Skip to Content

Technical - How Yundera actually works ? Open Source?

Behind Private Cloud Infrastructure ? Technical infrastrucure?

Yundera is not just a hosting product — it’s a technical foundation for self-sovereign cloud services. At its core lies NSL.SH, our open infrastructure layer that provides secure networking, dynamic domain routing, and easy to use open source Appstore. In this article, we’ll explain how NSL.SH works, why we made specific technical choices, and how we plan to evolve the platform.

What is NSL.SH?

NSL.SH (Network, Secure, Liberty) is the technology framework that powers every Yundera instance. It includes containerized tools for dynamic domain, encrypted networking (https), domain provisioning, and application access.

Instead of building yet another SaaS dashboard, we focused on providing an invisible infrastructure layer that allows anyone to deploy and manage self-hosted apps with ease. NSL.SH supports features like:

  • Automatic domain assignment (yourname.nsl.sh)
  • Secure tunneling and encryption for app access
  • Docker-based CasaOS / CasaIMG open source appstore
  • Automated configuration


What is Yundera.com?

Yundera is a cloud self hosting solution for NSL.SH. While NSL.sh can be deployed on any hardware (even a simple raspberry PI), Yundera deploys NSL.SH on our dedicated servers. Simplifying the hardware maintenance making it effectively HaaS (Hardware as a Service)


Hosting Infrastructure: Why Scaleway in Europe?

All Yundera deployments are hosted on Scaleway, a European cloud provider. We deliberately chose Scaleway for several reasons:

  • Geographic jurisdiction: As a French provider, Scaleway ensures that all data resides within the European Union and is protected under GDPR.
  • Sustainability: Scaleway operates data centers powered by hydroelectric and renewable energy sources, aligning with our environmental responsibility goals.
  • Infrastructure quality: Scaleway provides bare-metal, virtual instances, and object storage with strong uptime SLAs and low-latency networking across European zones.

By building on top of Scaleway, we combine regulatory compliance, low environmental footprint, and cloud-native reliability.


Infrastructure Architecture: Built for Reliability

Each Yundera instance runs on dedicated bare-metal servers hosted on Scaleway, ensuring performance consistency and hardware-level isolation.

At the core of this setup is Proxmox, the open-source virtualization platform we use to manage and orchestrate multiple virtual machines (VMs) per physical node. Proxmox provides advanced resource allocation, network management, and live migration between nodes.

For data storage and backup, we use Ceph, a distributed storage system that unifies all physical disks across our Proxmox cluster into a single, redundant storage pool. Ceph automatically replicates data across nodes, enabling high availability and fault tolerance.

If one node fails, Ceph ensures that no data is lost and the service continues from other healthy nodes.

This architecture leverages the strengths of each component:

  • Scaleway provides the physical layer with high-reliability datacenters and green power.
  • Proxmox manages virtualization and networking between VMs.
  • Ceph guarantees redundancy, performance, and continuous data protection.

As Yundera grows, new bare-metal servers will join the cluster, automatically integrating into Ceph and Proxmox without service interruption. This ensures that performance and reliability scale proportionally with user growth.

Diagram: Yundera Infrastructure Overview

This hybrid architecture of Proxmox + Ceph + Scaleway ensures:

  • High Availability – Services remain online even during node failures.
  • Data Safety – Multi-replica Ceph pools protect against disk loss.
  • Performance – Bare-metal efficiency with live migration and caching.
  • Scalability – Add nodes without downtime or reconfiguration.

It is a modular foundation built for privacy, durability, and growth.


Open Source Components

CasaIMG — Containerized CasaOS Distribution

CasaIMG is a Docker-based image of CasaOS, modified to:

  • Support declarative configuration via environment variables
  • Integrate cleanly with Mesh Router’s proxy system
  • Automatically expose apps to subdomains without user intervention
  • Package updates into predictable release cycles

Repository: CasaIMG GitHub

Mesh Router — Secure Domain Routing Engine

Mesh Router is a DNS-aware, container-native router that:

  • Registers, provisions, and proxies custom subdomains
  • No need for open port - Encrypts data using WireGuard
  • Provides API-based routing for dynamic services
  • Integrates with Cloudflare and LetsEncrypt for HTTPS termination

Repository: Mesh Router GitHub

Why Open Source?

We chose open source because it is the only model that aligns with our values:

  • Security through transparency — users can audit, verify, and trust the code
  • Sovereignty — no reliance on closed systems or third-party vendors
  • Community evolution — contributors can propose features, file issues, and fork projects

Rather than create another black-box cloud, we want to make infrastructure that people understand, control, and evolve.

How to Contribute

We invite developers, testers, writers, and security researchers to join us:

  • Clone our repos and explore the architecture
  • File feature requests or report bugs
  • Help test new modules in staging
  • Participate in discussions about future protocol designs

Get started at:

Together, we can build a private cloud that is open, secure, and resilient by design.


Sign in to leave a comment