Open-source VPS operations
Operate your servers with guard rails.¶
aseStack combines a Go control plane, per-host agents, and a React operations dashboard for managing servers, sites, containers, files, databases, backups, and security workflows.
Production-testable, not yet a finished control panel
aseStack is intended for careful production trials by operators who are comfortable with Linux, reverse proxies, backups, and recovery. It is not yet a drop-in replacement for a mature commercial hosting panel. Keep independent backups and validate guarded actions on disposable workloads first.
What aseStack includes¶
-
Servers and monitoring
Enroll managed Linux hosts, watch heartbeat and version state, stream metrics, run readiness checks, and review command results.
-
Native site operations
Preview and deploy Nginx configurations for static sites, PHP-FPM applications, and reverse proxies, with disable, rollback, cleanup, and certificate workflows.
-
Docker operations
Inspect containers and Compose projects, read logs and stats, and opt into guarded start, stop, restart, exec, and prune actions.
-
Files and databases
Work inside a constrained file root with atomic saves and backup copies. Inspect PostgreSQL, MySQL/MariaDB, and Redis with separately guarded query and transfer actions.
-
Backups and recovery
Create control-plane and database archives, configure local or remote destinations, schedule guarded transfers, check restore readiness, and hand off selected-host system snapshots.
-
Identity and audit
Use role-based access, TOTP MFA, recovery codes, passkeys, optional Turnstile, a security entrance, audit events, and a searchable operator timeline.
How it is arranged¶
| Component | Responsibility |
|---|---|
| Controller | Serves the dashboard and API, owns users and policy, stores desired state, queues guarded work, and records audit history. |
| Agent | Runs on each managed host, reports inventory and readiness, polls for allowlisted commands, and applies actions only when host-side gates permit them. |
| PostgreSQL | Recommended control-plane state backend for production trials. The data directory remains important for users, controller CA material, and recovery state. |
| Reverse proxy | Terminates public HTTPS and forwards to the controller's default loopback listener on port 15173. |
Controller-side permission is not enough to make a privileged agent action run. High-impact workflows normally require an explicit controller gate, a matching agent gate, preflight readiness, and an operator confirmation.
Recommended first deployment¶
- Read the requirements and support scope.
- Install the controller on a fresh Ubuntu or Debian VPS.
- Put it behind a reverse proxy with HTTPS.
- Complete the first-login security checklist.
- Enroll one disposable or non-critical server and run its preflight.
- Create and verify a control-plane backup before enabling live actions.
Documentation conventions¶
- Commands that change system state use
sudoand are called out explicitly. - Example domains such as
control.example.commust be replaced with your own values. - A feature gate shown as
falseshould stay disabled until the related host paths, permissions, backup, and rollback plan have been checked. - The guaranteed CLI command is
asestack. The shorterasealias is installed only when it does not conflict with another command.