Quick Connect
Quick Connect is the recommended way to add servers to OEC.sh. One command, under 3 minutes, zero credentials needed upfront.
Connect any server to OEC.sh with a single command. Quick Connect generates a one-time install script that registers your server, installs all required software, and configures it for Odoo deployments — fully automated, no SSH credentials needed.
curl -sfL https://api.oec.sh/api/v1/install.sh | sudo OECSH_TOKEN=oecsh_reg_xxxx... bashThat's it. Your server goes from bare Linux to deployment-ready in under 3 minutes.
Why Use Quick Connect?
Quick Connect is the fastest and simplest way to add a server:
- Under 3 minutes — from bare server to fully qualified and deployment-ready
- Zero prep work — no need to install Docker, configure firewalls, or set up SSH keys beforehand
- No credentials needed — the platform generates and installs SSH keys automatically
- Live progress tracking — watch each setup step in real time from your dashboard
- One command — copy, paste, done. Same flow used by Tailscale, Datadog, and Cloudflare
- Works behind NAT — if your server can't be reached publicly, Quick Connect detects this and offers Cloudflare Tunnel setup
Traditional server setup requires you to install Docker, open firewall ports, prepare SSH credentials, enter your IP address, and then wait for preflight checks. Quick Connect replaces all of that with a single command.
How It Works
Dashboard Your Server
──────── ───────────
│
├─ Generate token
│
├─ Copy install command
│
│──────────────────────► Run command (curl | bash)
│ │
│◄────────────────────── Server registers (sends hostname, OS, specs)
│ │
├─ Create server record │
│ │
│──────────────────────► Return SSH public key + progress token
│ │
│ ├─ Install SSH key
│ ├─ Configure firewall
│ ├─ Install Docker
│ ├─ Set up monitoring
│ ├─ Start Traefik
│ ├─ Verify services
│ │
│◄────────────────────── Report completion
│
├─ Server qualified ✓The install script calls back to OEC.sh at each milestone, so you can watch setup progress in real time from your dashboard.
Quick Connect vs Direct SSH vs Cloudflare Tunnel
| Feature | Quick Connect | Direct SSH | Cloudflare Tunnel |
|---|---|---|---|
| Setup time | ~2-3 minutes | 5-10 minutes (manual prep) | 10-15 minutes |
| Prep work needed | None | Install Docker, open ports, prepare SSH creds | Cloudflare account + tunnel token |
| Credentials needed upfront | None | IP + SSH key/password | Tunnel token + Cloudflare account |
| Installs Docker | Yes, automatically | No (must be pre-installed) | No |
| Installs firewall + Fail2ban | Yes, automatically | No | No |
| Installs monitoring | Yes, automatically | On first environment deploy | No |
| Real-time progress | Yes (live dashboard) | No | No |
| Public IP required | Depends* | Yes | No |
| Plan requirement | All plans | All plans | Pro+ |
*Quick Connect works without a public IP for the initial setup (the script calls out to OEC.sh). However, if the platform cannot reach your server afterwards for management operations, it will recommend setting up a Cloudflare Tunnel.
Prerequisites
Before running the Quick Connect script, make sure your server has:
- Linux OS — Ubuntu 20.04+, Debian 11+, or similar Debian-based distribution
- Root or sudo access — the script installs system packages and services
- Internet connectivity — outbound HTTPS access to reach the OEC.sh API
curlandbash— pre-installed on most Linux distributions
For RHEL/CentOS-based systems, Docker must be pre-installed before running the script. The script auto-installs Docker only on Debian-based distributions.
Setup Guide
Go to Servers and Select Quick Connect
- Navigate to Servers in the sidebar
- Click Add Server
- Select Quick Connect as the connection method
Configure the Token
Set up your registration token:
- Server Name (optional) — a friendly name for this server (e.g., "EU Production"). If left blank, the server's hostname will be used.
- Token Expiry — how long the token remains valid (default: 24 hours). See Token Expiry Options below.
Click Generate Token to create your install command.
Copy the Install Command
The dashboard shows a one-line install command. Click the copy button to copy it to your clipboard:
curl -sfL https://api.oec.sh/api/v1/install.sh | sudo OECSH_TOKEN=oecsh_reg_xxxx... bashThe token is shown only once. If you lose it, revoke the token and generate a new one.
Run the Command on Your Server
SSH into your server (or open a console) and paste the command:
curl -sfL https://api.oec.sh/api/v1/install.sh | sudo OECSH_TOKEN=oecsh_reg_xxxx... bashThe script will:
- Detect your operating system and hardware specs
- Register with OEC.sh and receive an SSH key
- Configure firewall rules and Fail2ban
- Install Docker (if not already present)
- Configure swap and system settings
- Set up Netdata monitoring
- Start Traefik reverse proxy
- Verify all services and report completion
You will see progress output directly in your terminal:
[1/7] Registering server...
────────────────────────────────────────
Registered as: EU Production (a1b2c3d4-...)
OS: Ubuntu 24.04 | CPU: 4 cores | RAM: 8192MB | Disk: 80GB
[2/7] Securing server...
