Modern Multi-Cluster Management for Proxmox VE & XCP-ng
Website • Documentation • Releases • Sponsoring
PegaProx is a powerful web-based management interface for Proxmox VE and XCP-ng clusters. Manage multiple clusters from a single dashboard with features like live monitoring, VM management, automated tasks, and more.
The name PegaProx is inspired by Pegasus, the winged horse of Greek mythology, combined with Prox as a reference to Proxmox VE. Pegasus symbolises speed, freedom and elegant flight — qualities we aspire to bring to multi-cluster hypervisor management.
PegaProx is a community-driven open source project that lives entirely from sponsorships and donations. Server costs, domains, code-signing certificates and the developer hours behind every release come straight out of our own pockets — and out of the contributions of the wonderful companies and individuals below. If PegaProx saves you time at work, please consider becoming a sponsor or chipping in on Open Collective. Every euro keeps the lights on. 💛
Become a Sponsor • Open Collective
- 🖥️ Unified Dashboard - Manage all your Proxmox clusters from one place
- 📊 Live Metrics - Real-time CPU, RAM, and storage monitoring via SSE
- 🔄 Live Migration - Migrate VMs between nodes with one click
- ⚖️ Cross-Cluster Load Balancing - Distribute workloads across clusters
- 🔄 Cross-Hypervisor Migration - Migrate VMs between ESXi, Proxmox VE, and XCP-ng
▶️ Quick Actions - Start, stop, restart VMs and containers- ⚙️ VM Configuration - Edit CPU, RAM, disks, network, EFI, Secure Boot & more
- 📸 Snapshots - Standard and space-efficient LVM snapshots for shared storage
- 🔁 Snapshot Replication - Storage-agnostic replication for clusters without ZFS
- 💾 Backups - Schedule and manage backups
- ✅ Backup Verification (Experimental) - Automated restore → boot → health check → cleanup (ISO 27001, SOC 2, HIPAA compliance)
- 🖱️ noVNC / xterm.js Console - Browser-based console for QEMU and LXC
- ⚖️ Load Balancing - Automatic VM distribution across nodes
- 🔁 High Availability - Auto-restart VMs on node failure with configurable timing
- 📍 Affinity Rules - Keep VMs together or apart on hosts (QEMU + LXC)
- 🟢 XCP-ng Pool Support - Connect XCP-ng / Xen hypervisor pools alongside Proxmox clusters
▶️ VM Power Actions - Start, stop, shutdown, reboot, suspend/resume- 🖥️ VNC Console - Browser-based remote console via XAPI
- 💽 Disk & Network Management - Add, resize, remove disks and NICs
- 🔧 Maintenance Mode - Enter/exit with automatic VM evacuation
- 🔀 ESXi Import Wizard - Migrate VMs from ESXi hosts to Proxmox
- ⚡ Near-Zero Downtime - Transfer running VMs with minimal interruption (max. 1 VM recommended)
- 🔌 Offline Migration - Shut down and transfer for maximum reliability
- 🔑 SSH Required - ESXi host must have SSH enabled
- 👥 Multi-User Support - Role-based access control (Admin, Operator, Viewer) + custom roles
- 🛠️ API Token Management - Create, list, and revoke Bearer tokens (scoped per role)
- 🔐 2FA Authentication - TOTP-based two-factor authentication (with force option)
- 🔑 WebAuthn / FIDO2 - Hardware-key login (YubiKey, Nitrokey, Touch ID, Windows Hello) — passwordless or as 2FA factor
- 🏛️ LDAP / OIDC - Active Directory, OpenLDAP, Entra ID, Keycloak, Google Workspace, Authentik (with PKCE)
- 🛡️ VM-Level ACLs - Fine-grained permissions per VM
- 🏢 Multi-Tenancy - Isolate clusters for different customers
- 🚫 IP Whitelisting / Blacklisting - Restrict access by IP or CIDR range
- 🔒 AES-256-GCM Encryption - All stored credentials encrypted at rest
- 🔍 CVE Scanner - Per-node package vulnerability scanning via debsecan
- 🛡️ CIS Hardening - One-click security audit and hardening against CIS benchmarks
- 🧾 HMAC-Signed Audit Log - Tamper-evident integrity verification on every entry
- ⏰ Scheduled Tasks - Automate VM actions (start, stop, snapshot, backup)
- 📸 Snapshot Schedules - Tag-based or VMID-list snapshot policies with retention pruning (hourly / daily / weekly + “keep last N” + “keep N days”)
- 🔄 Rolling Node Updates - Update cluster nodes one by one with automatic evacuation
- 🚨 Alerts - Get notified on high CPU, memory, or disk usage
- 📜 Audit Logging - Track all user actions with IP addresses
- 🔎 Audit Search - Full-text + date-range + severity + IP filter, paginated, CSV export
- 🛰️ SIEM Forwarder - Stream audit events to Syslog (UDP/TCP RFC 5424), Splunk HEC, Elasticsearch, Loki, or generic webhooks. VAPID-style per-target TLS verification.
