gitea-mirror/Pulse
1
0
Fork 0
mirror of https://github.com/rcourtman/Pulse.git synced 2026-02-19 07:50:43 +01:00
Code Issues Packages Projects Releases Wiki Activity
310 Commits 3 Branches 376 Tags
085fa49cb4e548b3cc62e04bfd05d0cc1093e686
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Pulse Monitor 085fa49cb4 feat: improve export/import functionality and documentation 
- Add clear documentation that auth settings are intentionally excluded from exports
- Update API docs to explicitly state what is/isn't included in exports
- Enhance migration guide with security notes about auth exclusion
- Add UI warning in export dialog about auth settings not transferring
- Each Pulse instance should configure its own authentication for security

Related to user feedback about auth settings not transferring between instances
2025-08-14 10:30:21 +00:00
cmd/pulse
feat: add encrypted config export/import for automation
2025-08-05 21:45:25 +00:00
docs
feat: improve export/import functionality and documentation
2025-08-14 10:30:21 +00:00
frontend-modern
feat: improve export/import functionality and documentation
2025-08-14 10:30:21 +00:00
internal
feat: auto-allow export/import on private networks without auth
2025-08-14 10:07:29 +00:00
pkg
feat: enhance security and improve login UI
2025-08-13 23:07:57 +00:00
scripts
feat: enhance security and improve login UI
2025-08-13 23:07:57 +00:00
.dockerignore
Add Docker deployment files for production readiness
2025-08-03 16:18:18 +00:00
.env.example
docs: update all documentation for simplified configuration
2025-08-09 09:39:23 +00:00
.gitignore
chore: add embedded frontend directory to gitignore
2025-08-12 12:46:13 +00:00
build-release.sh
feat: standardize on bin/ directory structure for all archives
2025-08-12 19:30:59 +00:00
build.sh
fix: permanently solve frontend embed sync issue
2025-08-12 20:56:43 +00:00
dev-proxy.sh
refactor: consolidate authentication system and improve API structure
2025-08-13 14:51:46 +00:00
dev.sh
refactor: consolidate authentication system and improve API structure
2025-08-13 14:51:46 +00:00
docker-compose.yml
Remove PBS summary card and fix backup chart timezone
2025-08-08 15:30:28 +00:00
docker-entrypoint.sh
fix: Docker permission issues and alert history file access
2025-08-10 06:51:45 +00:00
Dockerfile
fix: update systems to work with embedded frontend
2025-08-12 12:52:27 +00:00
go.mod
feat: enhance security and improve API token UX
2025-08-13 19:05:23 +00:00
go.sum
feat: enhance security and improve API token UX
2025-08-13 19:05:23 +00:00
hot-dev.sh
refactor: consolidate authentication system and improve API structure
2025-08-13 14:51:46 +00:00
install.sh
feat: standardize on bin/ directory structure for all archives
2025-08-12 19:30:59 +00:00
LICENSE
fix: consolidate to encrypted-only configuration system
2025-08-03 11:19:32 +00:00
Makefile
refactor: consolidate authentication system and improve API structure
2025-08-13 14:51:46 +00:00
pulse-linux-amd64
feat: auto-allow export/import on private networks without auth
2025-08-14 10:07:29 +00:00
README.md
docs: update export/import documentation
2025-08-14 10:04:15 +00:00
VERSION
chore: bump version to v4.3.1-rc.1
2025-08-12 14:29:37 +00:00

README.md

Pulse for Proxmox

GitHub release Docker Pulls License

Real-time monitoring for Proxmox VE and PBS with alerts and webhooks.

Dashboard

💖 Support This Project

GitHub Sponsors ko-fi

Features

  • Auto-Discovery: Finds Proxmox nodes on your network, one-liner setup via generated scripts
  • Cluster Support: Configure one node, monitor entire cluster
  • Enterprise Security:
    • Credentials encrypted at rest, masked in logs, never sent to frontend
    • CSRF protection for all state-changing operations
    • Rate limiting (500 req/min general, 10 attempts/min for auth)
    • Account lockout after failed login attempts
    • Secure session management with HttpOnly cookies
    • bcrypt password hashing (cost 12) - passwords NEVER stored in plain text
    • SHA3-256 API token hashing - tokens NEVER stored in plain text
    • Security headers (CSP, X-Frame-Options, etc.)
    • Comprehensive audit logging
  • Live monitoring of VMs, containers, nodes, storage
  • Alerts with email and webhooks (Discord, Slack, Telegram, Teams, ntfy.sh, Gotify)
  • Unified view of PBS backups, PVE backups, and snapshots
  • PBS push mode for firewalled servers
  • Config export/import with encryption and authentication
  • Dark/light themes, responsive design
  • Built with Go for minimal resource usage

