Unified Freebox + UniFi management + Network Scanner.
📖 Read in French (Lire en français)
Powered by
A multi-source network dashboard to manage Freebox, UniFi and Network Scanner
Installation | Features | Configuration | Analytics | Home Assistant
MynetworK is a unified dashboard to manage and monitor multiple local network data sources:
- Freebox - Full management of your Freebox (Ultra, Delta, Pop)
- UniFi Controller - Monitor and manage your UniFi infrastructure
- Network Scan - Device discovery and analysis with automatic vendor detection
- 🔐 User authentication - JWT system with role management (admin, user, viewer)
- 🔌 Plugin system - Modular architecture to easily add new data sources
- 📊 Unified dashboard - Centralized view of all plugin data
- 📝 Full logging - Traceability of all actions with advanced filters
- 👥 User management - Administration interface to manage access
- 🐳 Docker ready - Simplified deployment with Docker Compose
- 🌐 Internationalization (i18n) - English (default) and French; language switcher in header. See Docs/INTERNATIONALIZATION.md.
Tip
🖼️ Click to view other screenshots
Note
A dedicated and fully functional version for Home Assistant is available here: https://github.com/Erreur32/HA_mynetwork
- Docker and Docker Compose
- Local network access to Freebox/UniFi
services:
mynetwork:
image: ghcr.io/erreur32/mynetwork:latest
restart: unless-stopped
ports:
# Dashboard external port (default: 7505)
- "${DASHBOARD_PORT:-7505}:3000"
environment:
# Required secret (no fallback in production)
JWT_SECRET: ${JWT_SECRET}
# Configuration
CONFIG_FILE_PATH: ${CONFIG_FILE_PATH:-/app/config/mynetwork.conf}
FREEBOX_HOST: ${FREEBOX_HOST:-mafreebox.freebox.fr}
FREEBOX_TOKEN_FILE: /app/data/freebox_token.json
# Host metrics access
HOST_ROOT_PATH: ${HOST_ROOT_PATH:-/host}
# PUBLIC_URL (optional, only with reverse proxy)
# PUBLIC_URL: https://dashboard.example.com
volumes:
# Persistent data (Freebox token, local DB, etc.)
- ./data:/app/data
# Host metrics (read-only) — CPU, RAM, network, ARP table, hostname
- /proc:/host/proc:ro
- /sys:/host/sys:ro
- /etc/hostname:/host/etc/hostname:ro
- /etc/hosts:/host/etc/hosts:ro
# Network capabilities for scan (ping / ARP)
cap_add:
- NET_RAW
- NET_ADMIN
- SETUID
- SETGID
cap_drop:
- ALL
healthcheck:
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://127.0.0.1:3000/api/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s
Important
v0.7.80 Breaking Change: Docker volumes have changed. /:/host:ro and docker.sock mounts removed for security. See CHANGELOG for migration instructions.
Launch:
# Start with Docker Compose
docker-compose up -d
# View logs
docker-compose logs -f
# Stop
docker-compose down
# Update image
docker-compose pull
docker-compose up -dRecommendation: Use the .env file (.env at project root); Docker Compose reads it automatically and injects JWT_SECRET into the container.
For more details, see the Secure JWT_SECRET configuration section for all configuration methods, security best practices and verification.
The dashboard will be available at:
- http://localhost:7505 - from the host machine
- http://SERVER_IP:7505 - from another device on the network
Advanced configuration
You can use an external .conf file for configuration:
-
Create the config file:
cp config/mynetwork.conf.example config/mynetwork.conf # Edit config/mynetwork.conf to your needs -
Mount the file in Docker:
Uncomment the line indocker-compose.yml:volumes: - mynetwork_data:/app/data - ./config/mynetwork.conf:/app/config/mynetwork.conf:ro
-
Automatic sync:
- On startup, if the
.conffile exists → import into the database - If the file does not exist → export current configuration
- On startup, if the
-
API endpoints:
GET /api/config/export- Export current configurationPOST /api/config/import- Import from fileGET /api/config/file- Check file statusPOST /api/config/sync- Manual sync
If you use nginx as a reverse proxy in front of MynetworK, set PUBLIC_URL to the public URL (via nginx), not the Docker container URL.
