NaesungCMS (Hybrid Edition) is a production-ready, high-performance content management system designed for Zero Trust Security and Massive Multi-tenancy.
It features a unique Hybrid Infrastructure Architecture, allowing you to deploy it on AWS (Serverless) or Self-Hosted (Docker) environments by simply changing a single environment variable.
- Security
- Background
- Key Features
- Project Structure
- Install
- Usage
- Roadmap & Future Improvements
- Maintainers
- Contributing
- License
NaesungCMS follows strict enterprise security practices:
- Zero Trust Access: Every DB query is scoped to the authenticated tenant.
- Dynamic CSP: Content Security Policy adapts to Cloud/Local environments automatically.
- 2FA (Two-Factor Auth): Built-in TOTP support for enhanced account security.
- Resilience: Redis Fallback System automatically switches to DB if cache fails.
- Rate Limiting on all public endpoints.
- Audit Logging for administrative actions.
- Dependency Scanning regularly via
npm audit. - Secure Media Pipeline:
- Magic Number Validation: Binary signature verification prevents extension spoofing.
- SVG Sanitization: Blocks malicious scripts.
- Proxy Uploads: Server-side proxy protects storage credentials.
NaesungCMS was created to solve the "Cloud vs. On-Premise" dilemma in multi-tenant systems. By providing a Hybrid Infrastructure Adapter Layer, it allows developers to switch between AWS-native services and open-source alternatives without changing application logic.
graph TD
User[User / Browser] -->|request| CDN[Edge Middleware]
subgraph Core System
CDN -->|routing| App[Next.js App Server]
App -->|auth| DB[(MariaDB)]
App -->|cache| Redis[(Redis)]
end
subgraph Infrastructure Adapter Layer
App -->|Storage Adapter| Switch{Infra Provider}
Switch -- AWS Mode --> S3[AWS S3]
Switch -- AWS Mode --> SES[Resend / AWS SES]
Switch -- Self-Hosted Mode --> Local[Local Disk / MinIO]
Switch -- Self-Hosted Mode --> SMTP[SMTP Server]
end
- Universal Storage Adapter:
- Cloud Mode: Native AWS S3 support.
- Local Mode: Files stored in local disk (
public/uploads) or MinIO.
- Flexible Email Service:
- Cloud Mode: Uses Resend or AWS SES via API.
- Local Mode: Uses standard SMTP (Nodemailer) for internal networks.
- Wildcard & Custom Domains: Unlimited white-label support via Edge Middleware and
[domain]dynamic routing. - Data Isolation: Application-level Row-Level Security (RLS) ensures tenants never access each other's data.
- Performance: Upstash Redis caching layer ensures sub-millisecond response times for tenant configuration.
- Notion-Style Editor: Tiptap-based block editor with slash commands (
/), markdown shortcuts, and drag-and-drop. - Time Machine: Automatic revision history for every edit with easy rollback.
- Global Command Palette: Instant navigation and action search via
Ctrl + K(Command Menu).
- Integrated Analytics: Built-in dashboards tracking visitors, top posts, and conversion metrics per tenant.
- Service Monitoring: Real-time status tracking of external infrastructure (S3, Redis, SES).
- Zero Trust Access Control: Every server action is scoped and validated using Zod and Safe-Actions.
- Modern UI Stack: Built with Radix UI, Shadcn, and Tailwind CSS for a pixel-perfect, accessible experience.
- Type-Safe Persistence: Prisma ORM with automated migrations and complex relational mapping.
βββ apps
β βββ web
β βββ src
β β βββ actions # Server Actions (Safe & Typed)
β β βββ app # Next.js App Router (Pages & Layouts)
β β βββ components # React Components (Shadcn UI)
β β βββ lib # Utilities (Auth, DB, Redis, Storage Adapter)
β β βββ types # TypeScript Definitions
β β βββ middleware.ts # Edge Middleware (Routing & CSP)
βββ prisma
β βββ schema.prisma # Database Schema
βββ public # Static Assets & Local Uploads
βββ Dockerfile # Multi-stage production build- Node.js 18+
- MySQL or MariaDB (Local or Cloud)
- Redis (Optional)
-
Clone & Install
git clone https://github.com/minseo0388/naesungcms.git cd naesungcms npm install -
Database Setup Ensure your MariaDB/MySQL is running, then populate the schema:
npx prisma db push
- Run Development Server
Visit
npm run dev
http://localhost:3000.
Ideal for internal networks, home labs, or private VPS.
- Configure
.env:# Required for Hybrid Mode NEXT_PUBLIC_INFRA_PROVIDER="SELF_HOSTED" STORAGE_TYPE="LOCAL" EMAIL_PROVIDER="SMTP" # DB Connection DATABASE_URL="mysql://root:root@host.docker.internal:3306/naesungcms"
- Build Image:
docker build -t naesungcms . - Run Container:
# Run with volume mapping for persistence docker run -d \ -p 3000:3000 \ -v $(pwd)/public/uploads:/app/public/uploads \ --env-file .env \ --name cms \ naesungcms
Ideal for scaling to millions of users.
- Configure
.env:NEXT_PUBLIC_INFRA_PROVIDER="AWS" STORAGE_TYPE="S3" EMAIL_PROVIDER="RESEND"
- Deploy: Push to Vercel/AWS Amplify. The system automatically utilizes S3 and Resend APIs.
To take NaesungCMS to the next level, consider implementing:
- CI/CD Pipeline:
- Add GitHub Actions workflow (
.github/workflows/ci.yml) to runnpm run lintandnpx tscon every Pull Request. - Automate container registry publishing (GHCR/Docker Hub).
- Add GitHub Actions workflow (
- Advanced Testing:
- Jest/Vitest: Unit tests for
src/lib/utilities. - Playwright: End-to-End (E2E) tests for the Dashboard flow.
- Jest/Vitest: Unit tests for
- CDN Integration:
- Configure AWS CloudFront in front of S3 for faster global asset delivery.
- Monitoring:
- Integrate Sentry for real-time error tracking and performance monitoring.
@minseo0388 Choi Minseo
Contributions are welcome! Please ensure all PRs pass npm run lint and npx tsc before submitting.
Apache License 2.0 Β© Choi Minseo