Complete Guide

DevMonk Connect
Documentation

Step-by-step instructions for every feature — from installing the agent on a home PC or VPS, to using each feature from the browser or terminal.

Quick Install >_ Web Terminal VPN Docker dmctl CLI
🖥

Supported Platforms

DevMonk Connect runs as a single binary — no dependencies, no runtime, no database server needed.

PlatformArchitectureNotes
Linuxx86_64 (64-bit)Most VPS providers (DigitalOcean, Hetzner, Linode, AWS)
LinuxARM64Raspberry Pi 4/5, AWS Graviton, Oracle Cloud ARM
macOSApple Silicon (M1/M2/M3)Full support including remote desktop
macOSIntelFull support
Windowsx86_64Run as a background process or Windows Service

The dashboard works in any modern browser: Chrome, Safari, Firefox, Edge — including on mobile.

Installation

One command — the install script detects your OS and CPU, downloads the right binary, and starts the agent automatically.
Linux / VPS (Ubuntu, Debian, RHEL)
# 1. Run the install script
curl -fsSL https://get.devops-monk.com | bash

# 2. Verify the agent is installed
which devmonk-agent
# → /usr/local/bin/devmonk-agent

devmonk-agent --version

# 3. Check it's running (systemd starts it automatically)
systemctl status devmonk-agent

# 4. Open in browser
# http://<your-server-ip>:7474/setup
macOS (Apple Silicon or Intel)
# 1. Run the install script
curl -fsSL https://get.devops-monk.com | bash

# 2. Verify the binary is installed
which devmonk-agent
# → /usr/local/bin/devmonk-agent

# 3. Start the agent (runs in foreground — open a new tab for other commands)
devmonk-agent

# Or run in background:
devmonk-agent &

# 4. Open in browser
# http://localhost:7474/setup
Windows (PowerShell)
# 1. Download the binary
Invoke-WebRequest -Uri "https://get.devops-monk.com/devmonk-agent-windows-amd64.exe" `
  -OutFile "devmonk-agent.exe"

# 2. Run it
.\devmonk-agent.exe

# 3. Open in browser
# http://localhost:7474/setup

# To install as a Windows Service (auto-starts on boot):
.\devmonk-agent.exe install-service
Start-Service DevMonkAgent
Raspberry Pi (ARM64)
# Same one-liner — auto-detects ARM64
curl -fsSL https://get.devops-monk.com | bash

# Check it's running
systemctl status devmonk-agent

# Find your Pi's IP
hostname -I

# Open in browser from another device on the same network:
# http://<pi-ip>:7474/setup

After installing — create your account

1
Open the setup page

Go to http://<your-server-ip>:7474/setup in your browser. On a local machine use http://localhost:7474/setup.

2
Enter a username and password

This creates the owner account. The setup page works only once and is permanently disabled afterwards.

3
Log in

Go to http://<your-server-ip>:7474 and log in with your credentials.

VPS production setup (HTTPS + domain)

nginx + Let's Encrypt
# 1. Install nginx and certbot
apt install nginx certbot python3-certbot-nginx

# 2. Get a TLS certificate (replace with your domain)
certbot --nginx -d app.yourdomain.com

# 3. Create nginx config
cat > /etc/nginx/sites-available/devmonk << 'EOF'
server {
    listen 443 ssl;
    server_name app.yourdomain.com;

    ssl_certificate     /etc/letsencrypt/live/app.yourdomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/app.yourdomain.com/privkey.pem;

    location / {
        proxy_pass http://127.0.0.1:7474;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_read_timeout 3600;
    }
}
EOF

ln -s /etc/nginx/sites-available/devmonk /etc/nginx/sites-enabled/
nginx -t && systemctl reload nginx
>_

Web Terminal

A full shell in your browser — works exactly like SSH with no SSH client, no port forwarding, and no keys to manage. Run any command, use vim/nano, stream logs, run htop — all from a browser tab.

Use when: You want to run commands on your server from any device (phone, borrowed laptop, tablet) without setting up SSH.

How to open a terminal

1
Log in to the dashboard

Go to your agent URL — e.g. https://app.yourdomain.com

2
Click Terminal in the sidebar

A shell opens immediately — you're logged in as the user running the agent (usually root on a VPS).

