Janus is a lightweight Go sidecar that runs alongside Traefik and bridges the gap between DevOps (who configures the proxy) and Developers (who need to understand what is exposed and how). It surfaces security gaps, detects active attacks, blocks hostile IPs, and delivers AI-powered threat intelligence — all from a single embedded dashboard.
Features
- Security score gauge (0–100) with 30-day trend history
- Router vulnerability analysis with AI-powered insights via vLLM (Qwen2.5)
- Active IP defense (Shield) — auto-blocking on 403 thresholds with manual override
- Prison Guard — AI-driven post-ban monitoring and auto-unblock decisions
- Threat intelligence — Top-20 attacker analysis, GeoIP enrichment, hostile cluster detection
- Policy engine — middleware compliance checks, configuration drift detection
- Telegram alerts with configurable severity threshold
- SQLite persistence for audit history
Dashboard
| Tab | Description |
|---|---|
| Dashboard | Security score ring, router risk cards, Pulse Monitor, AI insights, config drift banner |
| Policies | Middleware policy definitions, compliance status, AI executive summary |
| Shield | Live blocked-IP list with 30-min sparklines and AI verdict badges |
| Intelligence | Top-20 threats with GeoIP, hostile cluster cards, downloadable Markdown threat report |
Architecture
Janus sits inside the same Docker network as Traefik (proxy-network) and polls Traefik’s internal REST API. It never intercepts live traffic — it is a read-only observer paired with an active write path for the IP blocklist only.
Tech Stack
- Go 1.22
- Docker / Docker Compose
- Traefik (reverse proxy)
- vLLM / Qwen2.5-7b-instruct (AI analysis)
- SQLite (persistence)
- Tailwind CSS (embedded SPA)
- MaxMind GeoLite2 (GeoIP)
Author
Ricardo Grangeia
Senior Software Engineer
Portugal
Website
https://ricardo.grangeia.pt
Project Github
https://github.com/ricgrangeia/janus-traefik-security
License
MIT License