Your server, your rules—without the headaches.
Manage reverse proxies with a clean web interface.
No config files. No cryptic syntax. No networking degree required.
You want your apps online.
You don’t want to edit config files or memorize reverse proxy syntax.
Charon gives you:
- ✅ Automatic HTTPS certificates
- ✅ Clean domain routing
- ✅ Built-in security protection
- ✅ One-click Docker app discovery
- ✅ Live updates without restarts
- ✅ Zero external dependencies
If you can use a website, you can run Charon.
Charon includes security features that normally require multiple tools:
- Web Application Firewall (WAF)
- CrowdSec intrusion detection
- Access Control Lists (ACLs)
- Rate limiting
- Emergency recovery tools
Secure by default. No extra containers required.
services:
charon:
image: wikid82/charon:latest
container_name: charon
restart: unless-stopped
ports:
- "80:80"
- "443:443"
- "443:443/udp"
- "8080:8080"
volumes:
- ./charon-data:/app/data
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- TZ=America/New_York
# Generate with: openssl rand -base64 32
- CHARON_ENCRYPTION_KEY=your-32-byte-base64-key
healthcheck:
test: ["CMD-SHELL", "curl -fsS http://localhost:8080/api/v1/health || exit 1"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40sopenssl rand -base64 32docker-compose up -dOpen your browser and navigate to http://localhost:8080 to access the dashboard and create your admin account.
http://localhost:8080
Full setup instructions and documentation are available at https://wikid82.github.io/Charon/docs/getting-started.html.
--- ## ✨ Top 10 Features
No config files. No terminal commands. Just click, type your domain name, and you're live. If you can use a website, you can run Charon.
Free SSL certificates that request, install, and renew themselves. Your sites get the green padlock without you lifting a finger.
Secure all your subdomains with a single *.example.com certificate. Supports 15+ DNS providers including Cloudflare, Route53, DigitalOcean, and Google Cloud DNS. Credentials are encrypted and automatically rotated.
Web Application Firewall, rate limiting, geographic blocking, access control lists, and intrusion detection via CrowdSec. Protection that "just works."
Verifiable builds with cryptographic signatures, SLSA provenance attestation, and comprehensive SBOMs. Verify what you run with transparent, tamper-proof evidence.
Automatically adds standard headers (X-Real-IP, X-Forwarded-Proto, etc.) so your backend applications see real client IPs, enforce HTTPS correctly, and log accurately—with full backward compatibility for existing hosts.
Already running apps in Docker? Charon finds them automatically and offers one-click proxy setup. No manual configuration required.
See exactly what's happening with live request logs, uptime monitoring, and instant notifications when something goes wrong.
Already invested in another reverse proxy? Bring your work with you by importing your existing configurations with one click:
- Caddyfile — Migrate from other Caddy setups
- Nginx — Import from Nginx based configurations (Coming Soon)
- Traefik - Import from Traefik based configurations (Coming Soon)
- CrowdSec - Import from CrowdSec configurations
- JSON Import — Restore from Charon backups or generic JSON configs
Update domains, add security rules, or modify settings instantly—no container restarts needed.* Your sites stay up while you make changes.
Run dozens of websites, APIs, or services from a single dashboard. Perfect for homelab enthusiasts and small teams managing multiple projects.
One Docker container. No databases to install. No external services required. No complexity—just pure simplicity.
No premium tiers. No feature paywalls. No usage limits. Everything you see is yours to use, forever, backed by the MIT license. * Note: Initial security engine setup (CrowdSec) requires a one-time container restart to initialize the protection layer. All subsequent changes happen live. **
💬 Support
❤️ Free & Open Source
Charon is 100% free and open source under the MIT License.
No premium tiers. No locked features. No usage limits.
Built for the self-hosting community.