3
Start typing

Any command works. The terminal supports full color, resize, and 24-hour persistent sessions.

Keyboard shortcuts

ShortcutAction
Ctrl+CKill the running process
Ctrl+DExit / end of input
Ctrl+LClear the screen
Ctrl+RSearch command history
Ctrl+AJump to start of line
Ctrl+EJump to end of line
TabAutocomplete
/ Navigate command history

Useful commands to try

Example commands
# Monitor CPU and memory in real time
htop

# Watch live logs from a service
journalctl -u myapp -f

# Check disk usage
df -h

# Run a long job that keeps running even if you close the tab
nohup ./my-script.sh > output.log 2>&1 &

# Use tmux to keep multiple panels (persists across reconnects)
tmux new -s main
Sessions persist for 24 hours Closing the browser tab doesn't kill your shell session. Reconnect within 24 hours and everything is still running. Use tmux or screen for even longer-lived sessions.

WireGuard VPN

DevMonk Connect runs a WireGuard VPN server on your machine. Add your devices as peers — they get a private IP on a 10.100.0.0/24 network and can reach the server (and each other) securely.

Use when: You want to access your server privately from anywhere, reach services that aren't publicly exposed, or create a private network between multiple machines.

Server requirements (VPS / Linux)

One-time setup on the server
# Install WireGuard
apt install wireguard

# Open the VPN port in the firewall
ufw allow 51820/udp

# Enable IP forwarding (allows VPN traffic to route)
echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
sysctl -p

Add a device (browser)

1
Open VPN Peers in the sidebar

The server's public key, network, and port are shown at the top.

2
Click "Add peer" → enter a name

Use a descriptive name: "iPhone", "Home Laptop", "Office PC".

3
Click "Config / QR" on the new peer

A QR code and the WireGuard config text appear.

4
Import into WireGuard on your device

Mobile: scan the QR code. Desktop: download the .conf file and import it.

5
Activate the tunnel

Toggle the connection on in the WireGuard app. Your device is now on the VPN.

Install WireGuard on your device

DeviceHow to get WireGuard
iPhone / iPadApp Store → search "WireGuard" (free, official app)
AndroidPlay Store → search "WireGuard" (free, official app)
macOSApp Store → WireGuard, or brew install wireguard-tools
WindowsDownload installer from wireguard.com
Linuxapt install wireguard or pacman -S wireguard-tools

Connect on Linux (manual)

Linux WireGuard
# Copy the config file (downloaded from the dashboard)
sudo cp mypeer.conf /etc/wireguard/devmonk.conf
sudo chmod 600 /etc/wireguard/devmonk.conf

# Start the VPN tunnel
sudo wg-quick up devmonk

# Auto-connect on boot
sudo systemctl enable wg-quick@devmonk

# Check the tunnel is active
sudo wg show

# Stop the tunnel
sudo wg-quick down devmonk

After connecting

Your device gets a private VPN IP (shown in the peer list, e.g. 10.100.0.2). The server is always at 10.100.0.1.

What you can do over VPN
# Test the connection
ping 10.100.0.1

# SSH to your server (no public SSH port needed)
ssh user@10.100.0.1

# Access the agent dashboard privately
# Open in browser: http://10.100.0.1:7474

# Access any service on the server (e.g. database, dev server)
# http://10.100.0.1:3000  — a web app on port 3000
# psql -h 10.100.0.1 -U myuser mydb  — PostgreSQL
macOS M1/M2 WireGuard won't start? Go to System Settings → Privacy & Security → scroll down → click Allow next to the WireGuard system extension. Then try activating the tunnel again.

File Manager

Browse, upload, download, rename, and delete files on your server from any browser — like a Finder or Windows Explorer for your remote machine.

Use when: You need to grab a log file, upload a script, or manage files without SSH or an FTP client.

How to use

1
Click Files in the sidebar

Your home directory is shown by default. The current path is displayed at the top.

2
Navigate folders

Click any folder to open it. Use the breadcrumb at the top to go back.

3
Download a file

Click any file name to download it directly to your device.

4
Upload files

Click the Upload button → select files from your device.

5
Create folder / Rename / Delete

Use the action buttons or right-click context menu on any file or folder.

Path traversal protected You cannot navigate outside the allowed directory using ../ tricks. All access is authenticated with your login token.