Case 1: Without nginx (direct access)
No PUBLIC_URL needed. The app works on the mapped port (e.g. http://YOUR_IP:7505).
Case 2: With nginx (reverse proxy)
- Nginx config: See
Docs/nginx.example.conffor a full example. - docker-compose.yml:
environment: - PUBLIC_URL=http://mynetwork.example.com # Or with HTTPS: # - PUBLIC_URL=https://mynetwork.example.com
- Minimal nginx example:
server { listen 80; server_name mynetwork.example.com; location / { proxy_pass http://192.168.1.150:7505; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_cache_bypass $http_upgrade; } }
- Benefits of nginx: SSL/HTTPS (e.g. Let's Encrypt), multiple services on one server, caching, clean URLs.
See Docs/nginx.example.conf for a complete HTTP/HTTPS setup.
Secure JWT_SECRET configuration
Critical – Security: The default JWT secret (change-me-in-production-please-use-strong-secret) is for development only. In production you must set the JWT_SECRET environment variable to a unique, strong value.
JWT_SECRET is used to sign and verify JWT authentication tokens. A weak or default secret allows an attacker to:
- Forge valid JWTs and impersonate any user
- Access the system without authentication (full admin access)
- Compromise all users and their data
- Change permissions and access restricted features
JWT_SECRET is loaded at server startup in server/services/authService.ts from process.env.JWT_SECRET. If unset, the default value is used and a warning is logged. The secret is used to sign tokens on login and verify them on authenticated requests.
Docker Compose automatically reads .env at project root.
-
Generate a strong secret (at least 32 characters):
# Linux/macOS: openssl rand -base64 32 # Windows PowerShell: [Convert]::ToBase64String((1..32 | ForEach-Object { Get-Random -Maximum 256 }))
-
Create a
.envfile at project root:# .env JWT_SECRET=your_generated_secret_here_minimum_32_chars DASHBOARD_PORT=7505 FREEBOX_HOST=mafreebox.freebox.fr PUBLIC_URL=https://mynetwork.example.com -
Restrict permissions:
chmod 600 .env
-
Start with Docker Compose:
docker-compose up -d
echo "JWT_SECRET=$(openssl rand -base64 32)" > .env.production
docker-compose --env-file .env.production up -dAfter startup, check that a custom secret is in use:
docker-compose logs | grep -i "jwt\|secret"If you see a warning like: "Using default JWT secret. Please set JWT_SECRET...", then JWT_SECRET was not set correctly.
In the web UI: Administration → Security → JWT configuration section shows whether the default secret is used.
- Length: At least 32 characters (64 recommended)
- Random: Use random data, not predictable passwords
- Unique: Each production instance should have its own secret
- Storage: Restrict
.envpermissions (chmod 600), add.envto.gitignore, use a secrets manager for critical deployments - Rotation: Change the secret periodically (e.g. every 6–12 months) or if compromise is suspected
- Dev vs prod: Use different secrets for development and production
- Generate a new secret:
openssl rand -base64 32 - Update
.env:JWT_SECRET=new_secret - Restart:
docker-compose restart - All users will need to log in again (existing tokens are invalidated).
# .env – Production
JWT_SECRET=your_openssl_generated_secret_here
DASHBOARD_PORT=7505
FREEBOX_HOST=mafreebox.freebox.fr
PUBLIC_URL=https://mynetwork.example.com- Open the dashboard (http://localhost:7505 or your server IP).
- Log in with default credentials:
- Username:
admin - Password:
admin123
- Username:
- Change the password immediately after first login.
- Configure your plugins in the Plugins page.
