Modern web interface to make configuring, deploying and monitoring VyOS routers easier
Open beta release. Expect lower stability and bugs. This release provides a lot of structural improvements over the older legacy version. We now flexibly support all active VyOS versions, including rolling releases.
π Join our Discord community to receive official updates
Give us a star β to support us!
image image image image image
- Docker & Docker Compose (recommended for easiest setup)
- OR Node.js 24.x and Python 3.11+ (for manual setup)
- VyOS Router with REST API enabled (see setup below)
Before deploying VyManager, you need to enable the REST API on your VyOS router(s).
Connect to your VyOS router via SSH and run:
# Enter configuration mode configure # Create an API key (replace YOUR_SECURE_API_KEY with a strong random key) set service https api keys id vymanager key YOUR_SECURE_API_KEY # Enable REST functionality (VyOS 1.5+ only) set service https api rest # Optional: Enable GraphQL set service https api graphql # Save and apply commit save exit
π‘ Security Note: Keep your API key secure! You'll need it during the VyManager setup wizard.
Copy frontend/.env.example to frontend/.env:
cp frontend/.env.example frontend/.env
Edit frontend/.env:
# Authentication (CHANGE THIS!) BETTER_AUTH_SECRET=your-super-secret-key-change-in-production-CHANGE-THIS # Leave these as default for Docker deployment NODE_ENV=production VYMANAGER_ENV=production BETTER_AUTH_URL=http://localhost:3000 NEXT_PUBLIC_APP_URL=http://localhost:3000 NEXT_PUBLIC_API_URL=http://backend:8000 # Database (change password in production!) DATABASE_URL=postgresql://vymanager:vymanager_secure_password@postgres:5432/vymanager_auth # Add your server IP if accessing from other machines TRUSTED_ORIGINS=http://localhost:3000,http://192.168.1.100:3000
Copy backend/.env.example to backend/.env:
cp backend/.env.example backend/.env
Edit backend/.env:
# Database Connection DATABASE_URL=postgresql://vymanager:vymanager_secure_password@postgres:5432/vymanager_auth # Frontend URL FRONTEND_URL=http://localhost:3000
π Note: VyOS instance configuration is now managed through the web UI, not environment variables!
# Enter pre-compiled images directory cd /container/vymanager-prod # Start all services docker compose -f env-file-docker-compose.yml up -d # View logs docker compose logs -f # Check status docker compose ps
-
Open your browser and navigate to
http://localhost:3000 -
Onboarding Wizard will automatically launch (first-time only):
- Step 1: Create your admin account
- Step 2: Create your first site (e.g., "Headquarters")
- Step 3: Add your first VyOS instance
- Name: Give it a friendly name
- Host: Your VyOS router IP address
- Port: 443 (default)
- API Key: The key you created in Step 1
- Version: Select your VyOS version (1.4 or 1.5)
-
Start Managing! You'll be automatically logged in and redirected to the dashboard
VyManager uses a multi-instance architecture allowing you to manage multiple VyOS routers from a single interface:
- Sites: Logical groupings of VyOS instances (e.g., "Data Center 01", "Branch Office NYC")
- Instances: Individual VyOS routers within a site
- Role-Based Access: OWNER, ADMIN, and VIEWER roles per site
- Active Session: Connect to one instance at a time for configuration
Unlike traditional single-device management tools, VyManager stores all instance configurations in a PostgreSQL database:
PostgreSQL Database
βββ users # User accounts
βββ sites # Site groupings
βββ instances # VyOS router instances
βββ permissions # User-site role mappings
βββ active_sessions # Current connections
All VyOS instances are managed through the web UI - no hardcoded configuration!