Remote Desktop

View and control your server's graphical desktop from any browser. Works best when your machine has a desktop environment installed.

Headless VPS? A typical VPS has no monitor or desktop environment — remote desktop will show a blank screen. You need to install a desktop and a virtual display first (see below).
Use when: Your server or home PC has a graphical desktop (Raspberry Pi with desktop, a Linux workstation, or any machine with a display).

Home PC / Desktop machine

If the machine already has a desktop running (macOS, Windows, Linux desktop), just install the agent and open the Remote tab — you'll see the live screen immediately.

VPS / headless server — setup virtual display

Install desktop + virtual display
# Install a lightweight desktop (XFCE is recommended for VPS)
apt install xfce4 xfce4-goodies scrot xvfb

# Start a virtual 1080p display
Xvfb :1 -screen 0 1920x1080x24 &
export DISPLAY=:1

# Start the desktop
xfce4-session &
Make it start automatically on boot
# Create a systemd service for the virtual display
cat > /etc/systemd/system/devmonk-desktop.service << 'EOF'
[Unit]
Description=Virtual Desktop for DevMonk Remote
After=devmonk-agent.service

[Service]
ExecStart=/usr/bin/Xvfb :1 -screen 0 1920x1080x24
Restart=always

[Install]
WantedBy=multi-user.target
EOF

systemctl enable --now devmonk-desktop

# Tell the agent to capture display :1
systemctl edit devmonk-agent
# Add these lines in the editor:
# [Service]
# Environment=DISPLAY=:1

systemctl restart devmonk-agent

How to use

1
Click Remote in the sidebar

The screen capture stream starts immediately.

2
Click anywhere on the screen to send mouse clicks

Right-click, left-click, and scroll wheel all work.

3
Type to send keyboard input

Click in an input field on the remote screen, then type normally.

Docker Dashboard

Manage Docker containers and images on your server — start, stop, restart, view live logs, and check CPU/memory usage — all from a browser.

Use when: You run services in Docker and want to monitor, restart, or debug them without SSH.

Requirements

Install Docker (if not already installed)
# Install Docker
apt install docker.io
systemctl enable --now docker

# If the agent isn't running as root, add it to the docker group
usermod -aG docker devmonk
systemctl restart devmonk-agent

Managing containers

1
Click Docker in the sidebar

All containers are listed — both running and stopped — with their image, state, and ports.

2
Start / Stop / Restart a container

Use the action buttons on each container row. Changes take effect immediately.

3
Stream live logs

Click the Logs button to open a live log stream from the container in your browser — same as docker logs -f.

4
View CPU and memory stats

Click the container name to see real-time resource usage: CPU%, memory, and network I/O.

Reverse Proxy & Auto-TLS

Expose any service running on your server to the internet with a public HTTPS URL — DevMonk writes the nginx config and obtains a Let's Encrypt certificate automatically.

Use when: You have an app running on a local port (e.g. port 3000) and want to give it a public HTTPS domain without manually configuring nginx.

Requirements

Install nginx + certbot
apt install nginx certbot python3-certbot-nginx
Create a DNS record first Before creating a service, point your subdomain at your server's IP. Go to your domain registrar → DNS → add an A record: blog → 1.2.3.4 (your VPS IP). Wait a few minutes for DNS to propagate.

Expose a service

1
Click Services in the sidebar

A list of all configured services with their domain, port, and TLS status is shown.

2
Click "Add service"

Fill in: Name (label), Domain (e.g. blog.yourdomain.com), Target port (e.g. 3000), Auth (none = public, agent = requires DevMonk login).

3
Click Create

DevMonk writes the nginx config and runs certbot in the background. In about 30 seconds your service is live at https://blog.yourdomain.com.

4
TLS certificate is automatic

The certificate is obtained from Let's Encrypt and renews automatically before expiry.

🔐

Two-Factor Authentication (2FA)

Adds a time-based one-time password to every login. Even if your password is stolen, nobody can log in without your phone.

Works with: Google Authenticator, Authy, 1Password, Bitwarden, Apple Passwords, and any RFC 6238 TOTP app.

Enable 2FA

1
Go to Settings in the sidebar
2
Click "Enable 2FA"

A QR code appears.

3
Scan with your authenticator app

Open Google Authenticator / Authy / 1Password → add account → scan the QR code.

