Nexus PaaS

Current view

Overview and activity

Dashboard

Loading dashboard…

Projects

0

Services

0

System Metrics

Collecting host resource posture…

Compute Waiting for data CPU pressure appears here

Memory Waiting for data Working set summary appears here

Storage Waiting for data Capacity headroom appears here

Recent Alerts

Identity Posture

Loading identity posture…

Collector Health

Loading monitoring overview…

Alert Delivery

Loading notification status…

Visibility Events

Loading visibility events…

Recent Activity

My Account

Identity Status

Loading role information…

Checking privileged session…

Unknown role

Name

Change Password (optional)

Current Password

Required to change email or password.

New Password

Confirm New Password

MFA Code

Needed when MFA protects an email or password change.

Recovery Code

Multi-Factor Authentication

Loading…

Checking MFA status…

Current Password

Privileged Elevation

Inactive

Elevate before destructive admin actions such as role changes, settings writes, container exec, or prune operations.

Current Password

MFA Code

Recovery Code

Projects

Quick Start Tutorial

Add a Project: Click Add Project and fill in your app name, repository URL, and (optionally) a custom domain.
Build & Start: If no Dockerfile is present, build/start commands generate one for your stack.
Choose a Port: Enter the port your app listens on (default: 3000).
Deploy: The platform clones, builds, and deploys the project.
Services: Deploy a database/cache from Service Templates and use the service name as hostname (see Networking Guide).
Project Starters: Use Create from Template for WordPress/Drupal.
Backups: Put data in volumes (e.g., app /app/data) and enable backups in Project Settings → Backups.

Project Templates

Launch ready-to-run stacks like WordPress or Drupal.

Project Settings

Name

Unique identifier for this project.

Repository URL

Linked Git repository. Create a new project to change this.

Private Repo Access

Provider

Token

Loading…

SCM Auto-Deploy Webhook

Provider

Webhook URL

Secret (shown once)

Rotate to generate a secret (only displayed once).

Branch

Git branch to pull updates from.

Assigned Server

Choose the server where this project will be deployed.

Build Command

Shell command to build the project during deployment.

Start Command

Shell command to start the application.

Project Runtime

Operations console

Project runtime state is loading…

Logs, verification, and container status appear here after a project is selected.

Runtime state Checking...

Run dashboard verification to confirm project/service runtime wiring.

Last verified: —

Verification checks

Live logs

DNS Configuration: Point your domain's A record to the server IP before adding it here. SSL certificates are automatically provisioned via Let's Encrypt.

Domain	SSL Status	Actions

Enable Project Backups

Frequency

Retention (Days)

Includes

Databases (PostgreSQL, MySQL/MariaDB, MongoDB)

Persistent Volumes (Storage)

Storage backups archive the container paths listed in each deployed service's volumes (e.g., MySQL /var/lib/mysql, MongoDB /data/db, WordPress /var/www/html/wp-content, Drupal /var/www/html/sites).

Destination Provider

Loading providers...

Select a specific provider or use all available for redundancy.

User Management

Name	Email	Role	MFA	Disk Used	Joined	Actions

Server Management

Server Infrastructure

Manage the physical or virtual servers connected to your cluster. Monitor health status, resource availability, and agent connectivity.

Services

Getting started

Attach services to a project, then verify runtime health

Pick a project first, deploy the service, then use the runtime panel below to confirm logs, readiness, and container health from the same workspace.

Manage the services deployed into your projects.

Name	Project	Image	Status	Ports	Actions

Selected Service Runtime

Operations console

Service runtime state is loading…

Select a service to inspect logs, readiness checks, and container health from one panel.

Runtime state Checking...

Run dashboard verification to confirm selected service runtime health.

Last verified: —

Verification checks

Live logs

System Monitoring

Track core service health, host utilization, and container runtime metrics from one view.

Core Services Status

Loading services...

CPU Usage

0%

Memory Usage

0%

Disk Usage

0%

Uptime

0s

Updating...

Collector Visibility

Loading collector status…

Notification Delivery

Loading delivery status…

Recent Monitoring Events

Loading recent events…

Recent Alerts

Loading recent alerts…

Resource History

History condenses recent CPU and memory behavior into deployment-ready trend lines.

Load Average

Load average helps spot sustained pressure before deployments slow down.

Container Statistics

Container	Image	State	CPU %	Mem %	Net I/O	Block I/O
Loading container metrics...

Backups

Backup Management

Monitor and manage backups for all your projects and system data. Configure backup schedules, retention policies, and external storage providers in Settings > Backups.

Backup Scheduler

Loading scheduler status...

All Backups

Project	Type	Size	Status	Created	Actions
Loading backups...

Security Dashboard

Review scanner health, score trends, and recent scan outcomes for the current platform state.

Cloudflare Origin Protection

Track whether the origin is hidden behind Cloudflare-only access controls and authenticated origin verification.

Nexus stores the declared protection state and can live-verify remote UFW Cloudflare rules plus Traefik Authenticated Origin Pull client-auth wiring on the selected server.

Origin Server

Service Security Scan

Service Target

Pick a service and run a scan.

Security Scanners

Security Score

0%

Overall Security Rating

Recent scan quality and exposure signals will appear here.

Recent Security Scans

Scanner	Status	Score	Timestamp	Actions

Webhooks

Automation

Route deploy and platform events into your tools

Start with one webhook for deployment failures or global audit events, then expand to project-scoped endpoints as teams grow.

Name	Scope	Target URL	Events	Status	Created	Actions

System Settings

General Settings

Platform Name

Default Timezone

Default Language

Email Configuration

SMTP Host

SMTP Port

SMTP Username

SMTP Password

From Email

Security Configuration

Encryption Key Rotation

Loading encryption status...