Screenshots →

Quick Start

Install

# Option A: Proxmox Helper Script (creates LXC container)
bash -c "$(wget -qLO - https://github.com/community-scripts/ProxmoxVE/raw/main/ct/pulse.sh)"

# Option B: Docker
docker run -d -p 7655:7655 -v pulse_data:/data rcourtman/pulse:latest

# Option C: Manual (existing systems)
curl -fsSL https://raw.githubusercontent.com/rcourtman/Pulse/main/install.sh | sudo bash

Configure Nodes

  1. Open http://<your-server>:7655
  2. Go to Settings → Nodes
  3. Discovered nodes appear automatically
  4. Click "Setup Script" next to any node
  5. Run the generated one-liner on that node
  6. Node is configured and monitoring starts

The script handles user creation, permissions, token generation, and registration automatically.

Docker

Basic

docker run -d \
  --name pulse \
  -p 7655:7655 \
  -v pulse_data:/data \
  --restart unless-stopped \
  rcourtman/pulse:latest

With Network Discovery

# Specify your LAN subnet for auto-discovery
docker run -d \
  --name pulse \
  -p 7655:7655 \
  -v pulse_data:/data \
  -e DISCOVERY_SUBNET=192.168.1.0/24 \
  --restart unless-stopped \
  rcourtman/pulse:latest

Docker Compose

services:
  pulse:
    image: rcourtman/pulse:latest
    container_name: pulse
    ports:
      - "7655:7655"
    volumes:
      - pulse_data:/data
    environment:
      # Network discovery
      # - DISCOVERY_SUBNET=192.168.1.0/24  # Auto-discovery subnet (default: auto-detect)
      
      # Ports
      # - PORT=7655                         # Backend port (default: 7655)
      # - FRONTEND_PORT=7655                # Frontend port (default: 7655)
      
      # Security (all optional - runs open by default)
      # - PULSE_AUTH_USER=admin             # Username for web UI login
      # - PULSE_AUTH_PASS='$2a$12$...'      # Bcrypt hashed password (use Quick Security Setup)
      # - API_TOKEN=<sha3-256-hash>         # SHA3-256 hashed API token (64 hex chars)
      # - ALLOW_UNPROTECTED_EXPORT=false    # Allow export without auth (default: false)
      
      # Polling & timeouts
      # - POLLING_INTERVAL=3                # Seconds between node checks (default: 3)
      # - CONNECTION_TIMEOUT=10             # Connection timeout in seconds (default: 10)
      
      # Updates
      # - UPDATE_CHANNEL=stable             # Update channel: stable or rc (default: stable)
      # - AUTO_UPDATE_ENABLED=false         # Enable auto-updates (default: false)
      # - AUTO_UPDATE_CHECK_INTERVAL=24     # Hours between update checks (default: 24)
      # - AUTO_UPDATE_TIME=03:00            # Time to install updates HH:MM (default: 03:00)
      
      # CORS & logging
      # - ALLOWED_ORIGINS=https://app.example.com  # CORS origins (default: none, same-origin only)
      # - LOG_LEVEL=info                    # Log level: debug/info/warn/error (default: info)
    restart: unless-stopped

volumes:
  pulse_data:

PBS Agent (Push Mode)

For isolated PBS servers, see PBS Agent documentation

Security

  • Authentication is optional - Run open for homelab or secured for production
  • Multiple auth methods: Password authentication, API tokens, or both
  • Enterprise-grade protection:
    • Credentials encrypted at rest (AES-256-GCM)
    • CSRF tokens for state-changing operations
    • Rate limiting and account lockout protection
    • Secure session management with HttpOnly cookies
    • bcrypt password hashing (cost 12) - passwords NEVER stored in plain text
    • SHA3-256 API token hashing - tokens NEVER stored in plain text (cost 12)
    • Security headers (CSP, X-Frame-Options, etc.)
    • Comprehensive audit logging
  • Security by design:
    • Frontend never receives node credentials
    • API tokens visible only to authenticated users
    • Export/import requires authentication when configured

See Security Documentation for details.

