Server Specifications: leruepecie

Status: PRODUCTION ACTIVE
Last Updated: 2025-11-09
Critical Service: seller1.ru (24/7)

Network Information

Server Identity

Property	Value
Hostname	leruepecie
IP Address	45.144.177.147
SSH User	root
SSH Key	id_ed25519 (from DEV-PRO)
SSH Password	mjrtY*q5SVlt (backup only)
SSH Port	22

Access

From Control Plane (DEV-PRO at 91.218.142.168):

ssh root@45.144.177.147

Direct SSH:

ssh root@45.144.177.147
# Password: mjrtY*q5SVlt

With SSH Key:

ssh -i ~/.ssh/id_ed25519 root@45.144.177.147

Hardware Specifications

CPU

Property	Value
CPU Cores	2 cores
CPU Type	x86_64
Architecture	64-bit
Processor	Intel/AMD (shared virtualized)

Monitoring:

cat /proc/cpuinfo
nproc
lscpu

Memory

Property	Value
RAM	5 GB
Swap	8 GB (/swapfile)
Total Available	13 GB

Monitoring:

free -h
vmstat

Storage

Property	Value
Disk Size	40 GB SSD
Partition	/ (root)
Type	SSD
Mount Point	/

Monitoring:

df -h
du -sh /*
lsblk

Storage Usage

/dev/sda              40G
├── / (root)          40G (4 partitions)

Current Usage:
- Docker images: ~5GB
- Container data (/mnt/data/): ~20GB
- System & logs: ~2GB
- Backups: ~10GB
- Free space: ~3GB (monitor!)

Usage by Directory:

du -sh /* | sort -rh
# Typical:
# /var/backups  ~10GB
# /mnt/data     ~20GB
# /opt          ~3GB
# /root         ~1GB
# /var/lib      ~1GB
# others        ~5GB

Operating System

OS Information

Property	Value
OS	Ubuntu
Version	22.04.5 LTS
Kernel	5.15.0-160-generic
Release Date	2025-10-26

Check OS:

lsb_release -a
cat /etc/os-release
uname -a

Package Manager

Package Manager: APT (Advanced Package Tool)
Repositories: Ubuntu default + security updates
Update Command: apt update && apt upgrade

Docker Installation

Docker Engine

Component	Version
Docker	v28.5.1
Docker Compose	v2.40.2
Compose Format	v3.8

Check Versions:

docker --version
docker compose version
docker info

Docker Configuration

Docker Root Dir: /var/lib/docker/

Storage Driver: overlay2

Network Driver: bridge

Logging Driver: json-file (auto-rotate: 3x10MB per container)

Network Connectivity

Open Ports (Firewall: UFW)

Port	Protocol	Service	Access
22	TCP	SSH	Internet (public key + password)
80	TCP	HTTP	Internet (redirects to 443)
443	TCP	HTTPS	Internet (all SSL traffic)

Check Open Ports:

sudo ufw status
sudo ufw status numbered
netstat -tulpn | grep LISTEN
ss -tulpn | grep LISTEN

Closed Ports (for Security)

Port	Service	Access
81	NPM Admin Panel	SSH tunnel only
5432	PostgreSQL	Internal only
3306	MariaDB	Internal only
6379	Redis	Internal only
9000-9002	MinIO, Portainer	Internal only
3000, 2222	Gitea	Internal only
5678	N8N	Internal only
8888	Jupyter	Internal only
5050	PgAdmin	Internal only
3001	Uptime Kuma	Internal only

Firewall Configuration

UFW Status:

sudo ufw status verbose
sudo ufw show added

Firewall Rules:

# Show all rules
sudo iptables -L -n

# Show NAT rules
sudo iptables -t nat -L -n

# Show filter rules
sudo iptables -t filter -L -n

Add/Remove Rules (if needed):

