Self-hosted dashboard to manage your aaPanel servers from one place β backed by the most complete verified API documentation for aaPanel (Node.js projects, server monitoring, and more).
π Language: English Β· Π ΡΡΡΠΊΠΈΠΉ
aaPanel (the international edition of the BT Panel) is a popular web control panel for Linux servers β but its HTTP API is only partly documented, and running several panels means logging into each one separately. This repository solves both problems:
- The app β a self-hosted Next.js dashboard that manages many aaPanel servers through a secure backend proxy. The browser never talks to a panel directly; your
api_sksecrets stay encrypted on your own server. - The docs β real, verified request/response examples for the aaPanel API, including the parts the official docs skip (Node.js project management in particular).
Key finding: a single permanent api_sk key, used at the panel root, covers both the official endpoints (/system?action=β¦) and the internal ones (/v2/project/nodejs/β¦) β so one stable key manages everything.
- π₯οΈ Multi-server β add / edit / remove aaPanel servers;
api_skencrypted at rest (AES-256-GCM) - π’ Node.js projects β list, status, info, logs, start / stop / restart, create / modify / delete
- π Live monitoring β CPU / RAM / disk with auto-refresh (in-process polling + Server-Sent Events)
- π₯ Users & roles β admin / viewer, user management, self password change
- π Secure by design β backend proxy; secrets never reach the browser; audit log of every change
- π i18n & themes β English / Russian, light / dark
Status: actively developed. Multi-server, Node.js projects, monitoring and user management work today. Databases, files, FTP, cron and firewall are already covered in the API docs and are on the roadmap for the app.
Servers (dark theme) |
Add a server |
Users & roles |
Versions & updates |
Next.js 16 (App Router Β· React Server Components Β· Server Actions) Β· React 19 Β· TypeScript Β· Prisma 7 + PostgreSQL Β· Auth.js v5 Β· Tailwind v4 Β· Docker.
Requirements: Node 24, pnpm 11 (corepack enable), PostgreSQL.
git clone https://github.com/vsgrade/aapanel-manager.git
cd aapanel-manager/web
pnpm install
cp .env.example .env # set DATABASE_URL, AUTH_SECRET, APP_ENCRYPTION_KEY
pnpm prisma migrate deploy
pnpm dev # http://localhost:3000For production (Docker images, releasing by tag, self-update) see docs/RELEASING.md.
| Document | Contents |
|---|---|
| π Overview | What the aaPanel API is; two auth schemes; the discoverβexecute recipe |
| π Authentication | api_sk key (recommended) vs session; request signing; SSL; security |
| π’ Node.js Projects | list, info, scripts, versions, start/stop β with real responses |
| π Websites (PHP/WP) | list, create, delete sites |
| ποΈ Databases | MySQL + PostgreSQL CRUD (each engine has its own API) |
| π Files (File Manager) | list/create/edit/move/copy/permissions/archive/upload/remote-download/delete + recycle bin |
| π FTP | FTP users: list, create, change password, enable/disable, delete |
| β±οΈ Cron (Scheduler) | tasks: list, create, run now, logs, enable/disable, delete |
| π‘οΈ Firewall (Security) | read firewall state: status, summary, port rules (writes via recipe) |
| π Server Monitoring | CPU / RAM / disk (GetSystemTotal, GetDiskInfo) |
A ready-to-use TypeScript wrapper (api_sk or session auth): examples/javascript/aapanel-client.ts.
import { AaPanelClient } from "./examples/javascript/aapanel-client";
const client = new AaPanelClient({
baseUrl: process.env.AAPANEL_BASE_URL!, // https://<server>:<port> (root!)
auth: { mode: "apiKey", apiSk: process.env.AAPANEL_API_SK! },
insecureTLS: true, // self-signed cert
});
await client.listProjects(); // names, status (running/stopped), CPU/RAM
await client.getSystemTotal(); // server CPU / RAM / cores
await client.startProject("myapp");
β οΈ Server-side only.api_skgrants full server access β never expose it in browser code. See Authentication β Security.
Undocumented feature? Open the panel β DevTools (Network) β click it β inspect the request β replay the same path and body with api_sk auth. See Authentication.
API documentation
- Node.js project management (create, list, info, scripts, versions, start/stop/restart, modify, delete)
- Websites (PHP/WP): list, create, delete
- Databases (MySQL + PostgreSQL CRUD)
- Files / File Manager (CRUD, permissions, archive, upload, remote download, recycle bin)
- FTP users (CRUD, password, enable/disable)
- Cron / Task Scheduler (CRUD, run now, logs, enable/disable)
- Firewall (read state: status, summary, port rules β writes via recipe)
- Server monitoring (CPU/RAM/disk)
- Verified
api_skcovers internal endpoints too - More modules (SSL, domains, backups)
App
- Multi-server management (encrypted
api_sk, test connection, audit log) - Node.js projects (CRUD + control + logs)
- Live monitoring (in-process polling + SSE)
- Users & roles, authentication
- Version display + update settings
- Databases / Files / FTP / Cron / Firewall sections in the app
- Update / rollback actions
Unofficial documentation. Verified on aaPanel v8; behavior may change between versions β verify against your own panel. Official docs: aapanel.com/docs.