A self-hosted server monitor with a Go backend and a Flutter client (Android). The server exposes a secure API over HTTPS with JWT auth and an optional client key. The Flutter app connects to your server and displays metrics and status.

• Go 1.21+
• Flutter 3.x with Android toolchain (Android SDK, platform tools)
• A Linux host for deploying the server (systemd-based), if you use the provided installer

• server/: Go backend (cmd/server/main.go)
• client/: Flutter app
• server/deploy/install.sh: installer for systemd deployment

cd server
go build -o server ./cmd/server

This produces server/server. You can run it locally for testing:

./server -config ./deploy/config.sample.yaml

Useful flags:

• -config <path>: Path to YAML config
• -gen-cert: Generate a self-signed TLS certificate and exit
• -hash <secret>: Print a bcrypt hash of a secret and exit

Config reference (see server/internal/config/config.go):

• listen_address: e.g. ":8888"
• data_dir: where data and generated TLS live
• tls_cert_path, tls_key_path
• username, password_hash
• jwt_secret (autogenerated if empty)
• access_ttl, refresh_ttl
• client_key_hash (optional; enables X-Client-Key check)
• allowed_cidrs (optional allowlist)

Environment overrides exist for most fields (e.g. SERVER_MONITOR_LISTEN, SERVER_MONITOR_PASSWORD, SERVER_MONITOR_CLIENT_KEY).

1. Build as above so you have server/server.
2. Place the built binary next to the installer or one level up from it:
   • server/deploy/server or server/server (the script checks both).
3. Run the installer as root:

cd server/deploy
sudo ./install.sh

The script will:

• Create system user servermon
• Install to /opt/server-monitor/server
• Create config at /etc/server-monitor/config.yaml
• Generate a self-signed TLS cert
• Hash the provided admin password and client key
• Set up a server-monitor.service systemd unit
• Open port 8888 in firewalld if present

After install:

sudo systemctl status server-monitor
journalctl -u server-monitor -f

Default listen address from the installer is :8888. Update config.yaml to change settings.

From client/:

flutter pub get
flutter run -d <your-android-device-id>

To build a release APK:

flutter build apk --release

In the app, you will be prompted to enter the server base URL and optional client key. Use your server’s HTTPS endpoint:

• Example base URL: https://<server-host>:8888
• Optional X-Client-Key: the plaintext client key you set during install (the server stores a hash)

The app stores multiple server profiles securely and handles login, token refresh, and SSE metrics streaming.

The server generates a self-signed certificate by default. The app accepts it for development. For production, use a trusted certificate and update tls_cert_path/tls_key_path.

• POST /api/auth/login with username, password
• POST /api/auth/refresh
• GET /api/me
• GET /api/metrics
• GET /api/metrics/stream (SSE)

All protected routes require Authorization: Bearer <access_token> and optionally X-Client-Key if configured.

• Verify the server is reachable: curl -k https://<host>:8888/healthz
• If using a firewall, ensure TCP 8888 is open
• Check logs: journalctl -u server-monitor -f
• If login fails, ensure username and password_hash in config match what you set during install

MIT. See LICENSE.