ProxMenux Monitor
Two related actions inside the Settings menu: toggle the proxmenux-monitor.service systemd unit (start / stop and enable / disable in one click), and view its current detailed status. The Monitor exposes a web UI on TCP 8008 for visual host monitoring.
What is ProxMenux Monitor?
What it offers
- Real-time monitoring of CPU, RAM, disk usage and network traffic.
- Overview of running VMs and LXC containers with status indicators.
- Login authentication to protect access.
- Two-Factor Authentication (2FA) with TOTP support.
- Reverse proxy support (Nginx / Traefik).
- Designed to work across desktop and mobile devices.
Access
Once installed, the dashboard is available at:
http://<your-proxmox-ip>:8008
The Monitor is installed automatically as part of the standard ProxMenux installation and runs as a systemd service (proxmenux-monitor.service) that starts automatically on boot.
Settings options only visible when Monitor is installed
proxmenux-monitor.service is registered with systemd. If you don't see them, the Monitor wasn't installed (it's optional during ProxMenux install). To add it later, reinstall ProxMenux with the latest version and pick the Monitor option.Activate / Deactivate
The first menu entry is a single toggle that flips between two states based on whether the service is currently running:
| Current state | Menu label shown | Action on confirm |
|---|---|---|
| active | Deactivate ProxMenux Monitor | systemctl stop + disable |
| inactive | Activate ProxMenux Monitor | systemctl enable + start |
Each toggle requires an explicit yes/no dialog before running. Activate / Deactivate is symmetric: deactivating stops the service and disables auto-start at boot; activating enables auto-start and starts the service immediately.
Show Monitor Service Status
The second menu entry is read-only. It clears the screen, shows the ProxMenux logo and the title "ProxMenux Monitor Service Verification", then reports:
- Service status: active, inactive or not_installed.
- Web UI URL (only when active):
http://<host_ip>:8008— derived fromhostname -I | awk '{print $1}'. - Detailed systemd output:
systemctl status proxmenux-monitor.service --no-pager -l— shows recent log lines, ExecStart, MainPID, etc.
Manual equivalents
systemctl status proxmenux-monitor.service # detailed status systemctl is-active proxmenux-monitor.service # one-word status systemctl enable --now proxmenux-monitor.service # enable + start systemctl disable --now proxmenux-monitor.service # stop + disable journalctl -u proxmenux-monitor.service -f # follow live logs
Reset ProxMenux Monitor Password
Recovery path for the operator who lost the dashboard password (or 2FA device). The option only appears when the Monitor is installed on the host. Selecting it:
- Asks for confirmation with a yes/no dialog — the action is destructive for the login credentials.
- Backs up the existing
/root/.config/proxmenux-monitor/auth.jsontoauth.json.bak-<UTC timestamp>(mode0600) so the previous state can be restored manually if the reset was a mistake. - Stops the
proxmenux-monitorservice so the on-disk edit can't race with an in-flight login. - Clears the identity fields in
auth.json:enabled=false,configured=false, emptiesusername,password_hash,totp_secretand the backup codes array. - Preserves the
jwt_secretand the registeredapi_tokens/revoked_tokens— so long-lived API tokens used by Home Assistant or other scripts continue to authenticate after the reset. - Restarts the service. The next visit to
http://<host>:8008shows the first-launch setup wizard so a fresh admin account can be created.
What survives the reset, what doesn't
jwt_secret, api_tokens metadata, revoked_tokens list. If you actively want to also invalidate every existing API token (full clean slate), delete auth.json manually instead of using this menu option — the next start of the service regenerates the JWT secret and everything else from scratch.Physical-host access is the trust anchor
menu command as root already controls the box, so giving them password recovery is not a privilege escalation — it's consistent with how every other admin tool on Proxmox works. The corollary: the Monitor login won't protect anything from someone you've already let into the Proxmox shell.See also Monitor → Access & Auth → Recovering a lost password for the same flow described from the dashboard side, plus the wider context on how passwords are hashed and how the JWT secret is generated.
Files involved
/etc/systemd/system/proxmenux-monitor.service # systemd unit
/root/.config/proxmenux-monitor/ # runtime config dir
/var/log/proxmenux-auth.log # Flask app auth log
# (read by Fail2Ban [proxmenux] jail)Troubleshooting
Both menu options are missing
systemctl list-unit-files | grep proxmenux-monitor — if there's no output, reinstall ProxMenux from the official installer with the latest version and pick the Monitor option during install.Service activated but the URL is unreachable
ss -tlnp | grep 8008 # is anything listening? journalctl -u proxmenux-monitor -n 100 --no-pager # recent errors curl -sI http://localhost:8008 # local reachabilityIf localhost works but external doesn't, check your host firewall (
pve-firewall or nftables) for inbound TCP 8008.Activated the service but it stops itself a few seconds later
journalctl -u proxmenux-monitor.service -b.Related
- Fail2Ban — the
[proxmenux]jail protects the Monitor on TCP 8008. - Settings overview.