Skip to content
Meshploy

Introduction

Your servers. Private by default. PaaS simplicity.

Meshploy is a self-hosted PaaS that orchestrates multi-node deployments across a WireGuard mesh network, powered by K3s. Worker nodes are completely dark to the public internet — no open ports, no exposed services. The only public-facing component is the Meshploy Edge Gateway.

Deploy apps, provision managed databases, and ship to a global distributed cluster with a Vercel-like developer experience backed by enterprise-grade infrastructure.

Documentation

Section titled “Documentation”

For users

Section titled “For users”
DocumentDescription
How it worksWhy NS delegation, why dark workers, how TLS works, CLI vs dashboard, MCP server — the questions that come up when you’re setting up or evaluating Meshploy
Self-hosting guideInstall, DNS setup, supported distros, managing your installation
API referenceAll REST routes — useful when scripting against the API directly
CLI referenceAll CLI commands, config file, node workflows

For contributors & engineers

Section titled “For contributors & engineers”
DocumentDescription
CONCEPTS.mdArchitectural decisions — why each technical choice was made and what the alternative was
CONTRIBUTING.mdDev setup, coding guidelines, local vs VPS testing, PR process
CLAUDE.mdCoding standards, repo layout, safety guardrails — read before making changes
packages/db/README.mdShared DB models — schema, migrations, encryption
apps/proxy/README.mdEdge proxy internals — route cache, “Ask & Resolve” pattern
apps/web/AGENTS.mdFrontend coding rules — @base-ui/react patterns, TanStack Router conventions

Stack

Section titled “Stack”
ComponentTechnology
apps/apiGo · Chi · Huma (OpenAPI 3.1)
apps/proxyGo · net/http
apps/webVite · React 19 · TanStack Router · Tailwind · shadcn/ui
apps/cliGo · Cobra — static binary for node & cluster management
packages/dbGo · GORM · PostgreSQL
InfrastructureHeadscale · K3s · CoreDNS · Caddy

CLI

Section titled “CLI”

The meshploy CLI lets you manage nodes and authenticate from the terminal without the web dashboard. It is installed automatically by get.sh and lives at /usr/local/bin/meshploy.

Terminal window
# Authenticate against your instance
meshploy auth login --api-url https://app.your-domain.com


# Manage nodes
meshploy node list
meshploy node delete <id>
meshploy node token get


# Install/uninstall a node (requires root, shells out to install.sh / uninstall.sh)
sudo meshploy node install
sudo meshploy node uninstall


# Update the CLI on an existing node without re-running install
sudo bash -c "$(curl -fsSL https://raw.githubusercontent.com/meshploy/meshploy/main/get.sh)" _ --cli-only

See apps/cli/README.md for the full command reference.

Features

Section titled “Features”
  • Application deployments: Nixpacks, Railpack, or Dockerfile; pre-built images also supported; any language or framework
  • Managed databases: PostgreSQL, MySQL, Redis, MongoDB, Dragonfly, ClickHouse as K8s workloads
  • Docker Compose: native Compose file support via compose-go; lift-and-shift existing stacks
  • AI-native: MCP server with 90+ tools — Claude Code can deploy, query, manage, and monitor your platform without leaving your editor
  • WireGuard mesh networking: workers are dark to the public internet; all traffic routes over the mesh
  • Multi-node K3s cluster: unlimited workers; builds and jobs run as ephemeral K8s Jobs
  • Git integrations: GitHub (App), GitLab, and Gitea; auto-detect build context
  • Jobs & cron: one-off and scheduled jobs with full run history
  • Automated backups: scheduled to any S3-compatible storage (R2, MinIO, AWS); restore from dashboard
  • Real-time monitoring: node and container CPU / memory / network metrics
  • Web terminal: SSH into any node or exec into any pod from the browser
  • DB Explorer: run live queries and browse schema from the dashboard
  • Notifications: Slack, Discord, email, or generic webhooks on deploy events
  • RBAC: organizations, projects, Owner / Admin / Member roles, per-resource permissions
  • CLI: manage nodes, deployments, and services from the terminal

Who is this for?

Section titled “Who is this for?”
  • Solo developers and small teams who want Render or Railway-level simplicity but on their own servers — no per-seat pricing, no vendor lock-in
  • Teams with compliance or data residency requirements — every workload runs on your infrastructure, nothing leaves it
  • Engineers running multi-cloud or bare-metal — mix Hetzner, AWS spot instances, and home servers in one cluster without cloud VPC complexity