nessi
830491cb0d
Add monorepo structure for NexaVPN WireGuard control plane including: - .gitignore for node_modules, build artifacts, and environment files - README with project overview, monorepo layout, and quick start guide - Admin web UI with React, Vite, TypeScript, and nginx reverse proxy - API client with type definitions for users, devices, policies, gateways, and audit logs - Admin pages for dashboard, users, devices, policies, g
1.4 KiB
1.4 KiB
Deployment Layout
Services
postgres- primary relational database
backend- Go API and migration runner
admin-web- static React admin UI served by nginx
gateway- WireGuard plus nftables helper container or host-managed service
reverse-proxy- TLS termination and routing
Docker Compose Networks
control- backend, postgres, admin-web, reverse-proxy
gateway- backend and gateway helper communication
Volume Layout
- postgres data volume
- backend local state volume for dev logs if needed
- gateway config volume for rendered peer sync
Bootstrap
- Start PostgreSQL.
- Run migrations.
- Start the backend.
- Seed roles, settings, and the initial admin user.
- Start the admin UI and reverse proxy.
- Register the first gateway.
Example Commands
cd deploy
cp .env.example .env
docker compose up -d postgres
docker compose up -d backend admin-web reverse-proxy
For SQL bootstrap during early MVP testing:
psql "$DATABASE_URL" -f backend/migrations/000001_init.sql
psql "$DATABASE_URL" -f backend/seed/001_seed.sql
Production Notes
- Terminate TLS at nginx or another reverse proxy.
- Restrict backend and database exposure to private networks.
- Run the gateway with the privileges required for WireGuard and nftables.
- Replace example secrets before deployment.
- Use an external secret manager when available.