4
Enter a 6-digit code to confirm

This activates 2FA. From now on, every login requires the code.

Login with 2FA

1
Enter your username and password
2
Open your authenticator app → get the 6-digit code

Codes refresh every 30 seconds and can only be used once.

3
Enter the code → logged in
🔑

Google & GitHub SSO

Log in with your Google or GitHub account — no password needed. The admin must configure OAuth credentials in the agent config first.

Setup (admin)

/etc/devmonk-agent.yaml
oauth:
  redirect_base: "https://app.yourdomain.com"
  google:
    client_id: "123456.apps.googleusercontent.com"
    client_secret: "GOCSPX-..."
  github:
    client_id: "Ov23li..."
    client_secret: "abc123..."

Restart the agent after saving: systemctl restart devmonk-agent

Login

1
Click "Sign in with Google" or "Sign in with GitHub" on the login page
2
Authorize the app in the Google/GitHub popup
3
Redirected back and logged in automatically
👥

User Management & Roles

Create multiple user accounts and assign roles to control what each person can do.

RolePermissions
ownerFull access. Manage all users, see all audit logs, control everything. One per install.
adminFull access to all features. Can manage non-owner users.
viewerRead-only. Can see status and monitoring. Cannot make changes.

Add a user

1
Click Users in the sidebar (owner and admin only)
2
Click "Add user" → enter username, password, and role
3
The user can now log in with their credentials
📋

Audit Log

Every action through the dashboard or API is recorded: who did what, when, from which IP, and whether it succeeded.

How to view

1
Click Audit in the sidebar (owner and admin only)
2
The last 100 events are shown, auto-refreshing every 30 seconds
3
Each entry shows: user, IP address, action, resource, result (success/failure)
🖥

Fleet Dashboard

Manage multiple DevMonk agents across different machines from one central dashboard. Register remote agents, see their version and status, ping them to verify connectivity.

Use when: You have more than one machine running devmonk-agent and want a single place to see all of them.

Register a remote agent

1
Install the agent on the remote machine

curl -fsSL https://get.devops-monk.com | bash

2
Click Fleet in the sidebar on your primary machine
3
Click "Register agent"

Enter a name, the remote agent's URL (e.g. http://10.100.0.5:7474), and an API key if needed.

4
The agent appears in the fleet list with version, platform, and last-seen time

dmctl — Terminal CLI

A standalone command-line tool to control your DevMonk agent from a terminal. Useful for scripting, automation, or when you prefer the terminal over the browser.

Install

Install dmctl
curl -fsSL https://get.devops-monk.com/dmctl | bash

Login

Login
dmctl login
# Agent URL: https://app.yourdomain.com
# Username:  admin
# Password:  ••••••••
# ✓ Logged in — config saved to ~/.config/devmonk/dmctl.yaml

All commands

Status
dmctl status
# Agent:    https://app.yourdomain.com
# Version:  1.12.0
# Uptime:   4d 2h 17m
# Platform: linux/amd64
VPN management
# List all VPN peers
dmctl vpn list

# Add a new peer (prints the WireGuard config)
dmctl vpn add "My Laptop"

# Get config for an existing peer
dmctl vpn config <peer-id>

# Remove a peer (revokes access immediately)
dmctl vpn remove <peer-id>
File management
# List files
dmctl files list
dmctl files list /var/log

# Create a directory
dmctl files mkdir /home/user/backups

# Delete a file
dmctl files delete /home/user/old.log
Docker management
# List containers
dmctl docker ps

# Start / stop / restart
dmctl docker start <container-name>
dmctl docker stop <container-name>
dmctl docker restart <container-name>
Reverse proxy / expose
# List services
dmctl expose list

# Expose a local port with a domain + TLS
dmctl expose add --name "My App" --domain app.yourdomain.com --port 3000

# Remove a service
dmctl expose remove <service-id>

# Renew TLS certificate
dmctl expose renew <service-id>
🏠

Use Case: Home Lab Server

Scenario: NAS, Raspberry Pi, or old PC at home. You want to manage it from work or while traveling.