# Add rule (example)
sudo ufw allow 8080/tcp

# Remove rule
sudo ufw delete allow 8080/tcp

# Reload
sudo ufw reload

Security Services

fail2ban

Status: Active and protecting SSH

Statistics:

sudo fail2ban-client status
sudo fail2ban-client status sshd

Current Blocks:
- Total blocked IPs: 1-423 (varies)
- Monitored ports: 22 (SSH)
- Ban duration: 1 hour (default)
- Max retries: 5 (default)

View Blocked IPs:

sudo fail2ban-client status sshd | grep "Banned IP list"

Unban IP (if needed):

sudo fail2ban-client set sshd unbanip <ip-address>

SSL/TLS Configuration

SSL Provider: Let's Encrypt

Managed By: Nginx Proxy Manager (NPM)

Certificate Location: /mnt/data/nginx/letsencrypt/live/<domain>/

Active Certificates: 21 domains

Auto-Renewal: Enabled (30 days before expiration)

Check Expiration:

openssl x509 -in /mnt/data/nginx/letsencrypt/live/seller1.ru/cert.pem -noout -dates

System Services

Essential Services

Docker Daemon:

sudo systemctl status docker
sudo systemctl restart docker
sudo systemctl enable docker

Networking:

sudo systemctl status networking
ip addr show
route -n

SSH Server:

sudo systemctl status ssh
sudo systemctl restart ssh

fail2ban:

sudo systemctl status fail2ban
sudo systemctl restart fail2ban

Service Management

# View all services
systemctl list-units --type=service

# View running services
systemctl list-units --type=service --state=running

# View failed services
systemctl list-units --type=service --state=failed

# Start/stop/restart service
sudo systemctl start <service>
sudo systemctl stop <service>
sudo systemctl restart <service>

Log Files

System Logs

# Current boot logs
journalctl -b

# Last 100 lines
journalctl -n 100

# Follow logs
journalctl -f

# Last 1 hour
journalctl --since "1 hour ago"

# Specific service
journalctl -u docker
journalctl -u ssh

Docker Logs

# Container logs
docker logs <container-name>

# Follow logs
docker logs -f <container-name>

# Last 50 lines
docker logs --tail 50 <container-name>

# With timestamps
docker logs --timestamps <container-name>

Log Rotation

logrotate is configured for:
- System logs: daily rotation
- Docker logs: automatic per-container rotation (3x10MB)

Manual cleanup:

# Clear system logs older than 7 days
journalctl --vacuum-time=7d

# Clear docker logs
truncate -s 0 /var/lib/docker/containers/*/*-json.log

Performance Monitoring

Real-Time Monitoring

# Docker resource usage
docker stats --no-stream

# System resources
htop

# Disk I/O
iostat -x 1

# Network I/O
iftop

# Process monitoring
top
ps aux

Memory Usage

# Detailed memory info
free -h
free -w
vmstat

# Memory by process
ps aux --sort=-%mem | head -20

CPU Usage

# CPU info
lscpu
cat /proc/cpuinfo

# Current load
uptime
load

# CPU per process
ps aux --sort=-%cpu | head -20

Disk Usage

# Filesystem usage
df -h
df -i

# Directory sizes
du -sh /*
du -sh /mnt/data/*
du -sh /var/backups/*

# Disk I/O stats
iostat

Network Monitoring

# Network interfaces
ip addr show
ifconfig

# Network statistics
netstat -s
ss -s

# Current connections
netstat -tulpn
ss -tulpn

# Monitor bandwidth
iftop
nethogs

Backup & Recovery

Backup Location

/var/backups/
├── daily/       # Daily backups
├── weekly/      # Weekly backups
├── monthly/     # Monthly backups
└── restic-repo/ # Offsite backups

Backup Script

# Run backup manually
/opt/scripts/backup-critical.sh

# Schedule: Runs daily at 04:00 UTC via cron

Backup Verification

# Check recent backups
ls -lah /var/backups/daily/ | head -5

# Check backup sizes
du -sh /var/backups/*/

# Restic backup status
restic -r /var/backups/restic-repo snapshots

Network Connectivity Test

Internal Connectivity

Test Container Connectivity:

