The ultimate cloud-native infrastructure management platform Self-hosted, production-ready, battle-tested microservices architecture
NeXuS is a production-grade infrastructure platform that brings enterprise-level capabilities to your self-hosted environment. Built with modern microservices architecture, it provides everything you need to run scalable web applications with observability, security, and AI integration built-in.
- π Zero-Trust Security β JWT auth, WAF, rate limiting, Cloudflare integration
- β‘ Lightning Fast β Redis + Memcached multi-tier caching
- π Full Observability β Prometheus metrics + Grafana dashboards
- π€ AI-Native β Built-in AI gateway with Claude MCP server
- π― Production Ready β Docker Compose orchestration, health checks, automated SSL
- π CDN-Backed β Cloudflare integration for global edge delivery
- π CMS Included β Headless CMS with MongoDB backend
- π Auto-Scaling β Ready for Kubernetes deployment
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Cloudflare CDN β
β (SSL, WAF, DDoS) β
ββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββ
β
ββββββββΌβββββββ
β Traefik β β Reverse Proxy
βββββββ¬ββββββββ
ββββββββββββββΌβββββββββββββ
β β β
ββββββΌββββ ββββββΌβββββ ββββββΌβββββ
βFrontendβ β API β β Auth β
β Next.jsβ β Express β β Service β
ββββββββββ ββββββ¬βββββ ββββββ¬βββββ
β β
βββββββββββββΌβββββββββββββΌββββββββββββ
β β β β
ββββββΌβββββ βββββΌββββ ββββββΌβββββ βββββΌβββββ
βPostgreSQLβ β Redis β β MongoDB β βMemcachedβ
βββββββββββ βββββββββ βββββββββββ ββββββββββ
| Service | Purpose | Port | URL |
|---|---|---|---|
| Frontend | Next.js web app | 3000 | https://nexus.sebhosting.com |
| API Gateway | Main REST API, Docker stats | 4000 | https://api.sebhosting.com |
| Auth Service | JWT authentication | 6000 | https://auth.sebhosting.com |
| CMS Service | Headless content management | 7000 | https://cms.sebhosting.com |
| CDN Service | Static asset delivery | 7001 | https://cdn.sebhosting.com |
| Cache Service | Distributed caching layer | 7002 | https://cache.sebhosting.com |
| WAF Service | Web application firewall | 7003 | https://waf.sebhosting.com |
| AI Gateway | Claude API integration | 5000 | https://ai-gateway.sebhosting.com |
| MCP Server | Claude Code integration | 5001 | https://mcp.sebhosting.com |
| Grafana | Metrics visualization | 3000 | https://grafana.sebhosting.com |
| Prometheus | Metrics collection | 9090 | Internal |
- PostgreSQL 16 β Primary relational database
- MongoDB 7 β Document store for CMS
- Redis 7 β Session store & caching
- Memcached β High-performance object cache
- Docker 29+ & Docker Compose
- Node.js 25+ (for local development)
- Domain with Cloudflare DNS (optional)
# Clone the repository
git clone https://github.com/sebhosting/nexus.git
cd nexus
# Copy environment template
cp .env.example .env
# Edit .env with your credentials
nano .env
# Start all services
cd infrastructure/docker
docker compose up -d
# Check health status
curl http://localhost:4000/health# Database Passwords
POSTGRES_PASSWORD=your-secure-password
MONGODB_PASSWORD=your-secure-password
REDIS_PASSWORD=your-secure-password
# JWT Secret
JWT_SECRET=your-jwt-secret-min-32-chars
# Cloudflare (optional)
CLOUDFLARE_API_TOKEN=your-api-token
CLOUDFLARE_ZONE_ID=your-zone-id
# Grafana
GRAFANA_PASSWORD=admin-password
# Claude MCP (optional)
CF_SERVICE_TOKEN_ID=your-service-token-id
CF_SERVICE_TOKEN_SECRET=your-service-token-secret# Install dependencies
npm install
# Start in development mode
npm run dev
# Build all services
npm run build# Build and start services
make start
# View logs
make logs
# Stop services
make stop
# Rebuild a specific service
docker compose up -d --build apinexus/
βββ frontend/ # Next.js frontend
βββ backend/ # API Gateway (Express)
βββ services/
β βββ auth-service/ # JWT authentication
β βββ cms-service/ # Headless CMS
β βββ cdn-service/ # Static assets
β βββ cache-service/ # Caching layer
β βββ waf-service/ # Web firewall
β βββ ai-gateway/ # Claude integration
β βββ mcp-server/ # Claude MCP tools
βββ infrastructure/
βββ docker/ # Docker Compose configs
βββ prometheus/ # Metrics config
βββ traefik/ # Reverse proxy config
NeXuS includes a Model Context Protocol (MCP) server that lets Claude Code interact with your infrastructure:
nexus_system_overviewβ Get container stats, memory, load averagenexus_health_checkβ Ping all services, check HTTP status codesnexus_list_containersβ List all containers with resource usagenexus_container_statsβ Detailed stats for a specific containernexus_restart_containerβ Restart a service by namenexus_stop_containerβ Stop a running container
Add to ~/.claude/mcp_servers.json:
{
"nexus-mcp": {
"url": "https://mcp.sebhosting.com/mcp",
"headers": {
"cf-access-client-id": "your-service-token-id",
"cf-access-client-secret": "your-service-token-secret"
}
}
}Access Grafana at https://grafana.sebhosting.com (default: admin / your GRAFANA_PASSWORD)
Pre-configured dashboards:
- Container resource usage
- API request metrics
- Database performance
- Cache hit rates
Metrics available at http://nexus-prometheus:9090 (internal only)
# Example queries
rate(http_requests_total[5m])
container_memory_usage_bytes
redis_connected_clients
# Check all services
curl https://api.sebhosting.com/stats
# Individual service health
curl https://auth.sebhosting.com/health
curl https://cms.sebhosting.com/health- JWT Authentication β Stateless auth with Redis session store
- Rate Limiting β 20 requests/15min on auth endpoints
- WAF Protection β Web application firewall rules
- CORS Configuration β Strict origin policies
- Cloudflare Integration β DDoS protection, SSL/TLS
- Secret Management β Environment-based secrets
- Network Isolation β Internal Docker network for databases
See infrastructure/docker/docker-compose-HARDENED.yml for additional security configurations:
- Read-only root filesystems
- Dropped kernel capabilities
- Resource limits
- No-new-privileges flag
- Set up Cloudflare DNS pointing to your server
- Configure Traefik for Let's Encrypt SSL
- Update
.envwith production credentials - Deploy with Docker Compose:
cd infrastructure/docker
docker compose up -dK8s manifests and Helm charts are planned for future releases.
Returns service health status
Returns Docker container statistics, host metrics, and system info
{
"timestamp": "2026-02-14T06:19:07.261Z",
"docker": {
"containers": "17",
"running": "17",
"images": "29",
"serverVersion": "29.2.1"
},
"host": {
"load1": 0.95,
"memPercent": 2
},
"containers": [...]
}Get container logs (tail 50 by default)
Contributions are welcome! Please feel free to submit a Pull Request.
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
Built with π₯ by SEB Powered by: Docker, TypeScript, Next.js, Express, PostgreSQL, MongoDB, Redis, Traefik, Prometheus, Grafana, and Claude AI
- Issues: https://github.com/sebhosting/nexus/issues
- Discussions: https://github.com/sebhosting/nexus/discussions
Star this repo if NeXuS helped you build something awesome! β