project-pegaprox
PegaProx is an open-source web dashboard for managing multiple Proxmox VE and XCP-ng hypervisor clusters from a single interface. It provides unified VM/container management, live migration, load balancing, backup scheduling, and multi-user role-based access control.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | PegaProx/project-pegaprox |
| Owner | PegaProx |
| Primary language | JavaScript |
| License | AGPL-3.0 — OSI-approved |
| Stars | 1.3k |
| Forks | 89 |
| Open issues | 30 |
| Latest release | v0.9.14 (2026-07-05) |
| Last updated | 2026-07-08 |
| Source | https://github.com/PegaProx/project-pegaprox |
What project-pegaprox is
JavaScript-based multi-cluster orchestration platform with real-time SSE metrics, cross-hypervisor migration support (Proxmox, XCP-ng, ESXi), snapshot replication, LDAP/OIDC authentication, full-database AES-256 encryption, audit logging with SIEM forwarding, and Ceph storage integration.
Get the project-pegaprox source
Clone the repository and explore it locally.
git clone https://github.com/PegaProx/project-pegaprox.gitcd project-pegaprox# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Beta status (v0.9.14-beta): production use should include staged rollout, automated backups of PegaProx config, and fallback to native Proxmox UI. Breaking changes possible before 1.0.
- Deployment requires Linux x86_64 host (or verify on your platform); database encryption at rest only supported there. Plan master-key storage (env var, systemd credential, or /etc/pegaprox/secret.key) separately from config backups.
- LDAP/OIDC integration mandatory for multi-team/multi-tenant setups; local auth alone scales poorly. Test LDAP/Entra/Keycloak bindings pre-deployment.
- Audit log and SIEM forwarding (Splunk, Elasticsearch, Loki, Syslog) require pre-configured targets and TLS certificate pinning. Plan log retention and search infrastructure.
- Cost and power dashboards require historical metrics; enable CPU/RAM/storage tracking on all nodes and let PegaProx accumulate baseline data (days to weeks) before reliable reporting.
When to avoid it — and what to weigh
- Proprietary/Closed-Source Requirement — AGPL-3.0 requires source disclosure if you modify and redistribute. If your compliance policy forbids copyleft licenses or mandates vendor lock-in, this is unsuitable.
- Non-Linux/x86_64 Deployments — Database encryption (SQLCipher AES-256) is documented only for Linux x86_64. ARM, Windows Server, or other architectures may lack full encryption support; requires review before deployment.
- Single-Cluster or Small-Scale Ops — Overhead of multi-cluster management, RBAC, and audit infrastructure may not justify complexity for teams running one small Proxmox cluster with basic VM needs. Native Proxmox UI or simpler tools suffice.
- Unsupported Hypervisor Environments — Limited or no support for Hyper-V, KVM standalone, or bare-metal clouds outside Proxmox/XCP-ng/ESXi. Requires compatible hypervisor stack.
License & commercial use
AGPL-3.0 (GNU Affero General Public License v3.0). This is a copyleft license requiring source code disclosure of any modified versions if you offer them as a service or distribute them. Internal use without redistribution (e.g., self-hosted, private deployment) is permitted without source disclosure, but commercial hosting/SaaS requires license review.
AGPL-3.0 permits private self-hosted deployment for commercial operations without source disclosure. However, if you modify PegaProx and offer it as a service (hosted/SaaS), or integrate it into a commercial product you redistribute, you must provide source code access. Commercial support/sponsorships are separate; consult legal counsel on your specific use case before deploying at scale.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Strong |
| License clarity | Clear |
| Deployment complexity | High |
| DEV.co fit | Strong |
| Assessment confidence | High |
Full-database encryption (AES-256-CBC + HMAC-SHA512, SQLCipher v4) on Linux x86_64; multi-tier master-key loading (env/systemd/file). Sensitive fields Fernet-encrypted elsewhere. TOTP 2FA, WebAuthn/FIDO2, LDAP/OIDC support. IP whitelisting/blacklisting, fine-grained VM-level ACLs, HMAC-signed tamper-evident audit log (RFC 5424 Syslog compatible). CVE scanner (debsecan), CIS hardening audits, config drift detection. Aikido audit badge linked but no CVE history provided; assume pre-release phase carries residual risk. Do not assume 'secure' without review of the full audit report and your threat model.
Alternatives to consider
Proxmox Backup Server (PBS)
Native Proxmox backup tool; simpler for backup-only use cases but lacks multi-cluster orchestration, load balancing, and ESXi migration features.
Terraform + Ansible + Proxmox Provider
IaC-driven approach for multi-cluster VM provisioning; more granular control, version-controlled, but requires coding and no Web UI; better for GitOps shops.
Canonical Landscape / Ubuntu Pro
Enterprise Linux management for Ubuntu-based Proxmox nodes; covers updates, compliance scanning, but does not replace hypervisor cluster orchestration or VM migration.
Build on project-pegaprox with DEV.co software developers
Evaluate PegaProx in a staging cluster with your topology. Verify AGPL-3.0 compliance with legal, test LDAP/OIDC and encryption on your platform, and plan audit log forwarding. Document your fallback strategy to native Proxmox UI. Start small, scale with confidence.
Talk to DEV.coRelated on DEV.co
Explore the category and the services that help you build with it.
project-pegaprox FAQ
Can I use PegaProx in production today?
Do I need to open-source my modifications if I self-host PegaProx privately?
What hypervisors does PegaProx support?
Does PegaProx work on ARM, Windows, or non-x86_64 Linux?
Work with a software development agency
Adopting project-pegaprox is usually one piece of a larger software development effort. As a software development agency, DEV.co provides software development services and web development expertise — pairing senior software developers and web developers with your team to design, build, and operate open-source devops software in production.
Ready to Unify Your Hypervisor Infrastructure?
Evaluate PegaProx in a staging cluster with your topology. Verify AGPL-3.0 compliance with legal, test LDAP/OIDC and encryption on your platform, and plan audit log forwarding. Document your fallback strategy to native Proxmox UI. Start small, scale with confidence.