Requirements¶
aseStack is currently a production-testable vertical slice, not a finished hosting panel. Use it first on a new or recoverable environment, keep independent backups, and validate each guarded action before relying on it for important workloads.
The current v1 production-trial path targets Ubuntu and Debian. Other Linux families may be detected by parts of the agent, but they are not yet part of the supported operator path.
Supported trial platform¶
| Item | Current requirement |
|---|---|
| Controller OS | Ubuntu or Debian with systemd |
| Managed-server OS | Ubuntu or Debian with systemd |
| CPU architecture | x86_64 / amd64 for the standard CDN release artifacts |
| Access | Root access, or an account that can run commands with sudo |
| Public endpoint | A DNS name such as control.example.com with HTTPS |
| Browser | A current browser; a WebAuthn-capable browser is required to register passkeys |
The release installer does not require Node.js, npm, or Go on the server. Those tools are needed only when developing or building aseStack from source. The installer adds missing base packages on apt-based hosts, downloads the release archive, verifies its checksum, and installs the prebuilt binaries.
No formal resource minimum yet
aseStack does not yet publish a minimum CPU, memory, or disk specification. Size the controller for the services you place on it, and leave room for /var/lib/asestack, local backups, logs, databases, and any content under /www. Monitor the host during your trial before moving production workloads.
Controller topology¶
aseStack uses one central controller and an agent on every managed server:
- The controller owns users, settings, server inventory, jobs, audit events, backup metadata, and the dashboard API.
- Each agent sends heartbeats, polls the controller for allowlisted commands, and performs local inspections or explicitly enabled actions.
- The installer enrolls the controller host as a local managed server by default. Additional servers can be enrolled later.
A managed agent connects outward to the controller. The controller does not need a new inbound management port on each managed server. Services hosted on a managed server may still need their own public ports; see Sites.
Network and DNS¶
Prepare these routes before installation:
| Host | Direction | Purpose |
|---|---|---|
| Controller | Inbound TCP 80/443 | Reverse proxy and HTTPS for control.example.com |
| Controller | Local TCP 15173 | aseStack application listener; keep it on loopback when the proxy is on the same host |
| Controller | Outbound HTTPS | aseStack CDN, Ubuntu/Debian repositories, update checks, and any configured external providers |
| Managed server | Outbound HTTPS | control.example.com and cdn.asestack.dev for agent enrollment, polling, and updates |
| Either host | Your chosen SSH port | Normal server administration; aseStack does not prescribe an SSH port |
Create an A record for control.example.com that points to the public address of the reverse-proxy host. Add an AAAA record only when that proxy is also reachable over IPv6.
Do not expose port 15173 directly to the internet. The default installer binds it to 127.0.0.1, and the public domain should terminate HTTPS at a local reverse proxy. HTTPS is also required for production WebAuthn/passkey use and matches the default secure-cookie policy.
See Reverse proxy and HTTPS for working proxy layouts.
Storage and state¶
The standard installation uses these paths:
| Path | Contents |
|---|---|
/opt/asestack |
Application, binaries, web assets, and deployment helpers |
/etc/asestack/asestack.env |
Root-readable runtime configuration and secrets |
/var/lib/asestack |
User data, controller state, CA material, and fallback data |
/var/backups/asestack |
Local control-plane backups and database transfer files |
/www |
Default site and file-manager root |
File-backed controller state works by default. For a broader production trial, configure PostgreSQL with ASESTACK_DATABASE_URL; /var/lib/asestack is still required for the user store and recovery data. Back up both the database and /var/lib/asestack.
Review the full configuration reference before changing paths or enabling write-capable actions.
Pre-install checklist¶
Before continuing, confirm that:
- The server is an Ubuntu or Debian
amd64host withsystemd. - You have root or working
sudoaccess. -
control.example.comresolves to the intended reverse proxy. - Ports 80 and 443 reach that proxy.
- The controller can reach
cdn.asestack.devover HTTPS. - You have a separate backup or can rebuild this trial host.
- You will keep port 15173 private.
Continue to Install aseStack.