Home Features Pricing Documentation About Blog Privacy
login Login Get Started Free

Documentation

Everything you need to master NebulaOps. Guides, tutorials, API reference, and more.

search Ctrl+K

rocket_launch Getting Started

Welcome to NebulaOps! Get up and running in minutes with our AI-powered server management platform. Follow these steps to connect your first server and start managing your infrastructure with natural language.

1

Create Account

Sign up for free and set up your organization workspace.

2

Install Agent

Run our one-line installer on your server to connect it.

3

Start Chatting

Use AI to manage, monitor, and troubleshoot your servers.

download Installation Guide settings Configuration Options code API Reference school AI Chat Guide

Explore Documentation

download

Installation

Install the NebulaOps agent on any Linux, Windows, or macOS server in under 60 seconds.

Linux arrow_forward Windows arrow_forward macOS arrow_forward Docker arrow_forward
settings

Configuration

Customize NebulaOps to fit your workflow. Environment variables, config files, and more.

Agent Config arrow_forward Environment arrow_forward Security arrow_forward
code

API Reference

Full REST API documentation for automating and integrating with NebulaOps.

Authentication arrow_forward Servers arrow_forward Commands arrow_forward Webhooks arrow_forward
chat

AI Chat & Features

Learn how to leverage AI models for server management, troubleshooting, and automation.

Chat Guide arrow_forward AI Models arrow_forward BYOAI arrow_forward Examples arrow_forward

download Installation

The NebulaOps agent is a lightweight daemon that connects your server to the NebulaOps platform. It handles secure communication, command execution, metrics collection, and real-time monitoring. Installation takes under 60 seconds on any supported platform.

System Requirements

  • Linux: Ubuntu 20.04+, Debian 11+, CentOS 8+, RHEL 8+, Fedora 36+, Amazon Linux 2+, Arch Linux
  • Windows: Windows Server 2019+, Windows 10/11 (PowerShell 5.1+)
  • macOS: macOS 12 (Monterey) or later, Apple Silicon and Intel supported
  • Resources: 64MB RAM minimum, 50MB disk space, outbound HTTPS (port 443)

Linux (Recommended)

Run the universal installer script. It auto-detects your distribution and installs the appropriate package.

bash curl -fsSL https://nebulaops.tech/install.sh | bash

For non-interactive environments or CI/CD pipelines, pass your API key directly:

bash curl -fsSL https://nebulaops.tech/install.sh | bash -s -- --api-key YOUR_API_KEY --server-name "production-web-01"

Windows

Open PowerShell as Administrator and run:

powershell iwr -useb https://nebulaops.tech/install.ps1 | iex

The installer registers NebulaOps as a Windows Service that starts automatically on boot.

macOS

Install via Homebrew:

bash brew tap nebulaops/tap brew install nebulaops-agent

After installation, start the agent:

bash nebulaops agent start --api-key YOUR_API_KEY

Docker

Run the agent as a Docker container for containerized environments:

bash docker run -d \ --name nebulaops-agent \ --restart unless-stopped \ -e NEBULAOPS_API_KEY=YOUR_API_KEY \ -e NEBULAOPS_SERVER_NAME="docker-host-01" \ -v /var/run/docker.sock:/var/run/docker.sock \ -v /proc:/host/proc:ro \ -v /sys:/host/sys:ro \ ghcr.io/nebulaops/agent:latest

Mount /var/run/docker.sock to enable Docker management features. The /proc and /sys mounts allow host-level metrics collection.

Verifying Installation

After installation, verify the agent is running and connected:

bash nebulaops status

You should see output confirming the agent is connected to the NebulaOps platform. Your server will also appear in the dashboard within a few seconds.

settings Configuration

NebulaOps can be configured through a YAML configuration file, environment variables, or command-line flags. Settings are applied in the following order of precedence: CLI flags > environment variables > config file > defaults.

Agent Configuration File

The primary config file is located at /etc/nebulaops/agent.yaml on Linux and macOS, or C:\ProgramData\NebulaOps\agent.yaml on Windows.

yaml # /etc/nebulaops/agent.yaml # API connection settings api_key: "nops_sk_xxxxxxxxxxxxxxxxxxxx" server_url: "https://api.nebulaops.tech" server_name: "production-web-01" # Agent behavior log_level: "info" # debug, info, warn, error metrics_interval: 30 # seconds between metric reports heartbeat_interval: 15 # seconds between heartbeats # Security settings allowed_commands: - "systemctl *" - "docker *" - "kubectl *" - "journalctl *" blocked_commands: - "rm -rf /" - "dd if=/dev/*" require_approval: false # require manual approval for commands tls_verify: true # verify TLS certificates # Resource limits max_cpu_percent: 5 # max CPU usage by agent max_memory_mb: 128 # max memory usage by agent

Environment Variables

All configuration options can be set via environment variables. These override values in the config file.

