Skip to content
Tundra

Add Your First Server

Tundra manages servers through the tundra-agent — a lightweight binary that runs on each server and communicates with the control plane over mTLS gRPC.

Single-host mode (same server)

Section titled “Single-host mode (same server)”

If you installed Tundra on the server you want to manage, the local server is automatically enrolled during install. You’ll see it in Servers with status Active.

Adding a remote server

Section titled “Adding a remote server”

  1. Open the Add Server wizard

    In the panel, go to Servers → Add Server.

  2. Enter the server details

    • Hostname or IP address
    • SSH port (default: 22)
    • SSH username (must have sudo)
    • SSH key or password

  3. Confirm the SSH fingerprint

    Tundra connects over SSH and shows the server’s host key fingerprint. Verify it matches your server before proceeding.

  4. Install the agent

    Tundra runs the agent install script over SSH. The agent is installed as a systemd service and immediately enrolls with the control plane using a short-lived setup token.

  5. Verify enrollment

    The server status changes from EnrollingActive once the agent connects. CPU, RAM, and disk metrics appear within 30 seconds.

Manual enrollment

Section titled “Manual enrollment”

If SSH access isn’t available, you can enroll manually:

Terminal window
# On the control plane — generate an enrollment token
tundra server token create --server-id <id>


# On the managed server — run the agent installer
curl -fsSL https://raw.githubusercontent.com/mralaminahamed/tundra/main/installer/agent-install.sh | sudo bash -s -- \
  --control-plane https://your-panel.example.com:7447 \
  --token tnd_setup_<token>

What the agent manages

Section titled “What the agent manages”

Once enrolled, the agent handles:

CapabilityDetails
Site provisioningCreates directories, configures Caddy vhosts, PHP-FPM pools
DeploymentsBlue/green with atomic symlink swap
CertificatesACME via Let’s Encrypt / ZeroSSL
MetricsCPU, RAM, disk, network — scraped every 30s
LogsForwards site logs to tundrad over gRPC stream

Server detail page

Section titled “Server detail page”

Click a server to see:

  • Overview — uptime, resource usage, OS, agent version
  • Sites — sites hosted on this server
  • Databases — database servers and instances
  • Firewall — inbound/outbound rules
  • Updates — pending system package updates
  • Processes — running processes (top 20 by CPU)
  • SSH — web-based terminal via xterm.js