────────────────────────────────────────
...Watch Progress in the Dashboard
While the script runs, the dashboard updates in real time. Each milestone shows its current status:
- Pending — not yet started
- Running — currently in progress (animated spinner)
- Completed — finished successfully (green check)
- Failed — encountered an error (red indicator with details)
Server Connected
Once all milestones complete, your server appears as Qualified in the servers list. You can immediately:
- Create projects on this server
- Deploy Odoo environments
- View monitoring data
What the Script Installs
The Quick Connect script sets up everything your server needs to run Odoo environments:
| Component | Purpose |
|---|---|
| OEC.sh SSH key | Allows the platform to manage your server securely |
| UFW / Firewalld | Firewall configured with rules for SSH, HTTP, HTTPS, and monitoring |
| Fail2ban | Protects against SSH brute-force attacks |
| Docker CE | Container runtime for Odoo environments (auto-installed on Debian/Ubuntu) |
| Swap | Configured based on available RAM for stability |
| Netdata | Real-time server monitoring (CPU, memory, disk, network) |
| Traefik v3 | Reverse proxy with automatic Let's Encrypt SSL certificates |
| Cleanup cron jobs | Automated maintenance scripts for disk cleanup and health checks |
The script is idempotent — if Docker or Traefik are already installed, they will not be reinstalled or reconfigured. You can safely re-run the script.
Security
Quick Connect is designed with security-first principles:
- One-time token — each token can only be used once. After a server registers, the token is marked as consumed and cannot be reused.
- Token hashing — the token is stored as a SHA-256 hash in the database. The plaintext token is shown once and never stored.
- Auto-generated SSH keys — the platform generates a unique SSH keypair for each token. The private key is stored encrypted; the public key is installed on your server during setup.
- Firewall configuration — UFW or Firewalld is configured to allow only essential ports (SSH, HTTP, HTTPS).
- Fail2ban — automatically installed to protect against brute-force SSH attacks.
- Token revocation — you can revoke a token at any time before it is used. If the server was partially set up, revoking the token also cleans up the server record.
- SSRF protection — self-reported IP addresses are validated to prevent link-local, loopback, and multicast address spoofing.
- Progress token isolation — after registration, a separate progress token is issued for setup reporting. The original registration token is consumed immediately.
Token Expiry Options
When generating a Quick Connect token, you can choose how long it stays valid:
| Option | Duration | Best For |
|---|---|---|
| 1 hour | 1h | Immediate setup — generating and running right away |
| 6 hours | 6h | Same-session setup with a comfortable buffer |
| 24 hours | 24h (default) | Standard setup — generate now, run later today |
| 48 hours | 48h | Delegating to a team member who will set up tomorrow |
| 7 days | 7d | Advance preparation — server not yet provisioned |
Expired tokens cannot be used. If your token expires before you run the script, generate a new one from the dashboard.
Troubleshooting
| Problem | Cause | Solution |
|---|---|---|
| Script fails at "Registering server" | Token is invalid or expired | Generate a new token from the dashboard. If the token was already used, re-run the same command — it will resume automatically. |
| Docker installation fails | Unsupported OS or package manager issues | Install Docker manually (Docker docs (opens in a new tab)) and re-run the script |
| "Server not reachable" after setup | Server is behind NAT or firewall with no public IP | The platform will recommend Cloudflare Tunnel setup — follow the prompt |
| Progress stops updating in dashboard | Network interruption between server and OEC.sh API | Check your server's internet connectivity and re-run the install command |
| Traefik fails to start | Port 80 or 443 already in use by another service | Stop the conflicting service (e.g., Apache, Nginx) and re-run the script |
| "Must be run as root" error | Script was run without sudo | Run with sudo: curl -sfL ... | sudo OECSH_TOKEN=... bash |
| Firewall blocks the callback | Outbound HTTPS (port 443) is blocked | Allow outbound traffic to api.oec.sh on port 443 |
Checking the Install Log
If something goes wrong, the script saves a detailed log:
# View the full install log
cat /var/log/oecsh_install.log
# Or if /var/log was not writable:
cat /tmp/oecsh_install.logFAQ
Can I re-run the install script?
Yes. The script is idempotent — it detects already-installed components (Docker, Traefik, etc.) and skips them. If the registration token was already used, the script detects this and resumes from where it left off using the same server record. You can safely re-run the same command without generating a new token.
What if my token expires before I use it?
Generate a new token from the dashboard. Expired tokens are automatically marked and cannot be used. There is no limit on how many tokens you can generate.
Does Quick Connect work on CentOS or RHEL?
Partially. Docker must be pre-installed on RHEL-based systems — the script does not auto-install Docker on those distributions. All other components (firewall, Fail2ban, Traefik, monitoring) will be set up normally.
Can I use Quick Connect on a server that already has Docker?
Yes. The script detects existing Docker installations and skips the installation step. Your existing containers and configurations are not affected.
What's the difference from Direct SSH setup?
Direct SSH is push-based — you give OEC.sh your server's IP and credentials, and the platform connects to set it up. Quick Connect is pull-based — your server reaches out to OEC.sh to register itself, then the platform configures it. Quick Connect requires no upfront credentials.
Can I revoke a token after generating it?
Yes. Click Cancel & Revoke Token in the setup panel. If the token was already used to register a server but setup didn't complete, revoking also removes the partially configured server record.
What happens if my server loses internet during setup?
The script will fail at whichever step requires an API callback. Check the install log (/var/log/oecsh_install.log), fix the connectivity issue, and re-run the same command — the script automatically resumes from where it left off.
Is Quick Connect available on all plans?
Yes. Quick Connect is available on all plans, including Free. Unlike Cloudflare Tunnel, there is no plan restriction.
Related Topics
- Servers Overview — Server types and management
- Cloudflare Tunnel — Connect servers without a public IP
- Firewall & Port Requirements — Ports needed for server connectivity