  • NEBULAOPS_API_KEY — Your API key for authentication
  • NEBULAOPS_SERVER_URL — API endpoint URL (default: https://api.nebulaops.tech)
  • NEBULAOPS_SERVER_NAME — Display name for this server in the dashboard
  • NEBULAOPS_LOG_LEVEL — Logging verbosity: debug, info, warn, error
  • NEBULAOPS_METRICS_INTERVAL — Metrics collection interval in seconds
  • NEBULAOPS_TLS_VERIFY — Enable or disable TLS certificate verification
  • NEBULAOPS_REQUIRE_APPROVAL — Require manual approval before executing commands
  • NEBULAOPS_TAGS — Comma-separated tags for server grouping (e.g., env:prod,team:infra)

Security Settings

NebulaOps takes security seriously. The agent supports command allowlists and blocklists to control what can be executed on your servers.

  • Command Allowlist: Only commands matching patterns in allowed_commands will be executed. Supports glob patterns.
  • Command Blocklist: Commands matching blocked_commands patterns are always rejected, even if they match an allow rule.
  • Approval Mode: When require_approval: true, all commands require manual approval in the dashboard before execution.
  • TLS Verification: Always keep tls_verify: true in production. Disabling is only for testing with self-signed certificates.

Reloading Configuration

After modifying the config file, reload the agent without downtime:

bash # Linux (systemd) sudo systemctl reload nebulaops-agent # Or send SIGHUP directly sudo kill -HUP $(pidof nebulaops-agent)

chat AI Chat

NebulaOps AI Chat is the core of the platform. Instead of remembering complex commands and syntax, just describe what you want in plain English. The AI understands your server context, installed services, and running processes to provide accurate, executable solutions.

Supported AI Models

NebulaOps supports multiple state-of-the-art AI models. Each plan includes access to different model tiers:

  • Claude Sonnet 4.6 — Fast, capable model ideal for everyday server tasks. Included in all plans.
  • Claude Haiku 4.5 — Ultra-fast model for simple queries and quick commands. Included in all plans.
  • Claude Opus 4.6 — Most capable model for complex troubleshooting, architecture review, and multi-step operations. Available on Pro and Enterprise plans.
  • Gemini 3.1 Pro — Google's advanced reasoning model with large context window. Available on Pro and Enterprise plans.
  • Gemini 2.5 Flash — Fast Google model optimized for quick operations. Included in all plans.

BYOAI (Bring Your Own AI)

On the Enterprise plan, you can connect your own AI API keys for unlimited usage. This allows you to:

  • Use your organization's existing API agreements and volume discounts
  • Maintain full control over data routing and compliance
  • Access any model without NebulaOps usage limits
  • Configure custom model endpoints for private or fine-tuned models

Configure BYOAI in your dashboard under Settings > AI Configuration, or set the NEBULAOPS_AI_API_KEY and NEBULAOPS_AI_PROVIDER environment variables.

Example Commands

Here are some common things you can ask the AI chat:

examples # System diagnostics "Why is my server slow? Check CPU, memory, and disk usage." # Service management "Restart nginx and show me the last 50 log lines." # Security "Check if there are any failed SSH login attempts in the last 24 hours." # Docker "List all running containers and show which ones are using the most memory." # Networking "Show me all open ports and what processes are listening on them." # Troubleshooting "My application on port 3000 is not responding. Help me diagnose the issue." # Automation "Create a cron job that backs up /var/www to /backup every night at 2am."

Chat Context

The AI automatically has access to your server's context, including:

  • Operating system and version
  • Installed packages and services
  • Running processes and resource usage
  • Docker containers and images (if Docker is installed)
  • Kubernetes cluster info (if configured)
  • Recent command history and outputs

deployed_code Docker Management

NebulaOps provides a comprehensive Docker management interface. List, inspect, start, stop, and deploy containers directly from the dashboard or through AI chat. Docker Compose projects are also fully supported.

Prerequisites

Docker must be installed on your server and the NebulaOps agent must have access to the Docker socket. If you installed the agent via Docker, ensure the /var/run/docker.sock volume is mounted.