- 🔧 Custom Scripts - Run scripts across nodes
- 💿 Ceph Management - Monitor and manage Ceph storage pools, RBD mirroring
- 🔐 ACME / Let's Encrypt - Automatic SSL certificate renewal with HTTP-01 challenge (+ custom ACME CAs)
- 📋 Integrated Syslog Server - Receive and view syslog messages (UDP/TCP) with filtering, search, and severity-based coloring
- 🧬 Config Drift Detection - Nightly snapshot of cluster config (VM configs, storage.cfg, network, datacenter options) — alerts on any unauthorized change vs the admin-set baseline. Pairs with the Compliance Dashboard.
- 💰 Cost Dashboard / Chargeback - €/VM/Month from real metrics (CPU-h × node tariff + RAM-GB-h + Storage-GB-month). Currency-configurable, per-cluster rates, top-spender table, by-node breakdown. CSV + PDF export.
- ⚡ Power & Carbon Tracking - Estimated kWh + €/Month + kg CO₂/Month per VM, based on metrics history × node-power profile × PUE × grid CO₂ intensity. Defaults for DE/EU; admin-tunable for any hardware/grid. CSV + PDF export.
- 🧠 Insights - Right-sizing recommendations (oversized / undersized CPU + RAM, idle VMs) and capacity forecasts (linear regression + ETA to threshold) over 30 days of history. PDF export.
- 🌐 Network Topology Visualization - Interactive SVG graph: Cluster → Nodes → Bridges/Bonds/SDN VNets → VMs. Click to highlight connections.
- 📊 Compliance Dashboard - Read-only BSI Grundschutz / ISO 27001 / NIS2 / SOC 2 mapping per cluster, hardening score, exportable PDF. Visible to ops/auditors without admin rights.
- 🛡️ CVE Reporting - Per-cluster severity counts + per-package detail + historical view of when each CVE first appeared.
- ☁️ Cloud-Init Template Library - Curated catalog (Ubuntu 22.04/24.04, Debian 11/12, AlmaLinux 9, Rocky 9, Fedora 40, Alpine 3.19) plus admin-defined custom templates. One-click deploy to any cluster (download → import → cloudinit drive → convert to template).
- 🚑 Site Recovery - Configure DR plans (boot order, dependencies, replication mappings) and execute controlled failover with audit trail.
- 📦 Backup SLA Tracking - SLA dashboard per cluster + datastore: last-backup age vs configured RPO, integrated with the Alert pipeline.
- 🔁 ZFS / Cross-Cluster Replication - Native PVE replication monitor + cross-cluster replication for clusters without shared storage.
- 🛠️ V2P / ESXi Migration - Pyvmomi + SSHFS-based, with VirtIO driver pre-staging via MSI bulk-install (Windows guests).
- 📢 Webhook Channels - Slack, Discord, Microsoft Teams, ntfy, generic JSON webhooks (multi-channel, per-alert routing)
- 🔔 Web Push Notifications - Browser push via VAPID, “wake-up” pattern (no payload leaks to push provider). Inbox view in the topbar bell with unread badge.
- 📲 PWA / Installable App - Service Worker shell-cache, offline boot, install prompt, theme-color matching layout.
- 🌐 Client Portal - Self-service portal for hosting customers with VM power actions, noVNC console, snapshots, ISO mount, snapshot policies (read-only), 2FA, and password management
- 📊 Public Status Page - Cluster health dashboard for monitoring screens with URL-based auth key (no login required)
- 🔔 Notifications Plugin - ntfy + Apprise integration for unified channel routing
- 🐳 Docker Swarm Manager (Community) - Manage Swarm services from the same UI
- 🔌 Plugin Config Editor - Edit plugin configuration directly from the UI
- 🌐 Offline Mode - Works without internet (local assets, air-gap mode disables external CVE/sponsor lookups for VS-NfD / classified networks)
- 🎨 Themes - 17 themes including Dark/Light, Proxmox, Corporate (light/dark), Dracula, Nord, Monokai, Solarized, Cyberpunk, etc.
- 🏢 Corporate Layout - Tree-based sidebar with dense tables
- 🌍 Multi-Language - English, German, French, Spanish, Portuguese, Korean, Italian
- 📱 Responsive + PWA - Works on desktop and mobile, installable as native-feeling app
- 📦 PBS Integration - Proxmox Backup Server management with backup verification
- 🔭 Prometheus Exporter - Scrape
/api/metricswith bearer auth for cluster + VM metrics
- Python 3.8+
- Proxmox VE 8.0+ or 9.0+ and/or XCP-ng 8.2+
- Modern web browser (Chrome, Firefox, Edge, Safari)
This installation method pulls the deployment script directly from the current HEAD of the main branch. This means you will always receive the latest available version, including the most recent features and improvements. However, because it is not tied to a specific release, it may also contain unreleased changes or bugs that have not yet been fully tested. If you prefer a stable and tested version, consider installing PegaProx from a tagged release instead.
