0003b6ac7f
- Added GeoIP integration (Issue #16) with service and access list updates. - Fixed rate limiting burst field usage and added bypass list support (Issue #19). - Implemented CrowdSec bouncer integration (Issue #17) with registration and health checks. - Enhanced WAF integration (Issue #18) with per-host toggle, paranoia levels, and rule exclusions. - Updated documentation and added new API routes for GeoIP, rate limits, and WAF exclusions. chore: Add QA report for race and test failures - Documented findings from race condition tests and WebSocket test flakiness. - Identified issues with CrowdSec registration tests in non-bash environments. - Noted security status contract mismatches and missing table errors in handler/service tests. audit: Conduct full QA audit of security phases - Verified all security implementation phases with comprehensive testing. - Resolved linting issues and ensured codebase health. - Documented test results and issues found during the audit.
Charon
Your websites, your rules—without the headaches.
Turn multiple websites and apps into one simple dashboard. Click, save, done. No code, no config files, no PhD required.
Why Charon?
You want your apps accessible online. You don't want to become a networking expert first.
The problem: Managing reverse proxies usually means editing config files, memorizing cryptic syntax, and hoping you didn't break everything.
Charon's answer: A web interface where you click boxes and type domain names. That's it.
- ✅ Your blog gets a green lock (HTTPS) automatically
- ✅ Your chat server works without weird port numbers
- ✅ Your admin panel blocks everyone except you
- ✅ Everything stays up even when you make changes
What Can It Do?
🔐 Automatic HTTPS — Free certificates that renew themselves 🛡️ Optional Security — Block bad guys, bad countries, or bad behavior 🐳 Finds Docker Apps — Sees your containers and sets them up instantly 📥 Imports Old Configs — Bring your Caddy setup with you ⚡ No Downtime — Changes happen instantly, no restarts needed 🎨 Dark Mode UI — Easy on the eyes, works on phones
Quick Start
Docker Compose (Recommended)
Save this as docker-compose.yml:
services:
charon:
image: ghcr.io/wikid82/charon:latest
container_name: charon
restart: unless-stopped
ports:
- "80:80"
- "443:443"
- "443:443/udp"
- "8080:8080"
volumes:
- ./charon-data:/app/data
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CHARON_ENV=production
Then run:
docker-compose up -d
Docker Run (One-Liner)
docker run -d \
--name charon \
-p 80:80 \
-p 443:443 \
-p 443:443/udp \
-p 8080:8080 \
-v ./charon-data:/app/data \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
-e CHARON_ENV=production \
ghcr.io/wikid82/charon:latest
What Just Happened?
- Charon downloaded and started
- The web interface opened on port 8080
- Your websites will use ports 80 (HTTP) and 443 (HTTPS)
Open http://localhost:8080 and start adding your websites!
Optional: Turn On Security
Charon includes Cerberus, a security guard for your apps. It's turned off by default so it doesn't get in your way.
When you're ready, add these lines to enable protection:
environment:
- CERBERUS_SECURITY_WAF_MODE=monitor # Watch for attacks
- CERBERUS_SECURITY_CROWDSEC_MODE=local # Block bad IPs automatically
Start with "monitor" mode — it watches but doesn't block. Once you're comfortable, change monitor to block.
Learn about security features →
Getting Help
📖 Full Documentation — Everything explained simply 🚀 5-Minute Guide — Your first website up and running 💬 Ask Questions — Friendly community help 🐛 Report Problems — Something broken? Let us know
Contributing
Want to help make Charon better? Check out CONTRIBUTING.md
✨ Top Features
MIT License · Documentation · Releases
Built with ❤️ by @Wikid82
Powered by Caddy Server