Setup
# On the home server:
curl -fsSL https://get.devops-monk.com | bash

# Create your account at http://<home-ip>:7474/setup

# Add your laptop as a VPN peer (from the dashboard)
# VPN → Add peer → "Work Laptop" → download config → import into WireGuard

# Now from anywhere in the world:
# - Open browser → http://10.100.0.1:7474 → full dashboard
# - Terminal → run commands on your home server
# - Files → grab files from home
# - SSH over VPN (no open ports needed):
ssh user@10.100.0.1
💻

Use Case: Remote Developer on a Cloud VPS

Scenario: Powerful cloud VPS for all development. Work from a lightweight laptop or tablet.

Workflow
# 1. Open the web terminal on the VPS
#    Dashboard → Terminal

# 2. Start your dev environment
docker-compose up -d

# 3. Expose the dev server publicly with HTTPS
dmctl expose add --name "Dev App" --domain dev.yourdomain.com --port 3000

# 4. Open https://dev.yourdomain.com in another tab — test the app

# 5. Use Files to upload/download assets
#    Dashboard → Files

# 6. Monitor containers
#    Dashboard → Docker → click Logs
🍓

Use Case: Raspberry Pi Fleet

Scenario: Multiple Raspberry Pis running sensors or services. Manage them all from one place.

Setup
# On each Pi — same install command
curl -fsSL https://get.devops-monk.com | bash

# On the main Pi — add others as VPN peers
dmctl vpn add "Pi Sensor 1"   # copy config to pi-1
dmctl vpn add "Pi Sensor 2"   # copy config to pi-2

# Register them in the Fleet
# Dashboard → Fleet → Register agent
# URL: http://10.100.0.2:7474 (Pi Sensor 1's VPN IP)

# Now monitor all Pis from the Fleet page
# Ping any Pi, see its version and last-seen time
🍎

Use Case: Access Your MacBook Remotely

Scenario: You left your MacBook at home and want to access files or run commands on it.

Setup
# Step 1: Install the agent on the MacBook
curl -fsSL https://get.devops-monk.com | bash
devmonk-agent   # runs on http://localhost:7474

# Step 2: On your VPS — add the MacBook as a VPN peer
# Dashboard → VPN → Add peer → "MacBook"
# Download the config file

# Step 3: On the MacBook — import the WireGuard config
# WireGuard app → + → Import tunnel → select the .conf → Activate

# Step 4: MacBook is now at e.g. 10.100.0.3 (shown in VPN Peers list)

# Step 5: From anywhere:
# Open http://10.100.0.3:7474 → MacBook's agent dashboard
# Terminal → shell on the MacBook
# Files → browse MacBook files
ssh yourusername@10.100.0.3   # SSH to MacBook
👨‍💻

Use Case: Team Server

Scenario: Multiple team members need access to a shared server with different permission levels.

Setup
# Owner creates accounts for each person
# Dashboard → Users → Add user
# alice → admin (full access)
# bob   → viewer (read-only, can see logs but not change things)

# Each person installs dmctl on their laptop
curl -fsSL https://get.devops-monk.com/dmctl | bash
dmctl login   # their own credentials

# Audit log tracks everything
# Dashboard → Audit → see who did what and when
🔧

Troubleshooting

Agent not starting

Diagnose
which devmonk-agent            # check it's installed
devmonk-agent                  # run directly to see errors
systemctl status devmonk-agent
journalctl -u devmonk-agent -n 50
curl http://localhost:7474/api/health

VPN peer won't connect

Diagnose
wg show                        # check WireGuard tunnel
ufw status | grep 51820        # check port is open
sysctl net.ipv4.ip_forward     # must be 1
macOS M1/M2: Go to System Settings → Privacy & Security → click Allow next to WireGuard, then try activating the tunnel again.

Docker page shows "Docker unavailable"

Fix
apt install docker.io
systemctl enable --now docker
usermod -aG docker devmonk     # if agent isn't root
systemctl restart devmonk-agent

Reverse proxy / TLS not working

Diagnose
nginx -t                       # test nginx config
certbot --version              # check certbot installed
dig A blog.yourdomain.com      # check DNS points here
nginx -t && systemctl reload nginx

Session expired / stuck on dashboard

If you see the dashboard but nothing loads, your JWT has expired. Click Sign out or close and reopen the browser — any API error automatically redirects you to the login page.

dmctl "unauthorized" error

Fix
dmctl login    # re-authenticate — credentials may have changed