Container Operations

Manage containers through the dashboard UI or via AI chat:

chat examples # List all containers (running and stopped) "Show me all Docker containers with their status and resource usage" # Deploy a new container "Run an nginx container on port 8080 with auto-restart enabled" # View container logs "Show me the last 100 lines of logs from the postgres container" # Restart a container "Restart the redis container and monitor its startup logs" # Resource inspection "Which containers are using the most CPU and memory right now?"

Docker Compose Support

NebulaOps detects Docker Compose projects on your server and lets you manage them as a group.

chat examples # Deploy a compose project "Deploy the docker-compose.yml in /opt/myapp" # View compose project status "Show status of all services in the myapp compose project" # Scale services "Scale the worker service to 3 replicas in /opt/myapp" # View combined logs "Show combined logs from all services in /opt/myapp for the last hour"

Image Management

  • Pull images: Pull new images or update existing ones from any registry
  • Cleanup: Remove unused images, volumes, and networks to free disk space
  • Registry auth: Configure private registry credentials in the dashboard under Settings > Docker

cloud Kubernetes

Connect your Kubernetes clusters to NebulaOps for AI-powered cluster management. Monitor pods, deployments, services, and more through natural language or the visual dashboard.

Connecting a Cluster

To connect a Kubernetes cluster, install the NebulaOps agent inside your cluster using Helm:

bash helm repo add nebulaops https://charts.nebulaops.tech helm repo update helm install nebulaops-agent nebulaops/agent \ --namespace nebulaops \ --create-namespace \ --set apiKey=YOUR_API_KEY \ --set clusterName="production-cluster"

The agent runs as a Deployment with a ServiceAccount that has read access to cluster resources. Write operations require explicit RBAC permissions.

Pod Management

chat examples # View pod status "Show me all pods in the default namespace with their status" # Inspect failing pods "Why are pods in the payment-service deployment crashing?" # View pod logs "Show logs from the api-gateway pod in the last 30 minutes" # Exec into a pod "Open a shell in the debug container of the frontend pod"

Deployments & Services

chat examples # Scale deployments "Scale the web-frontend deployment to 5 replicas" # Rollback "Rollback the api-server deployment to the previous version" # Service overview "List all services with their types, ports, and endpoints" # Resource usage "Show CPU and memory usage for all deployments in the production namespace"

Supported Resources

  • Pods, Deployments, StatefulSets, DaemonSets, ReplicaSets
  • Services, Ingresses, NetworkPolicies
  • ConfigMaps, Secrets (metadata only, values are never exposed)
  • PersistentVolumes, PersistentVolumeClaims
  • Namespaces, Nodes, Events
  • CronJobs, Jobs
  • HorizontalPodAutoscalers

shield Security Scanning

NebulaOps includes built-in security scanning to help you identify vulnerabilities, misconfigurations, and compliance issues across your infrastructure. Run on-demand scans or schedule them for continuous monitoring.

Compliance Scans

Run compliance scans against industry-standard benchmarks:

  • CIS Benchmarks: Center for Internet Security benchmarks for Linux (Ubuntu, CentOS, Debian), Docker, and Kubernetes
  • PCI DSS: Payment Card Industry Data Security Standard checks
  • HIPAA: Health Insurance Portability and Accountability Act compliance checks
  • SOC 2: Service Organization Control 2 security criteria validation
chat examples # Run a CIS benchmark scan "Run a CIS Level 1 benchmark scan on this server" # Check specific areas "Scan my SSH configuration for security issues" # Full compliance report "Generate a full PCI DSS compliance report for all my servers"

Vulnerability Scanning

Scan your servers for known vulnerabilities in installed packages:

  • Automatic CVE database updates
  • Severity-based prioritization (Critical, High, Medium, Low)
  • Remediation suggestions with AI-powered fix recommendations
  • Docker image vulnerability scanning

Scheduled Scans

Set up recurring scans from the dashboard under Security > Schedules:

  • Daily, weekly, or monthly scan schedules
  • Custom scan profiles (quick scan, full scan, compliance-only)
  • Email and webhook notifications for new findings
  • Automatic ticket creation in Jira, GitHub Issues, or Linear

backup Backup & Recovery

Protect your data with automated backups to cloud storage. NebulaOps supports incremental backups, client-side encryption, and one-click recovery.