vymanager/
βββ frontend/ # Next.js 16 frontend application
β βββ src/
β β βββ app/ # Next.js app router pages
β β β βββ onboarding/ # First-time setup wizard
β β β βββ sites/ # Site & instance management
β β β βββ login/ # Authentication
β β β βββ [features]/ # VyOS configuration pages
β β βββ components/ # React components
β β β βββ sites/ # Site management components
β β β βββ layout/ # Navigation & layout
β β β βββ ui/ # shadcn/ui components
β β βββ lib/ # Utilities and API clients
β β βββ api/ # Backend API services
β βββ prisma/ # Database schema & migrations
β β βββ migrations/ # Multi-instance schema
β βββ public/ # Static assets
β βββ Dockerfile # Frontend container
βββ backend/ # FastAPI backend application
β βββ routers/ # API route handlers
β β βββ session/ # Session & instance management
β β βββ firewall/ # Firewall configuration
β β βββ network/ # Network configuration
β β βββ interfaces/ # Interface management
β β βββ [features]/ # Other VyOS features
β βββ vyos_mappers/ # VyOS version mappers (1.4 vs 1.5)
β βββ vyos_builders/ # Configuration builders
β βββ vyos_service.py # VyOS device service layer
β βββ app.py # Main FastAPI application
β βββ Dockerfile # Backend container
βββ docker-compose.yml # Multi-service orchestration
β βββ postgres # PostgreSQL database
β βββ backend # FastAPI API server
β βββ frontend # Next.js web app
βββ README.md # This file
- Framework: Next.js 16 (App Router)
- Language: TypeScript
- Styling: Tailwind CSS v4
- UI Components: shadcn/ui
- Icons: Lucide React
- Authentication: Better-auth
- State Management: Zustand
- Database ORM: Prisma
- Framework: FastAPI
- Language: Python 3.11+
- VyOS SDK: pyvyos (custom)
- Database: PostgreSQL
- DB Driver: asyncpg
- Container: Docker & Docker Compose
- Database: PostgreSQL 15
- Reverse Proxy: Nginx (optional)
# Start all services docker compose up -d # View logs docker compose logs -f docker compose logs -f backend # Backend only docker compose logs -f frontend # Frontend only # Stop all services docker compose down # Rebuild after code changes docker compose build docker compose up -d # Restart a specific service docker compose restart backend docker compose restart frontend # Clean everything (including database) docker compose down -v
# Development npm run dev # Start all services with Docker npm run dev:down # Stop Docker services # Production npm start # Start services in detached mode npm stop # Stop all services # Logs npm run logs # View all logs npm run logs:frontend # Frontend logs only npm run logs:backend # Backend logs only # Build npm run build:docker # Build Docker images # Maintenance npm run clean # Clean all build artifacts and containers
- Navigate to Site Manager (click VyOS logo in sidebar)
- Click "Add Site" button
- Enter site name and description
- Click "Create Site"
- In Site Manager, select a site from the list
- Click "Add Instance" button
- Fill in instance details:
- Name: Friendly name for this router
- Description: Optional notes
- Host: IP address or hostname
- Port: HTTPS port (default 443)
- API Key: The key from VyOS configuration
- Version: Select 1.4 or 1.5
- Protocol: HTTPS (recommended) or HTTP
- Click "Complete Setup"
- Navigate to Site Manager
- Select a site
- Click "Connect" on any instance card
- VyManager will:
- Test the connection
- Verify API credentials
- Redirect you to the dashboard if successful
- You can now manage that VyOS router!
- Click "Disconnect Instance" in the sidebar
- You'll return to Site Manager
- Connect to a different instance
VyManager implements granular role-based access:
| Role | Permissions |
|---|---|
| OWNER | Full control: manage site, add/edit/delete instances, grant permissions |
| ADMIN | Manage instances, edit configurations, cannot delete site or manage permissions |
| VIEWER | Read-only access to configurations |
Roles are assigned per-site, allowing flexible multi-tenant scenarios.
VyManager supports multiple VyOS versions (1.4, 1.5+) using a version-aware backend architecture.
