Node Dashboard

Monitor your node, track rewards, and manage settings through a web-based dashboard.

Overview

Every Ghost node includes a local web dashboard for monitoring and configuration. The dashboard is:

  • Local-only by default — No public internet exposure
  • Real-time — Live updates via WebSocket
  • Responsive — Works on desktop and mobile
  • Secure — JWT authentication, no external dependencies
Dashboard Preview
Status ● Online (99.8% uptime)
Sync 870,234 / 870,234 (100%)
Mining 1.2 PH/s (12 miners)
Shares ⭐⭐⭐⭐ (14/15)
This Round ~0.0234 BTC
Security First
The dashboard binds only to localhost (127.0.0.1). It's never exposed to the public internet. You access it through SSH tunnel or VPN.

Access Methods

Three ways to access your dashboard remotely:

Method Best For Setup
SSH Tunnel Technical users, no extra software Easy
Tailscale VPN Best UX, mobile access Easy
Local Network Home users on same LAN Trivial

SSH Tunnel (Recommended)

🔐 SSH Port Forwarding Recommended
Forward your local port through an encrypted SSH connection. No additional software needed.

Quick Connect

# Install ghost CLI (one time) $ npm install -g @ghost-pool/cli # Connect to your node $ ghost connect your-server.com # Output: → Establishing SSH tunnel... → Dashboard available at http://localhost:3000 → Opening browser... ✓ Connected to ghost-usa-west-42

Manual SSH

# Forward port 3000 (dashboard) and 8080 (API) $ ssh -L 3000:localhost:3000 -L 8080:localhost:8080 [email protected] # Then open in browser: http://localhost:3000

Persistent Tunnel

Add to your ~/.ssh/config:

Host ghost-node HostName your-server.com User ghost LocalForward 3000 localhost:3000 LocalForward 8080 localhost:8080 ServerAliveInterval 60

Then just: ssh ghost-node

Tailscale VPN

🌐 Tailscale Mesh VPN
Zero-config VPN that creates a private network between your devices. Best UX for mobile access.

Server Setup

# Install Tailscale on your Ghost node $ curl -fsSL https://tailscale.com/install.sh | sh $ sudo tailscale up # Authenticate in browser when prompted # Note your Tailscale IP (e.g., 100.64.0.42) $ tailscale ip -4

Client Setup

# Install Tailscale on your laptop/phone # Download from: https://tailscale.com/download # Authenticate with same account # Access dashboard directly: http://100.64.0.42:3000

Configuration

During Ghost install, if you chose Tailscale, the dashboard binds to your Tailscale IP:

# /etc/ghost/node.conf dashboard: bind: "100.64.0.42:3000" # Tailscale IP
Why Tailscale?
Tailscale uses WireGuard under the hood for encrypted connections. It handles NAT traversal automatically, so you can access your node from anywhere without port forwarding. Great for mobile access.

Dashboard Features

Overview Page

  • Node status and uptime percentage
  • Blockchain sync progress
  • Mining hashrate and connected miners
  • Current share count (0-15)
  • Estimated rewards this round
  • Network statistics

Mining Page

  • List of connected miners with hashrate
  • Share statistics per worker
  • Template profile selector
  • Stratum endpoint display
  • Historical hashrate graph

Rewards Page

  • Share breakdown (which shares you're earning)
  • Payout history with transaction links
  • Earnings chart over time
  • Payout address configuration

Network Page

  • Pool-wide statistics
  • Connected peers list
  • Elder registry and your status
  • Treasury progress and decay status

Settings Page

  • Ghost Mode toggle
  • Archive Mode toggle
  • Public Mining toggle
  • Mempool and template profiles
  • Pruning configuration
  • Security settings (token regeneration)

Logs Page

  • Live log streaming
  • Filter by level (info, warn, error)
  • Filter by source (core, pool, node)
  • Search functionality
  • Download logs

API Access

The dashboard is powered by a REST API that you can also use directly:

# Get auth token (auto-generated on install) $ cat /var/lib/ghost/.dashboard_token # Example: Get node status $ curl -H "Authorization: Bearer $TOKEN" \ http://localhost:8080/api/v1/node/status # Example: Get mining stats $ curl -H "Authorization: Bearer $TOKEN" \ http://localhost:8080/api/v1/mining/status # Example: Toggle Ghost Mode $ curl -X PATCH \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d '{"ghost_mode": true}' \ http://localhost:8080/api/v1/config

Full API documentation: docs.ghostpool.io/api

Security

Authentication

  • JWT tokens — Cryptographically signed, no passwords stored
  • Auto-generated — Token created on first boot
  • Never expires — But can be regenerated anytime
  • Auto-injected — Dashboard reads token automatically when accessed via localhost

Network Security

  • Localhost binding — Dashboard only listens on 127.0.0.1
  • No CORS for external — Cross-origin requests blocked
  • Rate limiting — 100 requests/minute per token
  • Audit logging — All admin actions logged

Regenerate Token

If you suspect your token is compromised:

# Via CLI $ ghost-node token regenerate # Or via API $ curl -X POST -H "Authorization: Bearer $OLD_TOKEN" \ http://localhost:8080/api/v1/admin/regenerate-token

Best Practices

  1. Use SSH key authentication (no passwords)
  2. Keep your SSH key secure with a passphrase
  3. Use Tailscale for convenient mobile access
  4. Never expose port 3000 or 8080 to the public internet
  5. Regenerate token if you think it's compromised