v0.1.0  ·  Dev Release

Security-First
Server Management

A single Go binary that turns any Linux server into a fully managed VPS — real-time metrics, GitOps deployments, firewall control, containers, and MCP support. Zero dependencies.

Quick Install View on GitHub →
bash — one-line install
# Installs binary, systemd service, and config — one command $ curl -fsSL https://raw.githubusercontent.com/KenyanRedwoods01/Orbit/main/scripts/install.sh | sudo bash # Custom port (default: 5000, range: 5000-6000) $ sudo ORBIT_PORT=5100 bash install.sh
1
binary, zero deps
5000
default port
15+
built-in modules
Go
single binary
AGPL
open source
Community

Live from GitHub

Real-time repository stats — stars, forks, open issues, releases, recent commits, and pull requests.

Stars
Forks
Open Issues
Releases
Open PRs
Watchers

Recent Releases

Loading…

Open Pull Requests

Loading…

Open Issues

Loading…

Recent Commits

Loading…
Preview

See it in action

A full-featured server management dashboard, live in your browser.

Features

Everything your server needs

All modules ship in one binary. Enable or disable each independently via orbit.toml.

Real-time Metrics

CPU, memory, disk, and network graphs streamed live over WebSocket. Per-process stats via /proc.

Security Suite

Integrated Wazuh, Suricata, CrowdSec, and Fail2ban management. Audit logs and RBAC built in.

Firewall Control

Visual nftables/iptables management. Port-level rules with one-click apply and rollback.

GitOps Deployments

Push-to-deploy pipelines from any Git provider. Webhook triggers, build logs, and rollbacks.

Container Management

Full Docker lifecycle — pull, run, inspect, shell, logs — all from the browser.

Web Server Manager

Nginx/Apache vhost management, SSL certificates via Let's Encrypt, and live config editing.

Uptime Monitoring

HTTP and TCP monitors with incident timelines, status pages, and multi-channel alerting.

MCP Server

Model Context Protocol support — let AI assistants like Claude manage your server securely.

Multi-Server Fleet

Manage a fleet of remote servers over SSH from a single Orbit instance.

File Explorer

SFTP-backed file browser with upload, download, edit, and permission management.

Alert Rules

Real-time threshold monitoring across any metric. Fires to email, Slack, webhook, and more.

GitHub Actions

Trigger and monitor GitHub Actions workflows directly from the Orbit dashboard.

Profile & 2FA Management

Full user profile page — change username, password, avatar color, bio, and manage TOTP 2FA with backup codes from one screen.

Database Explorer

Connect MySQL, PostgreSQL, and SQLite databases. Browse tables, run queries, and monitor connection health.

Port Scanner

Real-time view of all open ports with process binding, protocol, and firewall rule correlation.

Profile & Security

Enterprise-grade account security

Every user account has a comprehensive self-service security center. Manage your identity, 2FA, and sessions without admin intervention.

TOTP Two-Factor Auth

Enable TOTP 2FA with any authenticator app (Google Authenticator, Authy, 1Password). QR code setup, manual key entry, and 10 single-use backup codes included.

Security Score

Real-time security score (0–100) based on 2FA status, backup code count, profile completeness. Actionable checklist of what to fix next.

Activity & Session Log

Full audit trail of every login, password change, and 2FA event. Active session list with one-click revocation from any device.

Profile Customization

Display name, bio, avatar color picker, and email. Inline username and password change with strength meter. All fields update in real-time without page reload.

Profile Feature Orbit Netdata Grafana Portainer
TOTP 2FA
Backup codes
Session management
Account activity log
Security score
Tech Stack

Built for reliability

Zero runtime dependencies. One binary. Ships with a built-in React SPA and SQLite database.

Go 1.22

Backend

Standard library HTTP, net/http ServeMux, goroutine-per-request concurrency, zero framework overhead.

React 18

Frontend

Vite 5, TypeScript, TanStack Query v5, Recharts, Zustand, React Router v6. CSS Modules.

SQLite

Storage

mattn/go-sqlite3 for relational data. BoltDB for ephemeral metrics ring buffers. No external DB required.

WebSocket

Real-time

Native WebSocket streams for metrics, logs, and terminal. No polling. Sub-100ms latency on LAN.

JWT + TOTP

Auth

bcrypt password hashing, JWT session tokens, TOTP 2FA (RFC 6238), backup codes, RBAC roles.

MCP

AI Integration

Model Context Protocol server over Unix socket or TCP. Tools for metrics, services, firewall, and deployment.

Installation

Three ways to install

All methods default to port 5000. Every port must be in range 5000–6000.

