nessi/NexaVPN
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3289da24afcdd00e472ce5c8732e15efa914640b
NexaVPN/README.md
nessi 830491cb0d chore: initial project scaffold with admin web, backend, desktop client, and deployment setup 
Add monorepo structure for NexaVPN WireGuard control plane including:
- .gitignore for node_modules, build artifacts, and environment files
- README with project overview, monorepo layout, and quick start guide
- Admin web UI with React, Vite, TypeScript, and nginx reverse proxy
- API client with type definitions for users, devices, policies, gateways, and audit logs
- Admin pages for dashboard, users, devices, policies, g
2026-03-15 16:32:34 +01:00

2.2 KiB
Raw Blame History

NexaVPN

NexaVPN is a production-oriented, self-hosted WireGuard control plane for remote access. It combines:

  • A Go backend and PostgreSQL control plane
  • A React admin console
  • A Tauri desktop client for Windows and macOS
  • WireGuard gateway and firewall policy enforcement
  • Docker Compose deployment assets

Monorepo Layout

  • docs/ architecture, schema, API, and deployment design
  • backend/ Go API, migrations, seeds, and domain services
  • admin-web/ React + Vite admin UI
  • desktop-client/ Tauri desktop client
  • deploy/ Docker Compose, reverse proxy, and gateway assets

Phase Status

This repository contains the initial production-minded MVP scaffold:

  • Phase 1: architecture, schema, API, enrollment, provisioning, gateway design
  • Phase 2: backend scaffold, migrations, auth, CRUD, audit, profile generation
  • Phase 3: admin UI scaffold and core pages
  • Phase 4: desktop client scaffold, enrollment flow, profile provisioning abstraction
  • Phase 5: deployment assets, bootstrap scripts, and hardening notes

Quick Start

  1. Copy deploy/.env.example to deploy/.env.
  2. Review docs/architecture.md and docs/deployment.md.
  3. Start the stack with Docker Compose from deploy/.
  4. Open http://localhost.
  5. On the admin login screen, choose the bootstrap flow if this is a fresh install.
  6. Create the initial admin, then sign in.

Important MVP Notes

  • WireGuard remains the tunnel transport. NexaVPN is the control plane around it.
  • Client private keys are generated on-device and are not stored server-side.
  • Gateway-side enforcement uses nftables generated from issued policy state.
  • The Tauri client is structured around embedded tunnel management. Native system WireGuard import can be added as an optional integration later.
  • The current desktop client now performs real backend login and enrollment calls, but secure OS key storage and native tunnel activation are still the next hardening step.

Local Test Flow

cd deploy
cp .env.example .env
docker compose up --build

Then:

  1. Visit http://localhost
  2. Bootstrap the first admin account
  3. Create a user or use the desktop client against http://localhost
  4. Sign in from the NexaVPN desktop app with that user
Reference in New Issue View Git Blame Copy Permalink