Skip to content

Requirements

aseStack is currently a production-testable vertical slice, not a finished hosting panel. Use it first on a new or recoverable environment, keep independent backups, and validate each guarded action before relying on it for important workloads.

The current v1 production-trial path targets Ubuntu and Debian. Other Linux families may be detected by parts of the agent, but they are not yet part of the supported operator path.

Supported trial platform

Item Current requirement
Controller OS Ubuntu or Debian with systemd
Managed-server OS Ubuntu or Debian with systemd
CPU architecture x86_64 / amd64 for the standard CDN release artifacts
Access Root access, or an account that can run commands with sudo
Public endpoint A DNS name such as control.example.com with HTTPS
Browser A current browser; a WebAuthn-capable browser is required to register passkeys

The release installer does not require Node.js, npm, or Go on the server. Those tools are needed only when developing or building aseStack from source. The installer adds missing base packages on apt-based hosts, downloads the release archive, verifies its checksum, and installs the prebuilt binaries.

No formal resource minimum yet

aseStack does not yet publish a minimum CPU, memory, or disk specification. Size the controller for the services you place on it, and leave room for /var/lib/asestack, local backups, logs, databases, and any content under /www. Monitor the host during your trial before moving production workloads.

Controller topology

aseStack uses one central controller and an agent on every managed server:

  • The controller owns users, settings, server inventory, jobs, audit events, backup metadata, and the dashboard API.
  • Each agent sends heartbeats, polls the controller for allowlisted commands, and performs local inspections or explicitly enabled actions.
  • The installer enrolls the controller host as a local managed server by default. Additional servers can be enrolled later.

A managed agent connects outward to the controller. The controller does not need a new inbound management port on each managed server. Services hosted on a managed server may still need their own public ports; see Sites.

Network and DNS

Prepare these routes before installation:

Host Direction Purpose
Controller Inbound TCP 80/443 Reverse proxy and HTTPS for control.example.com
Controller Local TCP 15173 aseStack application listener; keep it on loopback when the proxy is on the same host
Controller Outbound HTTPS aseStack CDN, Ubuntu/Debian repositories, update checks, and any configured external providers
Managed server Outbound HTTPS control.example.com and cdn.asestack.dev for agent enrollment, polling, and updates
Either host Your chosen SSH port Normal server administration; aseStack does not prescribe an SSH port

Create an A record for control.example.com that points to the public address of the reverse-proxy host. Add an AAAA record only when that proxy is also reachable over IPv6.

Do not expose port 15173 directly to the internet. The default installer binds it to 127.0.0.1, and the public domain should terminate HTTPS at a local reverse proxy. HTTPS is also required for production WebAuthn/passkey use and matches the default secure-cookie policy.

See Reverse proxy and HTTPS for working proxy layouts.

Storage and state

The standard installation uses these paths:

Path Contents
/opt/asestack Application, binaries, web assets, and deployment helpers
/etc/asestack/asestack.env Root-readable runtime configuration and secrets
/var/lib/asestack User data, controller state, CA material, and fallback data
/var/backups/asestack Local control-plane backups and database transfer files
/www Default site and file-manager root

File-backed controller state works by default. For a broader production trial, configure PostgreSQL with ASESTACK_DATABASE_URL; /var/lib/asestack is still required for the user store and recovery data. Back up both the database and /var/lib/asestack.

Review the full configuration reference before changing paths or enabling write-capable actions.

Pre-install checklist

Before continuing, confirm that:

  • The server is an Ubuntu or Debian amd64 host with systemd.
  • You have root or working sudo access.
  • control.example.com resolves to the intended reverse proxy.
  • Ports 80 and 443 reach that proxy.
  • The controller can reach cdn.asestack.dev over HTTPS.
  • You have a separate backup or can rebuild this trial host.
  • You will keep port 15173 private.

Continue to Install aseStack.