Method 1 — One-liner recommended 
# Installs binary, creates system user, writes config, enables systemd service
curl -fsSL https://raw.githubusercontent.com/KenyanRedwoods01/Orbit/main/scripts/install.sh | sudo bash

# With custom options
sudo bash install.sh --port 5100 --version v1.2.0
Method 2 — Clone and install 
git clone https://github.com/KenyanRedwoods01/Orbit.git
cd Orbit
sudo bash scripts/install.sh
Method 3 — Docker (builds from source) 
# Clone and build — Docker image is built locally from source
git clone https://github.com/KenyanRedwoods01/Orbit.git
cd Orbit
cp .env.example .env  # set ORBIT_SECRET_KEY
docker compose up -d  # builds image then starts on port 5000

# Or run a manually built image
docker build -t orbit .
docker run -d --name orbit \
  --cap-add NET_ADMIN --cap-add SYS_PTRACE \
  -p 5000:5000 -v orbit-data:/var/lib/orbit \
  orbit
Installer options bash 
Usage: install.sh [OPTIONS]

  --version, -v  VERSION    Release tag to install  (default: latest)
  --port, -p     PORT       Main panel port [5000-6000]  (default: 5000)
  --mcp-port     PORT       MCP TCP port    [5000-6000]  (default: 5001)
  --metrics-port PORT       Metrics port    [5000-6000]  (default: 5002)
  --no-start                Install without starting the service
  --uninstall               Remove Orbit from this system
  --help, -h                Show this help message
Port Reference

Port range: 5000–6000

All Orbit services are confined to ports 5000–6000. The installer validates every assignment before proceeding.

PortServiceProtocolConfig keyStatus
5000 Main panel (HTTPS)TCP / WSS listen_addr Default
5001 MCP TCP listenerTCP [mcp] tcp_addr Optional
5002 Prometheus metricsHTTP [metrics] addr Optional
5000–6000 Custom user servicesAny Reserved range
CI / CD

GitHub Actions workflows

Orbit ships four production-ready workflows for testing, releasing, Docker publishing, and this documentation site.

1

CI .github/workflows/ci.yml

Runs on every push and PR. Runs golangci-lint, Go tests with race detection, frontend build, and uploads a smoke-test binary artifact.

2

Release .github/workflows/release.yml

Triggered by a version tag (v*.*.*). Runs GoReleaser to build Linux binaries (amd64, arm64, armv7), creates .deb/.rpm packages, and publishes a multi-arch Docker image to GHCR.

3

GitHub Pages .github/workflows/pages.yml

Deploys the docs/ directory to GitHub Pages on every push to main. This is the site you're reading right now.

4

Security Scan .github/workflows/security.yml

Weekly and on every main push: runs govulncheck for Go CVEs and CodeQL analysis for both Go and JavaScript source.

Create a release 
# Tag a release — triggers the release workflow automatically
git tag v0.1.0
git push origin v0.1.0

# GoReleaser builds:
#  orbit_linux_amd64.tar.gz
#  orbit_linux_arm64.tar.gz
#  orbit_linux_armv7.tar.gz
#  orbit_0.1.0_amd64.deb
#  orbit_0.1.0_x86_64.rpm
#  ghcr.io/kenyanredwoods01/orbit:v0.1.0
#  checksums.txt
Configuration

orbit.toml reference

Orbit reads /etc/orbit/orbit.toml by default. Pass a different path with --config.

/etc/orbit/orbit.toml 
# Main listen address — port must be in range 5000-6000
listen_addr = "0.0.0.0:5000"

data_dir   = "/var/lib/orbit"
secret_key = "<auto-generated on first run>"

[modules]
metrics      = true
firewall     = true
deploy       = true
# ... all modules default to true

[mcp]
enabled     = false
socket_path = "/run/orbit/mcp.sock"
# tcp_addr  = "127.0.0.1:5001"
Documentation

Guides & Reference

Everything you need to install, configure, and operate Orbit in production.

Installation Guide

Step-by-step install for Ubuntu, Debian, CentOS, and Docker.

Configuration Reference

All orbit.toml keys, env vars, and CLI flags documented.

API Reference

REST and WebSocket endpoints. OpenAPI spec at /api/openapi.json.

MCP Integration

Connect Claude, GPT, or any MCP-compatible AI to your server.

GitHub Actions

CI/CD workflows, release automation, and Docker publishing.

Security Guide

Hardening checklist, capability model, Wazuh/Suricata setup.

Contributing

Dev environment setup, conventions, and how to submit a PR.

Changelog

Release notes and version history on GitHub Releases.