1. Server Setup

Keywords

openme server setup, SPA server Linux, openme daemon, openme init, openme serve

Note

The openme server requires nftables or iptables and is therefore Linux-only. For client-only use on macOS, Windows, iOS or Android see Clients →.

Install

Pre-built binary

curl -Lo openme https://github.com/merlos/openme/releases/download/cli-v0.7.0/openme-linux-amd64
chmod +x openme
sudo mv openme /usr/local/bin/
curl -Lo openme https://github.com/merlos/openme/releases/download/cli-v0.7.0/openme-linux-arm64
chmod +x openme
sudo mv openme /usr/local/bin/
curl -Lo openme https://github.com/merlos/openme/releases/download/cli-v0.7.0/openme-linux-arm
chmod +x openme
sudo mv openme /usr/local/bin/
curl -Lo openme https://github.com/merlos/openme/releases/download/cli-v0.7.0/openme-linux-386
chmod +x openme
sudo mv openme /usr/local/bin/
curl -Lo openme https://github.com/merlos/openme/releases/download/cli-v0.7.0/openme-linux-riscv64
chmod +x openme
sudo mv openme /usr/local/bin/

From source

git clone https://github.com/merlos/openme
cd openme/cli
go mod download
go build -o openme ./cmd/openme
sudo mv openme /usr/local/bin/

Initialise

openme init generates a fresh Curve25519 keypair and writes the server configuration to /etc/openme/config.yaml.

sudo openme init --server myserver.example.com
Flag Default Description
--server (required) Public hostname or IP — used in generated client configs
--port 54154 UDP knock port and TCP health port
--firewall nft Firewall backend: nft or iptables
--force false Overwrite an existing config

The command prints the server’s Curve25519 public key. openme add uses it automatically when provisioning clients.

Start the Server

sudo openme serve

For production, enable the systemd service (the .deb package does this automatically):

sudo systemctl enable --now openme
sudo systemctl status openme

Full systemd unit reference and hardening options: Server → Service.

Next: Add a client →