README.md

# OpenVPN Monitor & Profiler

A modern, full-stack management solution for OpenVPN servers. It combines real-time traffic monitoring, historical analytics, and comprehensive user profile/PKI management into a unified web interface. Perfect for both containerized (Docker) and native (Alpine/Debian/Ubuntu) deployments.

## 🏗️ Project Architecture

The project is modularized into four core microservices, split between **Monitoring (Core)** and **Management (Profiler)**:

| Component | Directory | Service Name | Description |
| :--- | :--- | :--- | :--- |
| **User Interface** | `APP_UI/` | `ovp-ui` | Vue 3 + Vite SPA + Nginx. Communicates with both APIs. |
| **Monitoring API** | `APP_CORE/` | `ovp-api` | Flask API for real-time stats, sessions, and bandwidth data. |
| **Data Gatherer** | `APP_CORE/` | `ovp-gatherer` | Background service for traffic log aggregation & TSDB logic. |
| **Profiler API** | `APP_PROFILER/` | `ovp-profiler` | FastAPI module for PKI management, User Profiles, and VPN control. |

## 📦 Quick Start (Docker)

The recommended way to deploy is using Docker Compose:

1.  **Clone the repository**
2.  **Start all services**:
    ```bash
    docker-compose up -d --build
    ```
3.  **Access the Dashboard**: Open `http://localhost` (or your server IP) in your browser.
4.  **Initialize PKI**: On the first run, navigate to the **PKI Configuration** page in the UI and click **Initialize PKI**. This sets up the CA and Easy-RSA workspace.

## ⚙️ Configuration

The system uses a unified configuration approach. Settings can be defined in `config.ini` files or overridden by environment variables following the `OVPMON_{SECTION}_{KEY}` format.

### Key Environment Variables

| Variable | Description | Default Value |
| :--- | :--- | :--- |
| `OVPMON_API_SECRET_KEY` | Unified JWT Secret Key (used by both APIs) | `supersecret` |
| `OVPMON_PROFILER_DB_PATH` | Path to Profiler (users/pki) SQLite DB | `/app/db/ovpn_profiler.db` |
| `OVPMON_OPENVPN_MONITOR_DB_PATH` | Path to Monitoring (traffic) SQLite DB | `/app/db/openvpn_monitor.db` |
| `OVPMON_OPENVPN_MONITOR_LOG_PATH`| Path to OpenVPN status log | `/var/log/openvpn/openvpn-status.log` |
| `OVPMON_LOGGING_LEVEL` | Logging level (INFO/DEBUG) | `INFO` |

## 🛠️ Performance & Environment Awareness

- **Container Transparency**: When running in Docker, the Profiler manages OpenVPN directly to bypass cgroups restrictions.
- **Host Integration**: When running natively on Alpine or Debian/Ubuntu, it automatically switches to `rc-service` or `systemctl`.
- **Persistent Data**: Logs, Certificates (PKI), and Databases are stored in Docker volumes (`ovp_logs`, `ovp_pki`, `db_data`).

## 📚 Development

### Component Development
- **UI**: Uses `composables/useApi.js` to route requests to the appropriate backend service based on URL.
- **Profiler**: Clean Python/FastAPI code with SQLAlchemy models. Supports "staging" local mode for development without root access.
- **Core**: Lightweight Flask services focused on high-performance log parsing.

---

### ⚠️ Important Notes

1.  **Privileged Mode**: The `ovp-profiler` container requires `NET_ADMIN` capabilities for iptables and TUN management.
2.  **Network Setup**: Ensure `net.ipv4.ip_forward=1` is enabled (handled automatically in the docker-compose `sysctls` section).
3.  **JWT Safety**: Always change the `OVPMON_API_SECRET_KEY` in production.
new awesome build 2026-01-28 22:37:47 +03:00			`# OpenVPN Monitor & Profiler`
move from PHP to VUE, improved Certificate listning 2026-01-09 10:30:49 +03:00
update main README.md 2026-02-07 15:23:23 +03:00			`A modern, full-stack management solution for OpenVPN servers. It combines real-time traffic monitoring, historical analytics, and comprehensive user profile/PKI management into a unified web interface. Perfect for both containerized (Docker) and native (Alpine/Debian/Ubuntu) deployments.`
move from PHP to VUE, improved Certificate listning 2026-01-09 10:30:49 +03:00
docker environment control improvement 2026-02-06 09:02:59 +03:00			`## 🏗️ Project Architecture`
move from PHP to VUE, improved Certificate listning 2026-01-09 10:30:49 +03:00
update main README.md 2026-02-07 15:23:23 +03:00			`The project is modularized into four core microservices, split between Monitoring (Core) and Management (Profiler):`
move from PHP to VUE, improved Certificate listning 2026-01-09 10:30:49 +03:00
docker environment control improvement 2026-02-06 09:02:59 +03:00			`\| Component \| Directory \| Service Name \| Description \|`
			`\| :--- \| :--- \| :--- \| :--- \|`
update main README.md 2026-02-07 15:23:23 +03:00			\| User Interface \| `APP_UI/` \| `ovp-ui` \| Vue 3 + Vite SPA + Nginx. Communicates with both APIs. \|
			\| Monitoring API \| `APP_CORE/` \| `ovp-api` \| Flask API for real-time stats, sessions, and bandwidth data. \|
			\| Data Gatherer \| `APP_CORE/` \| `ovp-gatherer` \| Background service for traffic log aggregation & TSDB logic. \|
			\| Profiler API \| `APP_PROFILER/` \| `ovp-profiler` \| FastAPI module for PKI management, User Profiles, and VPN control. \|
docker environment control improvement 2026-02-06 09:02:59 +03:00
			`## 📦 Quick Start (Docker)`