# From one container to another
docker exec <container1> ping <container2>

# DNS resolution
docker exec <container> nslookup <service-name>

# DNS resolution with IP
docker exec <container> getent hosts <service-name>

External Connectivity

Test Internet Access:

# From container
docker exec <container> curl -I https://google.com

# From host
curl -I https://google.com
ping 8.8.8.8

Domain Resolution

Test Domain Resolution:

# Local resolution
nslookup seller1.ru
dig seller1.ru

# From container
docker exec <container> nslookup seller1.ru

# Check A record
nslookup seller1.ru | grep "Address"

Maintenance Schedule

Daily Tasks (Automated)

Backup critical services (04:00 UTC)
Health checks (every 1 minute)
Log rotation
Docker image cleanup (if configured)

Weekly Tasks (Manual)

Review disk usage
Check SSL certificate expiration
Review fail2ban blocks
Monitor memory/CPU trends

Monthly Tasks (Manual)

System updates: apt update && apt upgrade
Docker image updates: docker compose pull && docker compose up -d
Review backup success rate
Cleanup old backups

Quarterly Tasks (Manual)

Full security audit
Disaster recovery drill
Performance optimization
Capacity planning

Disaster Recovery

Emergency Contacts

Control Server: 91.218.142.168 (DEV-PRO)

Quick Recovery Commands

If Server is Down:
1. SSH from DEV-PRO: ssh root@45.144.177.147
2. Check Docker: docker ps
3. Restart services: /opt/scripts/health-check.sh

If seller1.ru is Down:

# Check production stack
cd /opt/seller1-prod-stack
docker compose ps
docker compose logs -f
docker compose restart seller1-prod-web

If All Services Down:

# Restart Docker daemon
sudo systemctl restart docker

# Check services
/opt/scripts/health-check.sh

# Restart stacks if needed
for stack in /opt/*-stack; do
  cd $stack && docker compose up -d
done

Backup Restoration

From Local Backup:

# Database restore
docker exec -i seller1-prod-db psql -U postgres < /var/backups/daily/seller1.sql

# Volume restore
tar xzf /var/backups/daily/seller1-prod.tar.gz

From Restic Backup:

restic -r /var/backups/restic-repo restore <snapshot-id> -t /

$WORKSPACE/infra/@infra-dev-prod-rf/design/ARCHITECTURE.md
$WORKSPACE/infra/@infra-dev-prod-rf/management/README.md
$WORKSPACE/infra/@infra-dev-prod-rf/infrastructure/STACKS.md
$WORKSPACE/infra/@infra-dev-prod-rf/infrastructure/DOMAINS.md

Document Version: 1.0.0
Last Review: 2025-11-09
Next Review: 2025-12-09

Server Specifications: leruepecie

Network Information

Server Identity

Access

Hardware Specifications

CPU

Memory

Storage

Storage Usage

Operating System

OS Information

Package Manager

Docker Installation

Docker Engine

Docker Configuration

Network Connectivity

Open Ports (Firewall: UFW)

Closed Ports (for Security)

Firewall Configuration

Security Services

fail2ban

SSL/TLS Configuration

System Services

Essential Services

Service Management

Log Files

System Logs

Docker Logs

Log Rotation

Performance Monitoring

Real-Time Monitoring

Memory Usage

CPU Usage

Disk Usage

Network Monitoring

Backup & Recovery

Backup Location

Backup Script

Backup Verification

Network Connectivity Test

Internal Connectivity

External Connectivity

Domain Resolution

Maintenance Schedule

Daily Tasks (Automated)

Weekly Tasks (Manual)

Monthly Tasks (Manual)

Quarterly Tasks (Manual)

Disaster Recovery

Emergency Contacts

Quick Recovery Commands

Backup Restoration

Related Documentation