Supported Storage Backends

  • Amazon S3: Any S3-compatible storage (AWS, MinIO, DigitalOcean Spaces, Backblaze B2)
  • Google Cloud Storage: GCS buckets with service account authentication
  • Azure Blob Storage: Azure storage accounts with SAS token or connection string
  • Local / NFS: Local directory or mounted network share

Configuration

yaml # Add to /etc/nebulaops/agent.yaml backup: enabled: true storage: type: "s3" bucket: "my-backups" region: "us-east-1" access_key: "${AWS_ACCESS_KEY_ID}" secret_key: "${AWS_SECRET_ACCESS_KEY}" encryption: enabled: true algorithm: "AES-256-GCM" schedule: - name: "daily-backup" paths: - /var/www - /etc - /opt/apps cron: "0 2 * * *" # Every day at 2:00 AM retention: 30 # Keep backups for 30 days - name: "weekly-database" pre_script: "pg_dump -U postgres mydb > /tmp/db.sql" paths: - /tmp/db.sql cron: "0 3 * * 0" # Every Sunday at 3:00 AM retention: 90

Encryption

All backups are encrypted client-side before leaving your server. NebulaOps uses AES-256-GCM encryption by default. Your encryption key never leaves your infrastructure.

Restoring Backups

chat examples # List available backups "Show me all backups for this server from the last 7 days" # Restore specific backup "Restore the daily-backup from 2026-02-20 to /var/www" # Restore to different location "Restore yesterday's /etc backup to /tmp/etc-restore for review"

key API Authentication

The NebulaOps REST API uses JWT (JSON Web Token) authentication. All API requests must include a valid Bearer token in the Authorization header.

Obtaining a Token

Authenticate with your email and password to receive a JWT access token:

POST /api/v1/auth/login
bash curl -X POST https://api.nebulaops.tech/api/v1/auth/login \ -H "Content-Type: application/json" \ -d '{ "email": "you@example.com", "password": "your-password" }'

Response:

json { "access_token": "eyJhbGciOiJIUzI1NiIs...", "token_type": "Bearer", "expires_in": 86400, "refresh_token": "nops_rt_xxxxxxxxxxxx" }

Using the Token

Include the token in the Authorization header of all API requests:

bash curl https://api.nebulaops.tech/api/v1/servers \ -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..."

API Keys

For server-to-server integrations, you can create long-lived API keys in the dashboard under Settings > API Keys. API keys use the prefix nops_sk_ and do not expire unless revoked.

bash curl https://api.nebulaops.tech/api/v1/servers \ -H "Authorization: Bearer nops_sk_xxxxxxxxxxxxxxxxxxxx"

Rate Limits

  • Free plan: 100 requests/minute
  • Pro plan: 1,000 requests/minute
  • Enterprise plan: 10,000 requests/minute (customizable)

Rate limit headers are included in every response: X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset.

dns Servers API

Manage your connected servers programmatically. List servers, get details, update configuration, and remove servers from your account.

Endpoints

GET /api/v1/servers

List all servers in your account. Supports pagination and filtering.

bash curl https://api.nebulaops.tech/api/v1/servers?page=1&limit=20&status=online \ -H "Authorization: Bearer YOUR_TOKEN"
GET /api/v1/servers/:id

Get detailed information about a specific server, including metrics, installed services, and agent version.

PUT /api/v1/servers/:id

Update server properties such as name, tags, and group assignments.

bash curl -X PUT https://api.nebulaops.tech/api/v1/servers/srv_abc123 \ -H "Authorization: Bearer YOUR_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "name": "web-server-prod-01", "tags": ["production", "web", "us-east"] }'
DELETE /api/v1/servers/:id

Remove a server from your account. This does not uninstall the agent; it only disconnects the server from the platform.

code Commands API

Execute commands on your servers programmatically. Commands are executed by the agent and results are streamed back in real-time.

POST /api/v1/servers/:id/commands

Execute a command on a specific server:

bash curl -X POST https://api.nebulaops.tech/api/v1/servers/srv_abc123/commands \ -H "Authorization: Bearer YOUR_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "command": "df -h", "timeout": 30 }'

Response:

json { "id": "cmd_xyz789", "status": "completed", "exit_code": 0, "stdout": "Filesystem Size Used Avail Use% Mounted on\n/dev/sda1 50G 12G 36G 25% /\n", "stderr": "", "duration_ms": 42, "executed_at": "2026-02-22T10:30:00Z" }
GET /api/v1/servers/:id/commands

List recent commands executed on a server. Useful for audit logging.

GET /api/v1/servers/:id/commands/:cmd_id

Get the result of a specific command, including full stdout/stderr output.

webhook Webhooks

Receive real-time notifications when events occur on your servers. Webhooks deliver HTTP POST requests to your specified URL with event data.