The backend uses a three-layer architecture:
Routers (API Endpoints)
β
Builders (Batch Operations)
β
Mappers (Version-Specific Commands)
β
VyOS Device (1.4 or 1.5)
Example:
- VyOS 1.4: Uses
firewall group address-group - VyOS 1.5: Uses
firewall group address-group(same) - New Features: Automatically disabled on older versions
Every feature exposes a /capabilities endpoint:
{
"version": "1.5",
"features": {
"domain_groups": {
"supported": true,
"description": "Domain-based firewall groups"
},
"ipv6_nat": {
"supported": true,
"description": "IPv6 NAT rules"
}
}
}The frontend conditionally shows/hides features based on capabilities.
cd frontend # Install dependencies npm install # Run dev server (with hot reload) npm run dev # Type check npm run type-check # Lint npm run lint # Build for production npm run build
cd backend # Create virtual environment python3 -m venv venv source venv/bin/activate # On Windows: venv\Scripts\activate # Install dependencies pip install -r requirements.txt # Run with auto-reload uvicorn app:app --reload --host 0.0.0.0 --port 8000 --proxy-headers > When serving behind Traefik/Nginx (HTTPS), make sure the proxy forwards `X-Forwarded-Proto`/`X-Forwarded-Port` so FastAPI can emit the correct scheme for redirects. # View API docs # Navigate to http://localhost:8000/docs
cd frontend # Generate migration after schema changes npx prisma migrate dev --name migration_name # Apply migrations npx prisma migrate deploy # View database npx prisma studio
# Build images docker compose -f docker-compose.prod.yml build # Start services docker compose -f docker-compose.prod.yml up -d # View logs docker compose -f docker-compose.prod.yml logs -f
Frontend .env:
NODE_ENV=production BETTER_AUTH_SECRET=<strong-random-secret-256-bits> BETTER_AUTH_SECURE_COOKIES=false BETTER_AUTH_URL=https://vymanager.yourdomain.com DATABASE_URL=postgresql://user:pass@postgres:5432/vymanager_auth TRUSTED_ORIGINS=https://vymanager.yourdomain.com
Backend .env:
DATABASE_URL=postgresql://user:pass@postgres:5432/vymanager_auth FRONTEND_URL=https://vymanager.yourdomain.com
server { listen 80; server_name vymanager.yourdomain.com; location / { proxy_pass http://localhost:3000; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } }
- Frontend: See
frontend/README.md - Backend: See
backend/README.md - API Docs: http://localhost:8000/docs (when running)
- VyOS Docs: https://docs.vyos.io/
- Architecture Guide: See
CLAUDE.mdfor feature development patterns
- Change Default Secrets: Always change
BETTER_AUTH_SECRETand database passwords - Use HTTPS: Enable SSL/TLS for production deployments
- Secure API Keys: Store VyOS API keys securely, never commit to git
- Database Backups: Regularly backup the PostgreSQL database
- Network Isolation: Run VyManager in a secure network segment
- Update Regularly: Keep VyManager and VyOS up to date
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Make your changes following the architecture patterns in
CLAUDE.md - Test thoroughly on both VyOS 1.4 and 1.5
- Commit your changes (
git commit -m 'feat: add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
- Check API Key: Verify the API key in VyOS matches your input
- Check Network: Ensure VyManager can reach the VyOS IP address
- Check Port: Default is 443, verify it's not blocked by firewall
- Check SSL: If using self-signed cert, set "Verify SSL" to false
# Check if PostgreSQL is running docker compose ps # Check database logs docker compose logs postgres # Verify DATABASE_URL is correct in .env files
# Clear node_modules and rebuild cd frontend rm -rf node_modules .next npm install npm run build
# Reinstall Python dependencies cd backend pip install -r requirements.txt --force-reinstall
See LICENSE.md for details.
- Issues: GitHub Issues
- Discord: Join our community
- Documentation: Check
CLAUDE.mdfor development patterns
Built with β€οΈ for the VyOS community