			`The recommended way to deploy is using Docker Compose:`

			`1. Clone the repository`
			`2. Start all services:`
			```bash
			`docker-compose up -d --build`
			```
update main README.md 2026-02-07 15:23:23 +03:00			3. Access the Dashboard: Open `http://localhost` (or your server IP) in your browser.
			`4. Initialize PKI: On the first run, navigate to the PKI Configuration page in the UI and click Initialize PKI. This sets up the CA and Easy-RSA workspace.`
docker environment control improvement 2026-02-06 09:02:59 +03:00
			`## ⚙️ Configuration`

update main README.md 2026-02-07 15:23:23 +03:00			The system uses a unified configuration approach. Settings can be defined in `config.ini` files or overridden by environment variables following the `OVPMON_{SECTION}_{KEY}` format.
docker environment control improvement 2026-02-06 09:02:59 +03:00
			`### Key Environment Variables`

			`\| Variable \| Description \| Default Value \|`
new awesome build 2026-01-28 22:37:47 +03:00			`\| :--- \| :--- \| :--- \|`
update main README.md 2026-02-07 15:23:23 +03:00			\| `OVPMON_API_SECRET_KEY` \| Unified JWT Secret Key (used by both APIs) \| `supersecret` \|
			\| `OVPMON_PROFILER_DB_PATH` \| Path to Profiler (users/pki) SQLite DB \| `/app/db/ovpn_profiler.db` \|
			\| `OVPMON_OPENVPN_MONITOR_DB_PATH` \| Path to Monitoring (traffic) SQLite DB \| `/app/db/openvpn_monitor.db` \|
docker environment control improvement 2026-02-06 09:02:59 +03:00			\| `OVPMON_OPENVPN_MONITOR_LOG_PATH`\| Path to OpenVPN status log \| `/var/log/openvpn/openvpn-status.log` \|
			\| `OVPMON_LOGGING_LEVEL` \| Logging level (INFO/DEBUG) \| `INFO` \|
move from PHP to VUE, improved Certificate listning 2026-01-09 10:30:49 +03:00
update main README.md 2026-02-07 15:23:23 +03:00			`## 🛠️ Performance & Environment Awareness`
move from PHP to VUE, improved Certificate listning 2026-01-09 10:30:49 +03:00
update main README.md 2026-02-07 15:23:23 +03:00			`- Container Transparency: When running in Docker, the Profiler manages OpenVPN directly to bypass cgroups restrictions.`
			- Host Integration: When running natively on Alpine or Debian/Ubuntu, it automatically switches to `rc-service` or `systemctl`.
			- Persistent Data: Logs, Certificates (PKI), and Databases are stored in Docker volumes (`ovp_logs`, `ovp_pki`, `db_data`).
move from PHP to VUE, improved Certificate listning 2026-01-09 10:30:49 +03:00
update main README.md 2026-02-07 15:23:23 +03:00			`## 📚 Development`
move from PHP to VUE, improved Certificate listning 2026-01-09 10:30:49 +03:00
update main README.md 2026-02-07 15:23:23 +03:00			`### Component Development`
			- UI: Uses `composables/useApi.js` to route requests to the appropriate backend service based on URL.
			`- Profiler: Clean Python/FastAPI code with SQLAlchemy models. Supports "staging" local mode for development without root access.`
			`- Core: Lightweight Flask services focused on high-performance log parsing.`
new calculation approach with unique sessions, new API endpoint to get list of active sessions, fix for UNDEF user, UI and Back to support certificate management still under development 2026-01-12 11:44:50 +03:00
			`---`

update main README.md 2026-02-07 15:23:23 +03:00			`### ⚠️ Important Notes`
move from PHP to VUE, improved Certificate listning 2026-01-09 10:30:49 +03:00
update main README.md 2026-02-07 15:23:23 +03:00			1. Privileged Mode: The `ovp-profiler` container requires `NET_ADMIN` capabilities for iptables and TUN management.
			2. Network Setup: Ensure `net.ipv4.ip_forward=1` is enabled (handled automatically in the docker-compose `sysctls` section).
			3. JWT Safety: Always change the `OVPMON_API_SECRET_KEY` in production.