← Back to news

Bootimus – A Self-Contained PXE and HTTP Boot Server

Original article
bootimus.com|78 points|25 comments|by car|Jun 20, 2026

Bootimus: A Self-Contained PXE and HTTP Boot Server

Bootimus is a modern, streamlined PXE/HTTP boot server (v1.x) designed to eliminate the traditional headaches of network booting. Written in go and licensed under Apache 2.0, it leverages iPXE and sqlite/postgres to provide a seamless deployment experience.

πŸš€ Quickstart Guide

Getting Bootimus online is a "pull and run" process. You can deploy it instantly via Docker:

# Deploy Bootimus with necessary network capabilities and ports
docker run -d --name bootimus \
  --cap-add NET_BIND_SERVICE \
  -p 67:67/udp -p 69:69/udp \
  -p 8080:8080/tcp -p 8081:8081/tcp \
  -v $(pwd)/data:/data \
  garybowers/bootimus:latest

To find your initial administrative credentials, check the container logs:

docker logs bootimus | grep Password β†’\rightarrow admin: Password: 7f3a-plum-swift-echo

Once running, access the management console at http://localhost:8081.

πŸ› οΈ Core Capabilities

Bootimus provides everything a contemporary netboot environment requires:

  • Single Binary Distribution: A standalone Go binary containing the web UI, SQLite database, iPXE, and all necessary assets.
  • Integrated proxyDHCP: It handles PXE requests on UDP/67 without requiring you to modify your existing DHCP server configurations.
  • Massive Distro Support: Automatic extraction of kernels and initrds for over 50 distributions, including:
    • Linux: Ubuntu, Debian, Arch, Fedora, NixOS, Alpine.
    • BSD/Other: FreeBSD, Windows (via wimboot).
  • One-Click Utility Suite: Rapid deployment of tools like GParted, Clonezilla, Memtest86+, SystemRescue, ShredOS, and netboot.xyz.
  • Universal Deployment: Available as multi-arch Docker images (amd64/arm64), a static binary, or a 2GB Alpine-based appliance image for USB flashing.
  • Automated Provisioning: Supports unattended installations via autounattend.xml, kickstart, preseed, or cloud-init.

πŸ”„ The Boot Workflow

Bootimus acts as a proxyDHCP server. While your primary DHCP server assigns the IP address, Bootimus provides the PXE-specific instructions.

Example Trace (Ubuntu 24.04):

  1. Discovery: Client broadcasts DHCPDISCOVER.
  2. Offer: Bootimus responds with next-server=bootimus and filename=ipxe.efi.
  3. Loading: ipxe.efi (198 KiB) is transferred via TFTP.
  4. Menu: iPXE chains to HTTP to fetch /menu.ipxe (2.1 KiB).
  5. Execution: The user selects Ubuntu 24.04; the kernel (14 MiB) and initrd (76 MiB) are streamed over HTTP at speeds up to β‰ˆ600Β MB/s\approx 600 \text{ MB/s}.

πŸ›‘οΈ Transparency & Trust

The project is 100% open source and hosted on GitHub.

Audit PointStatusDetail
Binary Typeβœ…Statically linked Go binary (ldd confirms no dynamic executable)
Blobsβœ…Zero proprietary blobs; iPXE is upstream FOSS (GPL-2.0)
Dependenciesβœ…All transitive Go dependencies are open source
Telemetryβœ…Disabled at compile-time

Mathematically, the proprietary footprint is: ProprietaryΒ Blobs=0\text{Proprietary Blobs} = 0

Verification Command:

$ bootimus version --verbose
bootimus 1.0.0 commit 8e87824 (clean)
go 1.23.4 linux/amd64 build static
licence Apache-2.0
embedded ipxe 1.21.1+upstream GPL-2.0

πŸ’Ώ Bootloader Flexibility

You aren't locked into the embedded defaults. You can provide your own bootloaders by placing them in data/bootloaders/.

Bootloader Options

TypeSourceUse Case
UEFI ARM64EmbeddedRaspberry Pi 4/5, Apple Silicon, ARM Servers
Legacy BIOSEmbeddedOlder hardware (undionly.kpxe)
Secure BootCustomshimx64.efi + grubx64.efi (Microsoft signed)
BrandedCustomCustom-themed iPXE with specific colors/scripts

Fallback Logic: If a requested file is missing from your custom set, Bootimus transparently falls back to the embedded set to prevent boot failure.

Directory Structure Example:

data/bootloaders
β”œβ”€β”€ ipxe-builtin/        # Embedded (Always available)
β”‚   β”œβ”€β”€ ipxe.efi
β”‚   β”œβ”€β”€ ipxe-arm64.efi
β”‚   └── undionly.kpxe
β”œβ”€β”€ ipxe-secureboot/     # Custom signed set
β”‚   β”œβ”€β”€ shimx64.efi      # MS Signed
β”‚   β”œβ”€β”€ grubx64.efi      # MS Signed
β”‚   └── ipxe.efi         # Internal CA Signed
└── ipxe-themed/         # Custom branding
    └── ipxe.efi

Switching Sets: $ bootimus bootloaders use ipxe-secureboot β†’\rightarrow Active set updated. Fallback enabled for ARM64/Legacy.

Bootimus Architecture Placeholder

Ready to babysit tftpd automate your deployments?