Supported Events

  • server.online — Server connected to the platform
  • server.offline — Server lost connection
  • command.completed — Command finished executing
  • alert.triggered — A monitoring alert was triggered
  • scan.completed — Security scan finished
  • backup.completed — Backup job completed
  • backup.failed — Backup job failed

Creating a Webhook

POST /api/v1/webhooks
bash curl -X POST https://api.nebulaops.tech/api/v1/webhooks \ -H "Authorization: Bearer YOUR_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "url": "https://your-app.com/webhooks/nebulaops", "events": ["server.offline", "alert.triggered", "scan.completed"], "secret": "whsec_your_signing_secret" }'

Webhook Payload

Each webhook delivery includes a JSON payload with the event details:

json { "id": "evt_abc123", "type": "server.offline", "created_at": "2026-02-22T15:30:00Z", "data": { "server_id": "srv_abc123", "server_name": "production-web-01", "last_seen": "2026-02-22T15:29:45Z" } }

Verifying Webhooks

All webhook payloads are signed with your webhook secret using HMAC-SHA256. Verify the X-NebulaOps-Signature header to ensure the payload is authentic.

help Frequently Asked Questions

chevron_right Is my server data secure? Can NebulaOps access my files?
NebulaOps takes security seriously. The agent only executes commands that you explicitly request through the dashboard or API. All communication is encrypted with TLS 1.3. The agent does not have persistent access to your files -- it only reads data when you ask for it. You can further restrict the agent using command allowlists and blocklists in the configuration file. Backups are encrypted client-side before transmission.
chevron_right What happens if my server loses internet connection?
The agent automatically reconnects when internet connectivity is restored. During disconnection, the agent continues to collect metrics locally and will sync them once reconnected. Scheduled backups will also resume. The dashboard shows the server as "offline" and you can configure alerts for offline events via webhooks or email notifications.
chevron_right Can I use NebulaOps behind a firewall or NAT?
Yes. The agent initiates all connections outbound to the NebulaOps API over HTTPS (port 443). No inbound ports need to be opened. This works behind corporate firewalls, NAT, and even through HTTP proxies. Configure a proxy with the HTTPS_PROXY environment variable if needed.
chevron_right How much resources does the agent use?
The NebulaOps agent is designed to be extremely lightweight. Typical resource usage is under 1% CPU and 40-60MB RAM. The agent has configurable resource limits (default: 5% CPU, 128MB RAM) and will throttle itself if it approaches these limits. Network usage is minimal -- roughly 1-2KB per heartbeat every 15 seconds, plus metrics data.
chevron_right Can I manage multiple servers from one dashboard?
Absolutely. NebulaOps is designed for managing fleets of servers. The Free plan supports up to 3 servers, Pro supports up to 25, and Enterprise has unlimited server connections. You can organize servers with tags, create groups, and execute commands across multiple servers simultaneously using the multi-server command feature.
chevron_right How do I uninstall the NebulaOps agent?
Run the uninstall command for your platform. On Linux: sudo nebulaops uninstall. On Windows: nebulaops uninstall in an admin PowerShell. On macOS: brew uninstall nebulaops-agent. For Docker: docker rm -f nebulaops-agent. The uninstaller removes all agent files and configuration. Remember to also delete the server from your dashboard.

update Changelog

Stay up to date with the latest improvements and features in NebulaOps.

v2.4.0 — February 2026

  • Added Claude Opus 4.6 and Gemini 3.1 Pro model support
  • New Kubernetes dashboard with visual pod topology
  • Docker Compose project detection and grouped management
  • Improved backup encryption with AES-256-GCM
  • Added BYOAI (Bring Your Own AI) for Enterprise plans

v2.3.0 — January 2026

  • Security scanning with CIS benchmark support
  • Scheduled compliance scans with email notifications
  • Webhook support for server events
  • Multi-server command execution
  • Agent resource limit configuration

v2.2.0 — December 2025

  • Automated backup and recovery system
  • S3, GCS, and Azure Blob storage backends
  • Command history and audit logging
  • Improved AI context awareness for troubleshooting

v2.1.0 — November 2025

  • Docker container management through AI chat
  • Real-time server metrics dashboard
  • API key authentication for programmatic access
  • macOS and Windows agent support

v2.0.0 — October 2025

  • Complete platform redesign with new dashboard
  • AI-powered server management with natural language
  • One-line agent installer for Linux
  • REST API v1 release

Popular Articles

article
How to connect a server behind NAT or firewall
Getting Started — 5 min read
chevron_right article
Using AI chat for complex troubleshooting
AI Features — 8 min read
chevron_right article
Setting up automated security scans
Security — 6 min read
chevron_right article
Managing Docker containers with AI commands
Docker — 7 min read
chevron_right article
API authentication and rate limits
API Reference — 4 min read
chevron_right