Your home server.
Accessible from anywhere.

Install one binary. Get a full remote access dashboard — terminal, VPN, files, Docker, and more. No subscriptions. No third-party servers. Completely yours.

Open Source Self-hosted No cloud required
curl -fsSL https://get.devops-monk.com | bash
Get started — 5 min View on GitHub →
The Problem

Stop juggling five different tools.

Most people need 5+ separate tools to do what DevMonk Connect does in one.

Without DevMonk Connect

Tailscale
Vendor lock-in, data routed through their servers
ngrok
Paid plan for custom domains, tunnels expire
Cloudflare Tunnel
Complex setup, Cloudflare sees your traffic
Portainer
Separate install just for Docker management
Nginx Proxy Manager
Another service to configure and maintain
RustDesk
Requires a separate relay server for remote desktop
REPLACE ALL

With DevMonk Connect

One binary. Everything included.
✓ Terminal ✓ WireGuard VPN ✓ File Manager ✓ Docker Dashboard ✓ Reverse Proxy ✓ Remote Desktop ✓ 2FA + TOTP ✓ SSO / OAuth ✓ RBAC + Fleet
~30 MB RAM · runs on any Linux · arm64 + amd64 · single devmonk-agent binary
Architecture

One binary. Everything built in.

The entire platform is a single statically-linked Go binary. No containers, no dependencies, no daemon managers.

Your devices
Laptop
Phone
Tablet
Any browser, any OS
HTTPS — port 443
TLS Termination
nginx — reverse proxy + TLS termination
Handles HTTPS, forwards to agent on 127.0.0.1:7474
http://127.0.0.1:7474
devmonk-agent — single Go binary
Next.js Dashboard
embedded UI
REST API
/api/*
SQLite DB
local storage
JWT RS256
TOTP 2FA · OAuth
Terminal
PTY / WebSocket
WireGuard VPN
peer management
File Manager
browse · upload · dl
Docker
containers · logs
Remote Desktop
VNC / WebRTC
Reverse Proxy
auto TLS
RBAC · Audit Log · Fleet Management
multi-user · multi-server · role-based access
filesystem · docker.sock
WireGuard kernel
Your server filesystem
/home/user/projects
/var/www/html
Docker socket · images · volumes
WireGuard VPN
10.100.0.0/24
Server: 10.100.0.1
Connected peers — encrypted P2P
Features

Everything you need. Nothing you don't.

Each feature is purpose-built and deeply integrated — not a collection of bolted-together tools.

Feature 01

Web Terminal

A full shell in your browser. No SSH client, no port forwarding, no VPN needed. Your terminal session stays alive for 24 hours — close the tab and come back later to find your process still running.

Works from any browser Auto-resizes to window 256-colour support Ctrl+C / Z / D work No plugins needed
user@server — bash — 120×36
user@server:~$ ls -la /var/www
total 36
drwxr-xr-x 5 www-data www-data 4096 Mar 14 09:21 .
drwxr-xr-x 14 root root 4096 Mar 10 18:00 ..
drwxr-xr-x 8 www-data www-data 4096 Mar 14 09:21 html
-rw-r--r-- 1 www-data www-data 1234 Mar 13 14:32 index.html
-rwxr-xr-x 1 www-data www-data 8912 Mar 12 11:14 app
lrwxrwxrwx 1 root root 7 Mar 10 18:00 logs -> /var/log
user@server:~$ docker ps
CONTAINER ID IMAGE STATUS
a3f2c1d9e8b7 nginx:alpine Up 3 days
9b1e7d4f2a6c postgres:15 Up 3 days
user@server:~$
Feature 02

WireGuard VPN

Add any device as a WireGuard peer in 10 seconds. Scan the QR code with the WireGuard app on your phone or laptop. Your device gets a private IP (10.100.0.x) and connects directly to your server — peer-to-peer, fully encrypted.

Peer-to-peer encrypted QR code setup iOS & Android macOS & Windows & Linux Revoke any peer instantly
VPN Peers
4 peers connected
+ Add Peer
Device IP Address Status Last seen
iPhone 15 Pro 10.100.0.2 connected now
MacBook Pro 10.100.0.3 connected 2 min ago
Pixel 7 10.100.0.4 connected just now
Work Laptop 10.100.0.5 idle 1 hour ago
Server endpoint: your-server.example.com:51820
Feature 03

File Manager

Browse your server's files directly in the browser. Upload files from your laptop, download them later. No SFTP client, no SCP commands, no ssh key juggling — just a clean file browser that works from any device.

Upload files Download files Create folders Rename & delete Preview text / images
File Manager
/ home / user / projects
Name Size Modified
my-app Mar 14
backups Mar 10
scripts Mar 08
docker-compose.yml 2.4 KB Mar 13
README.md 4.1 KB Mar 12
backup-2026-03-14.tar.gz 142 MB Today
Docker Dashboard
Manage containers, watch live logs, start/stop/restart any service. Pull new images, inspect volumes and networks — without ever typing a docker command.
Container management Live log tail Start / stop / restart Image pull Volume inspector
Reverse Proxy
Expose any internal port with a public HTTPS URL in seconds. Auto TLS via Let's Encrypt. Add a subdomain rule, point it at localhost:3000, and you're live.
Auto TLS / Let's Encrypt Subdomain routing Path-based routing Basic auth option WebSocket support
Remote Desktop
See your server's screen in the browser. Click and type to control it remotely. No client software, no RDP, no VNC app — just a browser tab.
Browser-based VNC Click & type control Clipboard sync Resize to fit No client install
2FA & SSO
Protect your dashboard with TOTP two-factor authentication (RFC 6238). Or let your team log in with their Google or GitHub account — OAuth flows built in.
TOTP 2FA (RFC 6238) Google OAuth GitHub OAuth CSRF protection One-time codes
dmctl CLI
A companion CLI for power users and automation. Create VPN peers, manage users, run health checks, and script fleet operations — all from your terminal.
dmctl peers add dmctl users list dmctl health dmctl proxy add JSON output
RBAC & Fleet
Add team members with fine-grained roles. Monitor multiple servers from a single fleet dashboard. Every action is logged — who did what, when, from which IP.
Role-based access Audit log Multi-server fleet Invite via email Per-feature permissions
Use Cases