Configuration

Quick start - most settings are in the web UI:

  • Settings → Nodes: Add/remove Proxmox instances
  • Settings → System: Polling intervals, CORS settings
  • Alerts: Thresholds and notifications

Email Alerts Configuration

Configure email notifications in Settings → Alerts → Email Destinations

Supported Providers

  • Gmail/Google Workspace: Requires app-specific password
  • Outlook/Office 365: Requires app-specific password
  • Custom SMTP: Any SMTP server

Recommended Settings

  • Port 587 with STARTTLS (recommended for most providers)
  • Port 465 for SSL/TLS
  • Port 25 for unencrypted (not recommended)

Gmail Setup

  1. Enable 2-factor authentication
  2. Generate app-specific password at https://myaccount.google.com/apppasswords
  3. Use your email as username and app password as password
  4. Server: smtp.gmail.com, Port: 587, Enable STARTTLS

Outlook Setup

  1. Generate app password at https://account.microsoft.com/security
  2. Use your email as username and app password as password
  3. Server: smtp-mail.outlook.com, Port: 587, Enable STARTTLS

For deployment overrides (ports, etc), use environment variables:

# Systemd: sudo systemctl edit pulse-backend
Environment="FRONTEND_PORT=8080"

# Docker: -e FRONTEND_PORT=8080

📖 Full Configuration Guide →

Backup/Restore

Via UI (recommended):

  • Settings → Security → Backup & Restore
  • Export: Choose login password or custom passphrase for encryption
  • Import: Upload backup file with passphrase
  • Includes all settings, nodes, and custom console URLs

Via CLI:

# Export (v4.0.3+)
pulse config export -o backup.enc

# Import
pulse config import -i backup.enc

Updates

Docker

docker pull rcourtman/pulse:latest
docker stop pulse
docker rm pulse
# Run docker run command again

Manual Install

Settings → System → Check for Updates

After updates complete, refresh your browser (Ctrl+F5 or Cmd+Shift+R) to load the new version.

API

# Status
curl http://localhost:7655/api/health

# Metrics (default time range: 1h)
curl http://localhost:7655/api/charts

# With authentication (if configured)
curl -H "X-API-Token: your-token" http://localhost:7655/api/health

📖 Full API Documentation → - Complete endpoint reference with examples

Reverse Proxy

Using Pulse behind a reverse proxy? WebSocket support is required for real-time updates.

See Reverse Proxy Configuration Guide for nginx, Caddy, Apache, Traefik, HAProxy, and Cloudflare Tunnel configurations.

Troubleshooting

Connection Issues

  • Check Proxmox API is accessible (port 8006/8007)
  • Verify credentials have PVEAuditor role minimum
  • For PBS: ensure API token has Datastore.Audit permission

High CPU/Memory

  • Reduce polling interval in Settings
  • Check number of monitored nodes
  • Disable unused features (backups, snapshots)

Logs

# Docker
docker logs pulse

# Manual
journalctl -u pulse -f

Documentation

Security

  • Credentials stored encrypted (AES-256-GCM)
  • Optional API token authentication
  • Export/import requires passphrase
  • Security Details →

Development

Quick Start - Hot Reload (Recommended)

# Best development experience with instant frontend updates
./hot-dev.sh
# Frontend: http://localhost:5173 (hot reload)
# Backend: http://localhost:7655

Production-like Development

# Watches files and rebuilds/embeds frontend into Go binary
./dev.sh
# Access at: http://localhost:7655

Manual Development

# Frontend only
cd frontend-modern
npm install
npm run dev

# Backend only
go build -o pulse ./cmd/pulse
./pulse

# Or use make for full rebuild
make dev

Links

License

MIT - See LICENSE

Description
No description provided
Readme MIT 263 MiB
Languages
Go 74.4%
TypeScript 22.6%
Shell 2.4%
PowerShell 0.3%