Current Key

Previous Key

Plaintext

Unreadable

Checking whether ENCRYPTION_KEY_PREVIOUS can be removed...

Enable Two-Factor Authentication

Enable Rate Limiting

Failed Login Attempts Before Lockout

Session Timeout (minutes)

Password Policy

Enhanced Security Tools

Rootkit Hunter (rkhunter)

Scans for rootkits, backdoors, and malicious scripts.

Schedule

Chkrootkit

Detects known rootkits and malware.

Schedule

ClamAV Antivirus

Scans for malicious payloads and web shells.

Scan Path

Fail2Ban

Blocks IPs after repeated failed login attempts.

Max Retry

Ban Time (seconds)

Lynis Auditing

Security auditing and system hardening.

Storage Configuration

Backup Configuration

Enable Automated Backups

Frequency

Retention (Days)

Backup Destinations

Configure S3-compatible storage providers. Multiple destinations allow for redundant backups.

Name	Type	Bucket	Actions
No providers configured

Notification Channels

Email Notifications

Send Email Alerts

Alert Recipients

Comma-separated list. Leave empty to use current admin user emails.

Discord Webhook

Webhook URL

Enable Discord delivery

Generic Webhook

Webhook URL

Enable generic webhook delivery

Alert Events

Deployment Failures

High CPU/Memory Usage

Security Incidents

Maintenance Tasks

System Cleanup

Remove old data to free up disk space

Delete data older than days

Database Maintenance

Container Runtime Cleanup

Free disk space by removing unused images/containers/networks. Active projects and running services are not removed.

Also prune unused volumes (may delete data for stopped/removed projects)

Also prune all unused images (not just dangling)

If you enable volume pruning, type PRUNE_VOLUMES. If you enable all-unused-images pruning, type PRUNE_ALL_IMAGES. If you enable both, type PRUNE_VOLUMES PRUNE_ALL_IMAGES.

Platform Management

Restart the dashboard and core services. The UI will be briefly unavailable.

Log Rotation

Automatic log rotation (weekly)

Select Project

Services attach to the selected project and share its networks.

Name (Instance Identifier)

Used for container name and DNS.

Environment Variables (JSON Overrides)

Customize the default variables for this deployment.

Ports (JSON Array Overrides)

Leave empty to use template defaults. Format: ["host:container"]

Volumes (JSON Array Overrides)

Leave empty to use template defaults. Format: ["data:/path/in/container"]. Named volumes are automatically prefixed per-project.

Branch

Branch to deploy (e.g., main, master).

Project

Backups must be enabled in Project Settings.

Environment Variables (JSON)

Default environment variables for this template.

Ports (JSON Array)

Default ports to expose. Format: ["host:container"]

Volumes (JSON Array)

Default persistent mounts. Named volumes are automatically prefixed per-project at deploy time.

Environment Variables (JSON)

Default environment variables for this template.

Ports (JSON Array)

Default ports to expose. Format: ["host:container"]

Volumes (JSON Array)

Default persistent mounts. Named volumes are automatically prefixed per-project at deploy time.

Custom Domain (Optional)

Point the domain’s A record to the server where you’ll deploy this project.

Server

Choose the host that will run this project’s container (Podman runs on that server).

Git Repository URL

Public HTTPS URL of your Git repository.

Branch

Branch to deploy (e.g., main, master).

Port

Internal port your app listens on.

Build Command

Command to install dependencies and build the app.

Start Command

Command to start the application server.

Server

Choose the server where this project will be deployed.

Custom Domain (Optional)

Point the domain’s A record to the selected server.

Public Port

Port to expose for direct access (Traefik will use the domain if provided).

Database

Include MySQL database

DB Password (optional)

DB Root Password (optional)

External DB Host

Required when the database toggle is off.

Persistence Paths

These paths are stored in persistent volumes for this template.

Preset

Choose a preset to prefill event defaults and URL guidance.

Project Scope

Choose a project to send events for that project only, or keep global scope.

Target URL

Public http/https URL required.

Trigger Events

Deployment Success

Deployment Failed

All Deployment Events (`deployment.*`)

All Events (`*`)

Authentication Method

SSH Private Key

Paste a private key for key-based SSH access.

Run server automations (install Podman, configure firewall, etc.)

Endpoint URL

For AWS, use https://s3.amazonaws.com. For others, use their endpoint.

Login

Dashboard

Users

0

Projects

0

Servers

0

Services

0

Quick actions

System Metrics

Recent Alerts

Identity Posture

Collector Health

Alert Delivery

Visibility Events

Recent Activity

My Account

Change Password (optional)

Multi-Factor Authentication

Privileged Elevation

Projects

Quick Start Tutorial

Project Templates

Project Settings

Project Runtime

User Management

Server Management

Server Infrastructure

Services

Service Marketplace

Attach services to a project, then verify runtime health

Selected Service Runtime

System Monitoring

Core Services Status

CPU Usage

0%

Memory Usage

0%

Disk Usage

0%

Uptime

0s

Collector Visibility

Notification Delivery

Recent Monitoring Events

Recent Alerts

Resource History

Load Average

Container Statistics

Backups

Backup Management

Project Backups

My Project Backups

Backup Scheduler

All Backups

Security Dashboard

Cloudflare Origin Protection

Service Security Scan

Security Scanners

Security Score

0%

Recent Security Scans

Webhooks

Route deploy and platform events into your tools

System Settings

General Settings

Email Configuration

Security Configuration

Encryption Key Rotation

Enhanced Security Tools

Rootkit Hunter (rkhunter)

Chkrootkit

ClamAV Antivirus

Fail2Ban

Lynis Auditing

Storage Configuration

Backup Configuration