Skip to content

Open-source VPS operations

Operate your servers with guard rails.

aseStack combines a Go control plane, per-host agents, and a React operations dashboard for managing servers, sites, containers, files, databases, backups, and security workflows.

Install aseStack Read the security model

Production-testable, not yet a finished control panel

aseStack is intended for careful production trials by operators who are comfortable with Linux, reverse proxies, backups, and recovery. It is not yet a drop-in replacement for a mature commercial hosting panel. Keep independent backups and validate guarded actions on disposable workloads first.

What aseStack includes

  • Servers and monitoring


    Enroll managed Linux hosts, watch heartbeat and version state, stream metrics, run readiness checks, and review command results.

  • Native site operations


    Preview and deploy Nginx configurations for static sites, PHP-FPM applications, and reverse proxies, with disable, rollback, cleanup, and certificate workflows.

  • Docker operations


    Inspect containers and Compose projects, read logs and stats, and opt into guarded start, stop, restart, exec, and prune actions.

  • Files and databases


    Work inside a constrained file root with atomic saves and backup copies. Inspect PostgreSQL, MySQL/MariaDB, and Redis with separately guarded query and transfer actions.

  • Backups and recovery


    Create control-plane and database archives, configure local or remote destinations, schedule guarded transfers, check restore readiness, and hand off selected-host system snapshots.

  • Identity and audit


    Use role-based access, TOTP MFA, recovery codes, passkeys, optional Turnstile, a security entrance, audit events, and a searchable operator timeline.

How it is arranged

Component Responsibility
Controller Serves the dashboard and API, owns users and policy, stores desired state, queues guarded work, and records audit history.
Agent Runs on each managed host, reports inventory and readiness, polls for allowlisted commands, and applies actions only when host-side gates permit them.
PostgreSQL Recommended control-plane state backend for production trials. The data directory remains important for users, controller CA material, and recovery state.
Reverse proxy Terminates public HTTPS and forwards to the controller's default loopback listener on port 15173.

Controller-side permission is not enough to make a privileged agent action run. High-impact workflows normally require an explicit controller gate, a matching agent gate, preflight readiness, and an operator confirmation.

  1. Read the requirements and support scope.
  2. Install the controller on a fresh Ubuntu or Debian VPS.
  3. Put it behind a reverse proxy with HTTPS.
  4. Complete the first-login security checklist.
  5. Enroll one disposable or non-critical server and run its preflight.
  6. Create and verify a control-plane backup before enabling live actions.

Documentation conventions

  • Commands that change system state use sudo and are called out explicitly.
  • Example domains such as control.example.com must be replaced with your own values.
  • A feature gate shown as false should stay disabled until the related host paths, permissions, backup, and rollback plan have been checked.
  • The guaranteed CLI command is asestack. The shorter ase alias is installed only when it does not conflict with another command.