Skip to content
github-actions[bot] edited this page May 16, 2026 · 12 revisions

Muximux Wiki

OWASP ASVS Security Codecov Quality Gate

Muximux is a modern, self-hosted web application portal for your homelab. It runs as a single binary, serves on a single port, and stores all configuration in one YAML file. Add your self-hosted applications, organize them into groups, and access them from a unified dashboard with health monitoring, keyboard shortcuts, and a built-in reverse proxy.

Muximux dashboard

How You Can Use Muximux

Muximux is designed to fit your setup, from a simple dashboard to a full reverse proxy appliance.

Dashboard only -- Run Muximux behind your existing reverse proxy (Traefik, nginx, Caddy, etc.) with auth: none and let your proxy handle TLS and authentication. Apps open via their direct URLs or in iframes. This is the simplest setup.

Dashboard + built-in reverse proxy -- Same as above, but enable proxy: true on apps that don't work in iframes. Muximux proxies those apps through /proxy/{slug}/, stripping iframe-blocking headers and rewriting paths. This works in all deployment modes -- no extra configuration needed.

Full reverse proxy appliance -- Use Muximux as your only reverse proxy. Configure tls.domain for automatic HTTPS and declare your other services under gateway_sites: (or set them up in Settings -> Gateway) to serve them on their own subdomains. Caddy handles TLS certificates, HTTP-to-HTTPS redirects, and routing -- all from one binary. Optionally gate each subdomain behind the Muximux login (require_auth: true) so one sign-in covers your whole homelab. See TLS & HTTPS and Gateway Auth Gate for full walkthroughs.

Table of Contents

  • Installation -- Docker, binary, and building from source
  • Getting Started -- First launch, onboarding wizard, and initial setup
  • Configuration Reference -- Full config.yaml format and all available options
  • Apps -- Adding, configuring, and managing applications
  • Built-in Reverse Proxy -- Proxying app traffic through Muximux
  • Docker Discovery -- Auto-import containers as apps with a background refresh poller
  • Security Overview -- Security measures, OWASP ASVS compliance, and hardening details
  • Authentication -- Built-in auth, forward auth, and OIDC
    • Microsoft Entra ID -- step-by-step OIDC setup, including readable group names
    • Keycloak -- realm-based OIDC client with the groups mapper
    • Authentik -- OAuth2 / OpenID provider with the groups scope
    • Pocket ID -- minimal self-hosted IdP with passkey sign-in
    • Zitadel -- self-hosted IdP with project roles as groups
    • Google -- consumer + Workspace accounts (no group support)
    • Authelia -- forward auth via Traefik / Nginx / Caddy, or OIDC mode
    • Cloudflare Access -- forward auth via Cloudflare Zero Trust
  • TLS & HTTPS -- Automatic certificates, custom certificates, and gateway mode
  • Gateway Examples -- Recipes for proxying common homelab services
  • Gateway Auth Gate -- Single sign-on across gateway subdomains
  • Navigation & Layout -- Sidebar positions, auto-hide, labels, and display options
  • Split View -- Side-by-side or stacked app panels with draggable divider
  • Themes -- Built-in themes, custom themes, and CSS custom properties
  • Health Monitoring -- Opt-in health checks and status indicators
  • Keyboard Shortcuts -- Default shortcuts and custom keybindings
  • Icons -- Dashboard Icons, Lucide icons, custom icons, and caching
  • Deployment Guide -- Production deployment, reverse proxies, and networking
  • Troubleshooting -- Common issues and solutions
  • API Reference -- REST API endpoints for programmatic access

Clone this wiki locally