Who uses DevMonk Connect?

From a Raspberry Pi under your TV to a fleet of production VPS servers — DevMonk Connect scales with you.

Home Lab Enthusiast

Run Jellyfin, Nextcloud, and Pi-hole on your home server. Access them from anywhere, manage Docker containers without Portainer, and connect to your home VPN with a QR code. One dashboard for the whole stack.

Remote Developer

SSH into your dev machine from a coffee shop. Browse and edit files in the browser. Expose your local app to share with a client — get a live HTTPS URL in under 30 seconds, no ngrok account required.

Small Business / MSP

Manage 10 client servers from one fleet dashboard. The audit log shows every action taken. Role-based access keeps junior staff out of sensitive settings. Onboard a new client in minutes.

Raspberry Pi User

Turn a $35 Pi into a full remote access gateway. VPN server, file sharing, web terminal — all on ARM64, using only ~30 MB RAM at idle. Runs alongside your existing services without impacting performance.

Installation

Up and running in 5 minutes.

Four commands. One setup screen. No YAML files, no container orchestrators, no ops knowledge required.

1
SSH into your server
Connect to your Linux server via SSH as root or a sudo user.
ssh root@your-server-ip
2
Install the agent
The installer detects your architecture, downloads the binary, and sets up a systemd service.
curl -fsSL https://get.devops-monk.com | bash
3
Create your account
Open the setup wizard in your browser to set your admin username and password.
http://your-server-ip:7474/setup
4
You're in
Log in to your dashboard. All features are ready — no additional configuration needed.
http://your-server-ip:7474
Requirements: Any Linux server (VPS or home server) with SSH access. Minimum 1 vCPU, 512 MB RAM. Supports amd64 and arm64 (including Raspberry Pi). No domain name required to get started — you can add one later.
Security

Security built in, not bolted on.

Every security protection is enabled by default. No configuration needed — and no excuses.

JWT RS256
RSA-2048 keypair auto-generated on first run. Session tokens signed with your private key — unforgeable without it.
bcrypt Passwords
All passwords hashed with bcrypt at cost factor 12. Brute-force resistant even if the database is stolen.
TOTP 2FA
RFC 6238 compliant TOTP. Works with any authenticator app — Google Authenticator, Authy, 1Password, Bitwarden.
Rate Limiting
Max 10 failed login attempts per 15-minute window per IP. Automated brute-force attacks are blocked automatically.
OAuth CSRF Protection
16-byte random nonces on every OAuth flow. State parameters validated server-side — cross-site request forgery is impossible.
One-time OAuth Codes
Authorization codes are single-use with a 30-second TTL. Replay attacks are structurally impossible.
HTTPS Everywhere
All traffic encrypted in transit via TLS. Auto TLS via Let's Encrypt when a domain is configured. No plain HTTP in production.
Localhost Binding
The agent binds to 127.0.0.1 by default — not exposed to the public internet directly. All external access goes through nginx.
FAQ

Common questions.

No. DevMonk Connect works with just an IP address. You can access it at http://your-server-ip:7474 right after installation. If you want HTTPS with a real domain (recommended for production), you can point any domain or subdomain at your server and DevMonk Connect will configure nginx and request a Let's Encrypt certificate automatically.
Never. DevMonk Connect is fully self-hosted. The binary runs entirely on your server. Your files, terminal sessions, VPN traffic, and Docker data never leave your machine. The installer script downloads the binary from our CDN, but after that your instance communicates with nothing except your own devices.
Yes — with a couple of conditions. For the web dashboard (HTTP/HTTPS), your server needs to be reachable on port 443 or 7474. For WireGuard VPN, you need UDP port 51820 open. If you're behind a strict NAT or don't want to open ports, you can pair DevMonk Connect with a Dynamic DNS service and port-forward from your router. A future release will include an optional relay for fully firewalled environments.
Run the same install command again: curl -fsSL https://get.devops-monk.com | bash. The installer is idempotent — it detects the existing installation, downloads the latest binary, does a graceful restart, and preserves all your data (SQLite database, WireGuard keys, configuration). Downtime is typically under 2 seconds. You can also use dmctl update from the CLI.
SSH into your server and run: devmonk-agent reset-password --user admin. This will prompt you to set a new password directly on the server. No email required. Alternatively, use dmctl users reset-password <username> from the CLI tool.
Yes. DevMonk Connect ships a native arm64 binary. It runs on Raspberry Pi 4, Pi 5, and any other arm64 Linux device. The agent uses approximately 30 MB RAM at idle — comfortable on even a Pi Zero 2 W. The installer auto-detects your architecture and downloads the correct binary. Pi 3 (armv7) support is planned.