Unified Web Application Server — Apache+Nginx+Varnish+Caddy in a single Go binary. Auto HTTPS, built-in caching, PHP/FastCGI, reverse proxy, load balancing, WAF, web dashboard, and MCP server.
Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"uwas": {
"command": "<see-readme>",
"args": []
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
Note: UWAS is production-ready with 50+ installed instances.
This server supports HTTP transport. Be the first to test it — help the community know if it works.
Five weighted categories — click any category to see the underlying evidence.
No known CVEs.
No package registry to scan.
Click any tool to inspect its schema.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in devops
MCP server for using the GitLab API
A Unified MCP Server Management App (MCP Manager).
MCP server for Komodo - manage Docker containers, servers, stacks, and deployments via AI
MCP-NixOS - Model Context Protocol Server for NixOS resources
MCP Security Weekly
Get CVE alerts and security updates for Uwas and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
Unified Web Application Server
One binary to serve them all.
Apache + Nginx + Varnish + Caddy + cPanel → UWAS
Note: UWAS is production-ready with 50+ installed instances.
UWAS replaces your entire web server stack and hosting control panel with a single Go binary. Auto HTTPS, built-in caching, PHP support, .htaccess compatibility, reverse proxy, WebSocket forwarding, WAF, multi-user access control, and a 42-page React dashboard with 254+ API endpoints.
One binary. Zero hassle.
web/dashboard/src/pages)/api/v1 in internal/admin/routes.go + analytics hooks)go list ./...)go test ./... passing (parallel)v0.6.x highlights (standalone apps + hard legacy cutover):
/etc/uwas/apps.d/<name>.yamlapps://my-apiwww.<domain> redirects,
with per-host SSL, 301/302 selection, and no alias/cache/security noise on
redirect recordsdomain.com,
www.domain.com, or both hostnames without redirectingneeds Docker Compose
instead of leaving broken cards as vague unknown statesdocker compose and legacy docker-composework_dirtype=app config and migration endpoints are removedv0.5.0 highlights (refactor + perf + observability sweep, 43 commits):
internal/respond package centralizes JSON responses with operator-visible 5xx logginguwas_handler_duration_seconds{handler,quantile})api_key fallback is now opt-in (global.users.allow_legacy_plaintext_api_key, default false). Operators upgrading from v0.4.x with a plaintext key must set the flag or migrate to hashed credentials.