Server Infrastructure¶
VPS Details¶
| Item | Value |
|---|---|
| Provider | Linode (Akamai Cloud) |
| IP | 172.237.81.37 |
| SSH user | zygy |
| OS | Ubuntu |
| SSH command | ssh zygy@172.237.81.37 |
Installed Software¶
The VPS runs everything inside Docker. The key host-level dependencies are:
- Docker Engine — container runtime
- Docker Compose (v1 CLI, i.e.
docker-composenotdocker compose) — orchestration - Git — source code management; the project folder is a git checkout
No other application-level software is installed directly on the host.
Storage Layout¶
Block Storage (Persistent Application Data)¶
The VPS has a Linode Block Storage volume mounted at /mnt/blockstorage/. This is persistent — it survives container restarts and VPS reboots.
| Path | Purpose |
|---|---|
/mnt/blockstorage/zygy-data/ |
Main application data; SQLite databases (csv_data.db), uploaded documents, processed files |
/mnt/blockstorage/backups/ |
Staging area for SQLite backups before they are uploaded to Linode Object Storage |
Critical Data
csv_data.db at /mnt/blockstorage/zygy-data/ is the primary SQLite database. All backend services mount this directory. Losing it without a backup is catastrophic.
Docker Named Volumes¶
These volumes are managed by Docker and live on the VPS local disk:
| Volume | Service | Purpose |
|---|---|---|
prometheus_data |
Prometheus | Time-series metrics storage |
grafana_data |
Grafana | Dashboard definitions and configuration |
loki_data |
Loki | Log aggregation storage |
caddy_data |
Caddy | TLS certificates (auto-renewed via Let's Encrypt) |
caddy_config |
Caddy | Caddy configuration state |
Networking¶
All Docker services communicate over a single internal bridge network named app-network. Services reference each other by hostname (e.g. backend-workflow:7206, redis:6379).
Caddy is the only service with ports 80 and 443 exposed to the public internet. It handles TLS termination and routes traffic to the appropriate internal service based on the subdomain.
Firewall / Port Exposure¶
| External Port | Service | Notes |
|---|---|---|
| 80 | Caddy | HTTP → HTTPS redirect |
| 443 | Caddy | All public HTTPS traffic |
| 9100 | node-exporter | Host metrics (consider firewalling in production) |
No other ports are exposed publicly. All backend service ports (7201–7210) are internal only.
Project Directory¶
The codebase is checked out on the VPS at a path stored in GitHub secrets as PROJECT_PATH. To find it:
ssh zygy@172.237.81.37
# Look for the docker-compose.yml
find /home/zygy -name "docker-compose.yml" 2>/dev/null
find /opt -name "docker-compose.yml" 2>/dev/null
The project contains:
.
├── docker-compose.yml # Main orchestration file (27+ services)
├── docker-compose.excel-only.yml # Minimal standalone variant
├── .env # All environment variables / secrets
├── caddy/Caddyfile # Reverse proxy routing
├── monitoring/ # Prometheus, Loki, Promtail configs
├── scripts/ # Backup, mongo-tunnel, restore scripts
├── .github/workflows/ # GitHub Actions CI/CD
├── backend-*/ # Python backend services
├── frontend-*/ # Node.js/Vite frontend services
└── k8s/ # Kubernetes manifests (not active in prod)
Elasticsearch Cluster¶
The Elasticsearch cluster is not running on this VPS. It is a separate self-hosted cluster:
| Item | Value |
|---|---|
| Host | 172.236.132.81 |
| Port | 9200 |
| Kibana | 172.236.132.82:5601 |
| Managed via | Kubernetes (elastic-kubeconfig.yaml in project root) |
| Snapshot storage | Linode Object Storage bucket elastic-backup |
See External Dependencies for full credentials reference.