Self-hosted flight tracker for small households and groups. Track every flight, visualise routes on interactive maps, collect achievements — all on your own server.
Built for 1–10 users who just want to know where they've been. No accounts to create on someone else's servers, no tracking, no ads — your flights stay on your machine. Flight data is enriched from AirLabs / Aviationstack / OpenSky, but everything you record lives in your own PostgreSQL.
- 🗺️ Six map modes — Routes, Heatmap, Hexagon, 3D columns, animated Trips, 3D Globe
- 📊 Year-over-year statistics across flights, distance, seats, classes, routes
- 🏆 58 Battlefield-style achievements across five categories
- 🎫 Boarding-pass scanner — QR / barcode / OCR
- 📧 Email import — plain text, HTML, Outlook
.msg,.eml, with optional local LLM parsing via Ollama - 💾 Automated backups with retention + optional WebDAV sync
- 🔐 Invite-only by default — toggle public registration anytime from the admin UI; JWT in HttpOnly cookies, 15 rate limiters on sensitive endpoints
- 🌐 German + English UI, i18n-ready
 |
 |
| Downloadable PNG certificate with your totals | 58 Battlefield-style achievements |
The only thing you set in a file is a database password. Everything else — instance name, user cap, API keys, Ollama model, backup schedule, WebDAV — is captured by the first-run setup wizard in the browser.
# 1. Grab the compose file
curl -O https://raw.githubusercontent.com/Abrechen2/TravStats/main/docker-compose.prod.yml
# 2. Set one variable
echo "DB_PASSWORD=$(openssl rand -base64 32)" > .env
# 3. Start
docker compose -f docker-compose.prod.yml up -d
# 4. Open the setup wizard
open http://localhost:3000/setupThat's the complete install. The container seeds the airport database on first boot (~30 s), auto-generates a JWT secret, and the setup wizard persists instance settings to the database.
If you already run a Postgres server (homelab, managed DB), skip the
bundled db service by providing DATABASE_URL and removing the db and
depends_on blocks from the compose file:
DATABASE_URL=postgresql://user:pass@postgres.lan:5432/travstatsCommunity Apps templates live in a dedicated repo —
Abrechen2/docker-templates.
Install travstats-db from there first, then TravStats, set the
Database URL password, open /setup. Walk-through with screenshots in
docs/unraid/README.md.
Optional local LLM parsing: install the Ollama Community App (or run Ollama anywhere else on your network), pull
gemma3:12b(~7.5 GB), then point TravStats at it from Admin → Parser. Multi-flight confirmation mails and unknown airline templates are then handled locally — nothing leaves your network.
Almost nothing to configure via environment variables. The setup wizard captures everything instance-level (name, public URL, user cap, registration mode) and the admin UI handles API keys, Ollama, backup schedule and WebDAV sync.
| Env variable | When to set it | Default |
|---|---|---|
DB_PASSWORD |
Always — shared secret between app and bundled Postgres | required |
APP_PORT |
Different host port | 3000 |
DATABASE_URL |
External Postgres instead of the bundled service | (derived from DB_PASSWORD) |
COOKIE_SECURE |
Reverse proxy doesn't send X-Forwarded-Proto |
(auto-detected) |
CORS_ORIGIN |
Frontend lives on a different hostname than the API | (same-origin only) |
TZ |
Non-UTC container clock (not recommended) | UTC |
See .env.prod.example for the annotated list.
- Instance name, public URL, user cap, registration mode
- AirLabs / OpenSky / Aviationstack API keys (encrypted at rest)
- Ollama endpoint + model (default
gemma3:12b) - Backup schedule and retention
- WebDAV off-site backup sync (Nextcloud, HiDrive, …)
- SMTP for invitation and password-reset emails
- Logging level and retention
TravStats works without any API key; manual flight entry and boarding-pass scanning cover the full feature set.
See CHANGELOG.md for the full history and ROADMAP.md for where things are heading (cruises module, CO₂ tracking, trip planner, PWA).
See SECURITY.md for the hardening summary, audit history, and verification commands. TL;DR: JWT in HttpOnly cookies, 15 distinct rate limiters, Zod validation on every endpoint, Prisma-parameterised queries, Helmet CSP, invite-only by default.
Report vulnerabilities via GitHub Security Advisories — please do not open a public issue.
Bug reports, feature ideas and pull requests are welcome. The Report Bug button in the app copies an anonymised diagnostic bundle for you. See CONTRIBUTING.md for the full guide.
npm run install:all # install backend + frontend
npm run dev # backend :8000 + frontend :3000
npm run typecheck # tsc --noEmit on both
npm run test:frontend # Vitest (backend tests need Postgres)Deep-dive developer reference: CLAUDE.md.
Copyright © 2026 Dennis Wittke · AGPL-3.0-or-later
You may use, modify and redistribute TravStats, but if you run it as a web service (even modified) you must make the complete source code of your modifications available under the same licence. See LICENSE.
TravStats is a solo side project. If it's useful to you, a small donation via PayPal keeps the lights on for AirLabs quota top-ups. ❤️
⭐ Star on GitHub · Releases · Roadmap · Issues
Made with ❤️ and a bit of AI for flight enthusiasts.