Open-source VPS operations

Run your servers with guardrails, not guesswork.

aseStack brings servers, sites, Docker, files, databases, backups, security, and logs into one guarded control plane—without hiding the risky parts.

AGPL-3.0-only Go control plane Per-host agents Ubuntu/Debian trials
Illustrative product previewGuard active
Fleet overview

Operations

Systems nominal
Servers online6 / 6
Average CPU23%
Backup runs24
Fleet loadLast 24 hours
Recent activityLive
Backup completedserver-3 · 2m
Site health degradedexample.org · 15m
Guard policy updatedDocker · 32m

Production-testable by design. aseStack is ready for deliberate trials, validation, and hardening—not blind migration of important fleets.

Review requirements
The platform

The operating surface your VPS fleet was missing

Start with fleet context, move into a focused workspace, and keep the safety boundary visible throughout the action.

Servers

Enroll hosts, inspect heartbeat and resource metrics, and keep agent readiness visible.

Sites

Deploy static, PHP-FPM, and reverse-proxy sites through previewable Nginx flows.

Docker

Inspect containers and Compose projects, follow logs and stats, and gate live actions.

Files

Work inside bounded roots with atomic saves, backups, upload limits, and edit locks.

Databases

Inspect PostgreSQL, MySQL, MariaDB, and Redis with read-only policy controls.

Backups

Schedule control-plane backups, move archives to remote providers, and check restore readiness.

Security

Review firewall and malware-scan posture, authentication policy, and action guards.

Operator history

Search audit events, backup runs, deployments, guard changes, and agent commands.

Why aseStack

Operations organized around outcomes

The product connects daily administration with the policy, history, and recovery context that make it safe to repeat.

Operate

One control plane, clear host boundaries

Use the dashboard for fleet-wide context while per-host agents keep execution close to the machine being managed.

  • Go controller and agents
  • React operations dashboard
  • Optional PostgreSQL state
Observe

Know what changed and where

Live metrics and durable operator history connect server health with the actions that shaped it.

  • SSE monitoring stream
  • Searchable audit trail
  • Version and readiness signals
Protect

Risky work starts behind a guard

Controller policy and host-side switches keep live mutations opt-in, visible, and attributable.

  • RBAC, MFA, passkeys, Turnstile
  • mTLS agent enrollment
  • CSRF and command allowlists
Recover

Plan the way back before acting

Backup, restore-readiness, deployment checks, and retained evidence turn recovery into an operating habit.

  • Local and remote providers
  • Restore previews and checks
  • Deployment evidence
Architecture

Central context. Local execution.

aseStack separates the public edge, the authenticated control plane, and host-level execution so each boundary can be inspected and hardened.

01

Control plane

The Go API owns authentication, policy, inventory, jobs, and durable history.

02

Secure channel

Short-lived enrollment material establishes persistent mTLS trust with each host.

03

Per-host agent

The agent reports health and executes only allowlisted commands enabled on that server.

Fresh controller

Start on a non-critical Ubuntu or Debian VPS.

The installer binds the controller locally by default. Put it behind your own HTTPS reverse proxy before signing in.

Terminalcurl -fsSL https://cdn.asestack.dev/install.sh | sudo bashRead the install guide
Security model

Safety is part of the workflow, not a settings page.

aseStack makes exposure, authentication, command permission, and recovery posture visible before an operator changes a host.

Explore the security model

Local-first exposure

The controller binds to localhost by default so TLS and internet exposure remain explicit reverse-proxy decisions.

Layered sign-in

Sessions, rate limits, RBAC, TOTP MFA, passkeys, Turnstile, and an optional security entrance defend the control plane.

Two-sided action gates

High-impact operations can require both controller permission and a separate opt-in on the target host.

Evidence by default

Actor, target, command kind, state, and result stay connected across jobs and operator history.

FAQ

Questions to answer before the first install

A careful trial starts with a clear picture of what aseStack does today and where the operator still owns the decision.

Is aseStack ready to replace a commercial VPS panel?

Not yet. It is a production-testable vertical slice for careful trials and continued hardening, not a promise of turnkey parity with mature commercial panels.

Which hosts are the current production-trial target?

Ubuntu and Debian are the documented targets today. Review the requirements and deployment guide before using a real server.

Does aseStack run every action automatically?

No. Read operations are broad, while many host-changing operations remain disabled until their controller and host-side guards are deliberately enabled.

Where should I start?

Read the requirements, install the controller behind HTTPS, complete first-login hardening, then enroll one non-critical server before expanding the fleet.

Start deliberately

One controller. One test host. A visible path forward—and back.