Built for self-hosters, by a self-hoster

NyxGuard Manager is the first public project from NyxCloud — a production-grade security platform designed from the ground up for people who care about privacy, control, and running things themselves.

CV

Cardei Vlad-Eusebiu

Founder · NyxCloud  ·  Infrastructure & Security Engineer

I am an Infrastructure and Security Engineer and the founder of NyxCloud, focused on building self-hosted infrastructure tools for homelab enthusiasts and small businesses.

My background spans over a decade in enterprise technical support, infrastructure operations, and application troubleshooting across large global organizations. During this time, I worked with complex production environments, helping diagnose critical issues, optimize system performance, and maintain secure infrastructure at scale.

Through that experience, I saw a recurring problem: enterprise-grade security and infrastructure tooling is often overly complex, expensive, and inaccessible for smaller teams and independent operators. To address that gap, I started building my own solutions.

Today, I design and develop self-hosted infrastructure tools that prioritize security, simplicity, and operational transparency — combining infrastructure engineering, container orchestration, security hardening, and full-stack development.

Every project I build is tested in my own infrastructure before being released publicly, ensuring it meets the same reliability and security standards I expect from professional environments.

My goal is simple: bring production-grade infrastructure and security tools to people who want full control of their systems — without enterprise complexity.

Why I Built NyxGuard Manager

I needed a reverse proxy that felt like an operator tool — not a toy. Self-hosted services were getting hammered by bots, DDoS floods, and credential stuffing, with zero visibility into what was actually happening. No existing tool combined proxy management, security controls, and observability in one place. So I built it.

The Vision

Security that lives where you operate — WAF, SQL Shield, bot defence, DDoS shielding, and GeoIP intelligence built into the same workflow as your proxy hosts. Real-time observability so you always know what's happening. Local-first and predictable — your data stays on your server, updates never wipe your config.

Support the Project

Support the Development

NyxGuard Manager is an independent project built and maintained by a single developer. If it helps secure your infrastructure, consider supporting it — every contribution funds new features, security hardening, and keeps the project alive.


How NyxGuard Manager is engineered

Security defaults ONAuth bypass off by default — you opt out of protection, never into it.
No cloud dependencyEvery security decision is evaluated locally. No external API calls at runtime.
No hardcoded secretsAll credentials generated at install. Nothing is ever committed or shipped with defaults.
Timing-safe auth stackRS256 JWT, dummy hash compare, constant-time token verification throughout.
Minimal attack surfaceSingle container, known dependencies, no unnecessary services exposed.
Observability firstYou should always know what's hitting your infrastructure — and why it was blocked.

How NyxGuard Manager evolved

v1
Nov 2025

Core Proxy Engine & WAF Foundation

Built the reverse proxy stack on nginx with an integrated WAF layer, per-host SSL via Let's Encrypt, and custom WAF rule management with live nginx apply.

v2
Dec 2025

NyxGuard Security Layer

Full security stack: GlobalGate IP/country intelligence, DDoS shield, SQL injection protection, bot defence with SEO-safe mode, Attack Dashboard, per-app toggles.

v3
Jan 2026

Observability & Operations

Prometheus, Grafana dashboard, Event Center, Traffic Monitor, web terminal, Webhook/Slack/Email notifications, Authentik SSO, 12 UI themes.

v4
Feb 2026 — Now

Security Hardening & Public Release

RS256 JWT, timing-safe login, LAN access control + MAC filtering, Web Threat Controls with policy versioning, i18n in 6 languages. First public release.


What drives NyxCloud projects

Privacy First

No telemetry, no analytics, no external calls at runtime. Your infrastructure data stays on your hardware.

Self-Hosted

You own the software, the data, and the configuration. No subscription, no vendor lock-in, no cloud dependency.

Production Quality

Every feature is validated on real infrastructure before release. The same tooling running on my own servers.

Focused Scope

One tool, done right. A focused application that excels at reverse proxy security — not a platform for everything.

Accessible

Runs on bare-metal or any Linux server. No Kubernetes. Minimal hardware, maximum security.


NyxCloud — Self-Hosted Infrastructure & Automation

NyxGuard Manager is the first public project under the NyxCloud umbrella.