curl -O https://raw.githubusercontent.com/PegaProx/project-pegaprox/refs/heads/main/deploy.sh
chmod +x deploy.sh
sudo ./deploy.shThis installation method uses the official APT repository provided by gyptazy. The repository and its associated build and packaging pipeline are fully hosted and maintained by gyptazy, where PegaProx releases are automatically built and published as Debian packages. Unlike the automated installation script, which pulls the latest code directly from the repository branch, the APT repository distributes packaged and versioned releases. This generally provides a more stable and predictable installation, making it the recommended approach for production environments.
curl https://git.gyptazy.com/api/packages/gyptazy/debian/repository.key -o /etc/apt/keyrings/gyptazy.asc
echo "deb [signed-by=/etc/apt/keyrings/gyptazy.asc] https://packages.gyptazy.com/api/packages/gyptazy/debian trixie main" | sudo tee -a /etc/apt/sources.list.d/gyptazy.list
apt-get update
apt-get -y install pegaproxThis installation methods run PegaProx directly from the source code repository. It is primarily intended for development, testing, or advanced users who want full control over the codebase or want to modify and extend the project.
By default, cloning the repository will pull the latest state of the main branch, which contains the most recent changes and features. While this ensures you always have the newest code available, it may also include in-progress changes that are not part of an official release yet. If you prefer a more stable version, you can optionally checkout a specific release tag from the repository before installing dependencies and starting the application. This allows you to run the exact code corresponding to an official release while still using the source-based installation method.
Running PegaProx from source can be useful for debugging, contributing to the project, or integrating custom functionality, since you have direct access to the entire codebase and can easily update it using standard Git workflows.
git clone https://github.com/PegaProx/project-pegaprox.git
cd project-pegaprox
pip install -r requirements.txt
python3 pegaprox_multi_cluster.pydocker compose up -dOr without Compose:
docker run -d --name pegaprox \
-p 5000:5000 -p 5001:5001 -p 5002:5002 \
-v pegaprox-config:/app/config \
-v pegaprox-logs:/app/logs \
--restart unless-stopped \
ghcr.io/pegaprox/pegaprox:latestFor local builds:
git clone https://github.com/PegaProx/project-pegaprox.git
cd project-pegaprox
docker build -t pegaprox .
docker run -d --name pegaprox \
-p 5000:5000 -p 5001:5001 -p 5002:5002 \
-v pegaprox-config:/app/config \
-v pegaprox-logs:/app/logs \
--restart unless-stopped \
pegaproxgit clone https://github.com/PegaProx/project-pegaprox.git
cd project-pegaprox
dpkg-buildpackage -us -uc
sudo dpkg -i ../pegaprox_*.debOption 1: Update Script (Recommended)
cd /opt/PegaProx
curl -O https://raw.githubusercontent.com/PegaProx/project-pegaprox/refs/heads/main/update.sh
chmod +x update.sh
sudo ./update.shOption 2: Web UI
Go to Settings → Updates and click "Check for Updates".
After starting PegaProx, open your browser and navigate to:
https://your-server-ip:5000
Default credentials:
Username: pegaprox
Password: admin
- First Login: Create your admin account on the setup page
- Add Cluster: Go to Settings → Clusters → Add your Proxmox credentials
- Done! Start managing your VMs
/opt/PegaProx/
├── pegaprox_multi_cluster.py # Entry point
├── pegaprox/ # Application package
│ ├── app.py # Flask app factory
│ ├── constants.py # Configuration constants
│ ├── globals.py # Shared state
│ ├── api/ # REST API blueprints
│ ├── core/ # Business logic (manager, db, cache)
│ ├── background/ # Background tasks (scheduler, alerts)
│ ├── utils/ # Utilities (auth, RBAC, LDAP, OIDC)
│ └── models/ # Data models
├── web/
│ ├── index.html # Compiled frontend
│ └── src/ # Frontend source (JSX)
├── config/
│ └── pegaprox.db # SQLite database (credentials encrypted)
├── static/ # JS/CSS libraries (offline mode)
├── logs/ # Application logs
└── update.sh # Update script
- Credentials (Cluster PW, SSH Keys, TOTP, LDAP Bind) → AES-256-GCM
- API Tokens → SHA-256 Hash
- Passwords → Argon2id
- HTTPS required for production
- Session tokens expire after inactivity
- Rate limiting on all endpoints
- Input sanitization and RBAC enforcement
Full documentation is available at docs.pegaprox.com
This project is licensed under the AGPL-3.0 License - see the LICENSE file for details.
- 💬 Discord: Community Server
- 📧 Email: support@pegaprox.com
- 🐛 Issues: GitHub Issues
Like most modern dev teams, we use AI-assisted tooling (code completion, docs generation, review automation, security audits). All architecture decisions, implementation, and testing are handled by our three-person team. — see IBM , IBM Case Studies , MIT Tech Review
AI-driven security auditing is an industry-standard practice — see Hacker News, IBM Research.
If you find PegaProx useful, please consider giving it a star! ⭐
Made with ❤️ by the PegaProx Team