HTTP caching layer with Redis support. API gateway with path-based versioning. Dark/light theme toggle. Auto-update system with SHA256 integrity verification and rollback. Classic UI mode via --classic flag.
From download to production in under 5 minutes.
Download the portable ZIP (~210 MB). Extract to any folder. No installer needed.
Run proxystack.exe. The modern dark-themed GUI opens with 17 sidebar views ready to use.
Configure domains, backends, and SSL certs from the Sites tab. Apache vhosts are auto-generated.
One click to start Apache. Your reverse proxy is live with TLS, security headers, and WAF protection.
Every feature accessible from a modern dark-themed control panel with instant navigation.
Unzip and run. No installation, no registry changes, no admin required. Built-in auto-updater keeps you current.
ProxyStack runs on any modern Windows machine with .NET 8.
Recent updates and improvements across all releases.
All previous releases available for download. We recommend always using the latest version.
| Version | Date | Highlights | Full | Lite |
|---|---|---|---|---|
| v11.5.0 (latest) | Feb 11, 2026 | Phase 11 Complete — Zero Trust, WAF, Scanner, Vault, Compliance | Download | Download |
| v11.2.0 | Feb 11, 2026 | OWASP Dashboard, WAF, Security Scanner | Download | Download |
| v10.3.0 | Feb 10, 2026 | Sub-processes, Let's Encrypt, auto-update | Download | Download |