Features
- Multi-source statistics - Unified view of all plugin data
- Real-time charts - Throughput, connections, stats
- Network overview - Global state of your infrastructure
- Centralized configuration - UI to configure each plugin
- Enable/disable - Fine-grained control of each data source
- Connection status - Check each plugin’s state
- Full dashboard - All Freebox features (WiFi, LAN, Downloads, VMs, TV, Phone)
- Compatibility - Ultra, Delta, Pop
- Native API - Official Freebox OS API
- Network monitoring - AP stats, clients, traffic
- Multi-site - Multiple UniFi sites
- Real-time data - Automatic stats updates
- Dual API - Local Controller (node-unifi) and Site Manager API (cloud)
- Stats badges - System stats in header (throughput, uptime, devices)
- Auto discovery - Full local network scan (IPs, MAC, hostnames)
- Vendor detection - Automatic manufacturer identification (Wireshark DB, Freebox/UniFi, or external API)
- Scheduled scans - Periodic full scan and refresh
- History - Device evolution over time with charts
- Wireshark vendor DB - Full integration with Wireshark
manufand auto-update - Priority system - Hostname/vendor detection order (Freebox, UniFi, Scanner)
- Modern UI - Interactive table with sort, filters, search and inline hostname editing
- Full CRUD - Create, edit, delete users
- Roles - Permissions (admin, user, viewer)
- Security - Passwords hashed with bcrypt
- Full traceability - All actions logged
- Advanced filters - By user, plugin, action, level, period
- Export - Log export (planned)
Architecture
MynetworK uses a modular architecture:
- React frontend (TypeScript) - Modern UI
- Express backend (TypeScript) - REST API and WebSocket
- SQLite database - Configuration and data storage
- Plugin system - Extensible architecture for new data sources
See DEV/ARCHITECTURE_PLUGINS.md for details.
Documentation
- CHANGELOG.md - Change log and new features
See DEV/README-DEV.md for development documentation.
Main docs:
- DEV/DOCUMENTATION.md - Documentation index
- DEV/GUIDE_DEVELOPPEMENT.md - Developer guide
- DEV/ARCHITECTURE_PLUGINS.md - Plugin architecture
Docs folder (Docs/): Setup and production guides (UniFi, Freebox, env vars, Nginx, troubleshooting, reset). Key docs have English and French versions (see Docs/README.md).
Important
A dedicated fully functional version for Home Assistant is available:
- HACS integration ready
- Add-on support
- Optimized for HA Supervisor/Docker
- Auto-discovery of Freebox/UniFi networks
See HA Repo for installation.
MynetworK includes anonymous usage analytics powered by Rybbit, a privacy-focused, open-source analytics platform. This helps the maintainers understand how the application is used (page views only) without collecting any personal data.
- No cookies — Rybbit is cookie-free
- No personal data — no IP addresses, no user identifiers, no tracking across sites
- Page views only — only page navigation events are recorded
- Self-hosted — the analytics server is self-hosted, data never reaches third parties
- Opt-out at build time — set
VITE_ANALYTICS_SITE_ID=""to disable completely:docker build --build-arg VITE_ANALYTICS_SITE_ID="" .
Analytics are baked into the frontend at Docker build time via these build args (defined in Dockerfile):
VITE_ANALYTICS_HOST=https://way.myoueb.fr
VITE_ANALYTICS_SITE_ID=b537d015834e
If both variables are empty or unset, no analytics code runs at all.
- JWT authentication - Secure tokens with expiration
- Password hashing - bcrypt with salt rounds
- Auth middleware - Protection of sensitive routes
- Action logging - Full traceability
- Role-based access - Granular permissions
Contributions are welcome.
- Follow existing code style (4 spaces, camelCase, comments in English)
- Add TypeScript types for new code
- Test changes before submitting
- Document new features
- Follow project rule files
This project is licensed under the MIT License. See LICENSE for details.
This project is heavily inspired by Freebox OS Ultra Dashboard by HGHugo. Many thanks to the original author for the work that served as a base for MynetworK.
Original project: FreeboxOS-Ultra-Dashboard
- Free for the Freebox and its open API
- Freebox SDK for API documentation
- Ubiquiti for UniFi
- The open-source community for the libraries used
Made with ❤️ for multi-source network management
MynetworK - Multi-Source Network Dashboard