ConfigBox

Modern, open-source network configuration backup manager

Automated config backups for FortiGate, Cisco, Juniper, Palo Alto, Brocade & Extreme — with a clean web UI, diff viewer, scheduling, and Docker deployment in minutes.

A free alternative to RANCID, Oxidized, and SolarWinds NCM.

Quick Start · Features · Supported Devices · Updating

Why ConfigBox?

ConfigBox aims to make network configuration backups straightforward for small to mid-sized teams: a single Docker command to deploy, a clean web UI everyone on the team can use, built-in 2FA, email alerts, and S3/Google Drive sync — all free and open-source. Your configs stay on your infrastructure.

Supported Devices

Vendor	Protocol	Detail
FortiGate	REST API	Config backup via /api/v2/monitor/system/config/backup
Juniper	SSH	`show configuration
Cisco (IOS/NX-OS/ASA)	SSH	show running-config
Brocade (VDX/ICX/MLX)	SSH	`show running-config
Extreme Networks (SLX)	SSH	`show running-config
Palo Alto	PAN-OS XML API	Config export via XML API

Features

🔄 Backup & Storage

• Automated scheduled backups — cron-based, per-device schedules
• One-click manual backup from the dashboard
• Built-in config diff — compare any two backups side-by-side
• Remote backup to S3-compatible storage (AWS, MinIO, R2, B2) or Google Drive
• Automatic archival — gzip compression of old backups to save disk
• Plain file storage — even if the app stops, configs are readable in backups/
• CSV bulk import — onboard hundreds of devices in seconds
• Clone devices — duplicate an existing device's settings & credentials in one click

🔐 Security

• Two-factor authentication (TOTP) for all users
• AES-256-CBC encrypted credentials (API tokens, SSH passwords, SMTP)
• Role-based access control (Admin / Backup Admin)
• Comprehensive audit log — every action tracked with user, IP, timestamp
• Rate limiting on auth endpoints and downloads
• Single-use download tokens — backup files cannot be re-fetched with a leaked URL
• SSRF / gzip-bomb / path-traversal protection

📊 Monitoring & Notifications

• Dashboard with statistics, trend charts, recent activity
• Email notifications — success / failure / config change / daily summary
• Batched summary emails — multiple backup results within a 3-minute window are combined into one email instead of N
• Config change emails include the diff — see exactly what changed without opening the dashboard
• Smart noise filtering — timestamps and other auto-changing lines are ignored, no false-positive alerts
• Location-based device grouping with filtering
• Vendor + location filters on the device list

🌐 Platform & UX

• Multi-vendor support — FortiGate, Cisco (IOS/NX-OS/ASA), Juniper, Palo Alto, Brocade, Extreme
• Legacy device compatibility — automatic openssh fallback for older SSH servers
• Dark mode / light mode
• Multi-language UI — English & Turkish
• Modern web UI built with React + Tailwind
• Lightweight — single Go binary, slim Docker image
• Self-hosted — your configs never leave your infrastructure

Quick Start

Requirements

• Docker & Docker Compose

1. Clone the repository

git clone https://github.com/yunuskargi/configbox.git
cd configbox

2. Configure environment variables

cp .env.example .env
# Change the JWT_SECRET value in .env!

3. Run

docker compose up -d

The application will be available at http://localhost:6161.

4. Login

• Username: admin
• Password: admin

It is recommended to change your password after first login.

CLI Commands

# Reset a user's password
docker compose exec backend /configbox reset-password <username> <new-password>

Backup File Structure

backups/
├── fortigate/
│   └── device-name/
│       ├── 2024-01-15_020000.conf
│       └── 2024-01-16_020000.conf
├── juniper/
├── cisco/
├── brocade/
├── extreme/
└── paloalto/

Remote Backup (S3 / Google Drive)

ConfigBox can automatically upload a copy of each backup to S3-compatible storage (AWS, MinIO, Cloudflare R2, Backblaze B2) or Google Drive. Configure via Settings → Remote Backup in the web UI — setup guides are included.

Tech Stack

Component	Technology
Backend	Go (Chi router, sqlx, golang.org/x/crypto/ssh)
Frontend	React + Vite
Database	SQLite (WAL mode)
Auth	JWT + bcrypt + TOTP
Encryption	AES-256-CBC
Scheduler	robfig/cron

Updating / Upgrading

Your data is safe during updates:

• Database → stored in Docker named volume db-data, persists across container rebuilds
• Config backups → stored in ./backups bind mount on your host, untouched during updates
• Schema → uses CREATE TABLE IF NOT EXISTS, no manual migration needed

Update Steps

cd configbox

# Pull latest source
git pull

# Rebuild and restart (containers are recreated automatically, data is preserved)
docker compose up -d --build

Important Notes

Do NOT change JWT_SECRET in .env after initial setup. All device credentials (API tokens, SSH passwords) are encrypted with this key. Changing it will make existing credentials unreadable — you would need to re-enter all device passwords.

Do NOT delete the db-data Docker volume. It contains your SQLite database with all devices, users, backup history, and settings. If you need to check: docker volume ls | grep db-data

Backup your .env file before updating. If you accidentally lose it, you lose your JWT_SECRET and encrypted credentials cannot be recovered.

Security

• Default login is admin/admin — you will be asked to change it on first login
• All credentials (device passwords, API keys, SMTP) are encrypted in the database
• If you expose ConfigBox to the internet, put a reverse proxy with SSL in front (nginx, Traefik, Caddy)
• See .env.example for optional settings like ENCRYPTION_KEY, TRUSTED_PROXY, and FORCE_HTTPS

License

This project is licensed under AGPL-3.0.

Contributing

Pull requests and issues are welcome. For major changes, please open an issue first.