Fork: 0
yangyangxie / aegis-public
Download ZIP 36 commits
Transfer to URL with SHA
latest commit ce683d4fd1
@Yang Yang Xie Yang Yang Xie authored 8 days ago
.github/ ISSUE_TEMPLATE Initial release — Aegis v1.0.0 13 days ago
configs Overhaul docs for auto-bootstrap, Local CA, and whoami tutorial 11 days ago
docs Add Part 4: AI-driven protection — cluster disable/re-enable with Owl 11 days ago
envoy Overhaul docs for auto-bootstrap, Local CA, and whoami tutorial 11 days ago
scripts docs: add detailed README in scripts folder explaining the demo traffic generator architecture 12 days ago
CHANGELOG.md docs: add v1.1.0 changelog and update README with Protection features 8 days ago
LICENSE Update author name to Jerry Xie 13 days ago
README.md docs: add v1.1.0 changelog and update README with Protection features 8 days ago
docker-compose.yml Fix two bugs from remote: service name and IPv6 DNS 11 days ago
README.md

Aegis

Aegis

Self-hosted Envoy gateway · AI threat analysis · TLS automation · Real-time dashboard

Docker Pulls Version License

Aegis sits between the internet and your services — one container that controls Envoy Proxy in real time, blocks threats automatically, manages TLS certificates, and lets you chat with your gateway through an AI assistant.

Live dashboard

Quick start

mkdir aegis && cd aegis

curl -O https://raw.githubusercontent.com/axieyangb/aegis/main/docker-compose.yml
mkdir envoy
curl -o envoy/envoy.yaml https://raw.githubusercontent.com/axieyangb/aegis/main/envoy/envoy.yaml

docker compose up -d

Open http://localhost:8765 — default login: admin / changeme.

Edit docker-compose.yml and set ADMIN_PASSWORD before exposing to the network.

On first boot Aegis seeds a working gateway baseline — HTTP (port 10080) and HTTPS (port 10443) listeners ready to accept filter chains.

Features

🦉 Owl AI Assistant Owl Chat Chat with your gateway in plain English. Owl analyses traffic, surfaces threats, and can configure your gateway end-to-end — clusters, certs, filter chains — from a single prompt. 🛡 Envoy Gateway Control Gateway Visual editor for listeners, filter chains, and clusters. Changes are validated and pushed live to Envoy via xDS — no restarts, no YAML files.
🔍 IP Intelligence IP Intelligence Every IP auto-profiled: geolocation, ASN, VPN/Tor detection, AbuseIPDB score, and full request history. AI patrol sweeps run in the background and auto-block threats. 🔒 TLS Automation Certs ACME auto-renewal (Let's Encrypt, ZeroSSL), HTTP-01 & DNS-01 challenges, and a built-in Local CA for internal services — all pushed directly to Envoy SDS.
🔔 AI Patrol & Alerts Patrol Scheduled AI sweeps classify traffic around the clock. Blocks and anomalies are pushed to Telegram, Discord, Slack, or webhook. 📱 Mobile-ready Mobile Full dashboard and Owl chat from any device. Ask Owl what happened in the last two hours — it triages threats, blocks IPs, and confirms — all from your phone.
🚧 Protection & Maintenance Styled 403/429 block pages with a customisable contact message — replace bare status codes with a branded denial page. Maintenance mode puts any listener (or a single SNI domain) into a 503 page while leaving all other services online. Preview pages inline before pushing to Envoy. ⚡ Per-Domain Maintenance via Owl Ask Owl to put a single domain into maintenance while the rest of your services stay live: Owl calls gateway_list_listeners to discover the SNI, then targets only that filter chain — no manual JSON editing required.

Architecture

Internet ──▶ Envoy Proxy ──▶ Your services
                  │
          gRPC xDS (port 18000)
                  │
             ┌────▼─────┐
             │  Aegis   │  port 8765
             │          │
             │ xDS CP   │  controls Envoy live
             │ Analytics│  reads Envoy ALS logs
             │ AI Engine│  classifies IPs
             │ Cert Mgr │  ACME + Local CA → Envoy SDS
             │ Dashboard│  web UI + REST API
             └──────────┘

linux/amd64 and linux/arm64 — runs on x86 servers, Raspberry Pi, Synology NAS, and Apple Silicon.

Configuration

Variable Default Description
PORT 8765 Dashboard + API port
XDS_PORT 18000 Envoy gRPC xDS port
DATA_DIR /data Persistent data directory
ADMIN_USERNAME admin Admin username
ADMIN_PASSWORD aegis Admin password — change this
AUTH_ENABLED true Require login
BLOCK_ENABLED true Enable auto IP blocking
NODE_ID home Envoy node ID (must match envoy.yaml)

Data is persisted at /data/aegis.db (SQLite). Mount a volume to keep data across container updates.

Docs & Tutorials

Tutorial series: Exposing a service with Aegis

# Tutorial Description
01 Local HTTPS with a whoami service Configure the gateway manually through the UI
02 Configure the Gateway with Owl AI Same setup — let Owl AI do the configuration from a single prompt
03 Understanding the Dashboard Read live traffic data and analyse request patterns with Owl
04 AI-Driven Protection Use Owl to disable a service under attack and bring it back

Videos

Self-Host a Service with HTTPS — Aegis Gateway + No-IP DDNS + Let's Encrypt Self-Host a Service with HTTPS
Install Aegis, port-forward your router, set up No-IP DDNS, and issue a Let's Encrypt cert — ending with a live public HTTPS service.		 AI Configures HTTPS Gateway and TLS Certificates — Aegis + Owl AI AI Configures HTTPS Gateway and TLS Certificates
One prompt to Owl AI sets up the cluster, issues a certificate, and wires the filter chain — no YAML, no restarts.

License

Distributed as a compiled binary. Source code is proprietary. See LICENSE.

Community tier is free forever. Pro unlocks unlimited notification channels, longer log retention, and unlimited AI patrol sweeps.

About

Built by Jerry Xie — formerly network security at Palo Alto Networks, now Senior Software Engineer specialising in identity, distributed cloud, Kubernetes, and AI. Aegis started as a home lab project and grew into a product.

Issues & feature requests: GitHub Issues
Enterprise / custom integrations: yyangxie@gmail.com