Loading...
If you already have applications running on a VPS β managed with PM2, served through Nginx or Apache, secured with SSL, and pointed at custom domains β Klystrr lets you import them without touching what is already working.
The scan writes nothing to your server. Your application keeps running exactly as before.
Display live PM2 status, port, domain, and SSL β without configuring deployments.
Connect your Git repository and complete deployment config at your own pace.
This guide is for developers who already have one or more applications running on a VPS and want to bring them under Klystrr management without disrupting their current setup.
You are likely in this situation if you have:
You do not need all of these for an import to work. Klystrr will detect what it can and let you fill in the rest manually.
Make sure the following are in place before beginning an import.
Your VPS is already connected to Klystrr
The server must appear in your Klystrr server list with a working SSH connection.
SSH access is functional
Klystrr needs to be able to connect to the server to run the scan.
PM2 is installed on the server
If your application uses PM2 for process management.
Nginx or Apache is installed
If your application is served through a reverse proxy.
Git is installed on the server
If the application was deployed from a repository.
You have access to your DNS provider
If domains are part of the setup and you plan to manage them.
You have access to your GitHub or GitLab account
If you want Klystrr to manage future deployments of this application.
You are responsible for your own server, its configuration, credentials, application files, domain settings, and secrets. Klystrr operates on the information it can read from your server and does not take responsibility for pre-existing misconfiguration.
Safe Import is Klystrr's default import flow. It is entirely read-only. During a Safe Import, Klystrr scans your server to build a picture of what is running. It does not make any changes.
Specifically, Klystrr does NOT:
The scan reads system state and configuration. Your application continues running exactly as it was before, during, and after the scan.
The scan attempts to detect the following information from your server. Detection may be partial depending on your server configuration, file permissions, and installed tools.
Open your server list in Klystrr and select the server where the application is running. Confirm that the SSH connection is active.
Trigger the scan from the server detail page. Klystrr connects over SSH and inspects PM2, Nginx, Apache, SSL, Git metadata, and filesystem paths. The scan runs in the background and does not affect running processes.
Once the scan completes, Klystrr displays a list of applications it detected on the server. Each detected application shows the information collected: process name, path, port, domain, and status.
Choose the application you want to bring into Klystrr. If an application was not detected automatically, you can enter its details manually.
Review the information Klystrr collected. Correct anything that was detected incorrectly or is incomplete. Confirm the application path, port, domain, and PM2 process name.
Assign the imported application to a new Klystrr project or link it to an existing one. This is the record Klystrr uses to track the application going forward.
Klystrr shows you which parts of the deployment configuration are missing: Git repository connection, build and start commands, environment variables. You do not need to complete these immediately.
Once imported, you can enable runtime monitoring. This allows Klystrr to display live PM2 status, port, domain reachability, and SSL state. Enabling runtime monitoring does not modify anything on the server.
When you are ready for Klystrr to manage future deployments, complete the full deployment configuration: connecting your Git repository, confirming build commands, and adding environment variables.
Understanding these three states prevents confusion about what Klystrr can and cannot do at each stage.
Before Klystrr enables the Deploy/Redeploy action, the following must be in place. The Deploy button is intentionally disabled until the required configuration is complete.
During the scan, Klystrr may detect that a .env file is present on the server. It reads only the key names β never the values.
DATABASE_URL = β’β’β’β’β’β’β’β’
JWT_SECRET = β’β’β’β’β’β’β’β’
API_KEY = β’β’β’β’β’β’β’β’
Klystrr may detect domain names from your Nginx or Apache configuration. Detection is based on reading server_name directives in Nginx or ServerName and ServerAlias directives in Apache.
DNS must point to the correct server
Klystrr reads configuration from the server but does not control your DNS provider.
DNS propagation takes time
Changes to DNS records can take minutes to hours to propagate globally. Klystrr cannot accelerate this.
Custom domains may require verification
Depending on your setup.
Klystrr does not automatically manage external DNS
Unless a DNS provider integration is configured separately.
When Cloudflare proxy is active (orange cloud), DNS lookups for your domain return Cloudflare IP addresses, not your VPS IP. This is expected behavior. Klystrr uses the server IP it already knows from your VPS connection, not the DNS lookup result.
If SSL certificates exist on your origin server, set the Cloudflare SSL/TLS mode to Full or preferably Full (strict). Using Flexible mode with an origin certificate can cause redirect loops or inconsistent behavior.
Certbot's HTTP-01 challenge may fail if Cloudflare is proxying traffic and has rules that interfere with the /.well-known/acme-challenge/ path. If this occurs, temporarily set the DNS record to DNS only during certificate issuance, then re-enable the proxy afterward.
Klystrr detects that a domain is using Cloudflare based on IP ranges and headers. Direct Cloudflare API integration for automated DNS or certificate management is not currently available. This may change in a future release.
The most common scenario. Klystrr detects the PM2 process, reads the Nginx server block, identifies the domain and upstream port, and checks SSL. After import, the application is visible in Klystrr. Connect your Git repository and configure deployment commands when you are ready.
The flow is the same as with Nginx. Klystrr reads the Apache VirtualHost file, detects the domain and proxy configuration, and checks for SSL. Apache configuration parsing depends on standard ProxyPass and ProxyPassReverse directives.
If your application runs on a bare port with no domain configured, Klystrr will detect the PM2 process and the listening port. Domain and SSL detection will show as not configured. You can add a domain later through Klystrr.
If the application was deployed manually without cloning a Git repository, Klystrr will not detect any Git metadata. This is expected. You can still import the application β deployment management through Klystrr requires a connected Git repository added afterward.
Import works normally. Klystrr reads your server configuration directly over SSH and does not rely on public DNS. SSL detection reads the origin certificate directly, not through the Cloudflare proxy. Be aware of the SSL mode and challenge limitations.
Klystrr detects whether SSL certificates are present on the server. It does not modify, renew, or revoke existing certificates during import. If you later redeploy through Klystrr, SSL configuration will be part of the deployment setup.
Click an issue to expand the diagnosis and solutions.
Before and during migration, follow these practices to avoid disrupting your running application.
If your VPS is already connected to Klystrr, you can start a scan from the server detail page right now. Your application keeps running throughout this process.