admin/HomeAudit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
705a2757c1d7777df15717ef598cb96ed216f67f
HomeAudit/dev_documentation/infrastructure/SERVICE_ANALYSIS_AND_CADDYFILE.md
admin 705a2757c1 Major infrastructure migration and Vaultwarden PostgreSQL troubleshooting 
COMPREHENSIVE CHANGES:

INFRASTRUCTURE MIGRATION:
- Migrated services to Docker Swarm on OMV800 (192.168.50.229)
- Deployed PostgreSQL database for Vaultwarden migration
- Updated all stack configurations for Docker Swarm compatibility
- Added comprehensive monitoring stack (Prometheus, Grafana, Blackbox)
- Implemented proper secret management for all services

VAULTWARDEN POSTGRESQL MIGRATION:
- Attempted migration from SQLite to PostgreSQL for NFS compatibility
- Created PostgreSQL stack with proper user/password configuration
- Built custom Vaultwarden image with PostgreSQL support
- Troubleshot persistent SQLite fallback issue despite PostgreSQL config
- Identified known issue where Vaultwarden silently falls back to SQLite
- Added ENABLE_DB_WAL=false to prevent filesystem compatibility issues
- Current status: Old Vaultwarden on lenovo410 still working, new one has config issues

PAPERLESS SERVICES:
- Successfully deployed Paperless-NGX and Paperless-AI on OMV800
- Both services running on ports 8000 and 3000 respectively
- Caddy configuration updated for external access
- Services accessible via paperless.pressmess.duckdns.org and paperless-ai.pressmess.duckdns.org

CADDY CONFIGURATION:
- Updated Caddyfile on Surface (192.168.50.254) for new service locations
- Fixed Vaultwarden reverse proxy to point to new Docker Swarm service
- Removed old notification hub reference that was causing conflicts
- All services properly configured for external access via DuckDNS

BACKUP AND DISCOVERY:
- Created comprehensive backup system for all hosts
- Generated detailed discovery reports for infrastructure analysis
- Implemented automated backup validation scripts
- Created migration progress tracking and verification reports

MONITORING STACK:
- Deployed Prometheus, Grafana, and Blackbox monitoring
- Created infrastructure and system overview dashboards
- Added proper service discovery and alerting configuration
- Implemented performance monitoring for all critical services

DOCUMENTATION:
- Reorganized documentation into logical structure
- Created comprehensive migration playbook and troubleshooting guides
- Added hardware specifications and optimization recommendations
- Documented all configuration changes and service dependencies

CURRENT STATUS:
- Paperless services:  Working and accessible externally
- Vaultwarden:  PostgreSQL configuration issues, old instance still working
- Monitoring:  Deployed and operational
- Caddy:  Updated and working for external access
- PostgreSQL:  Database running, connection issues with Vaultwarden

NEXT STEPS:
- Continue troubleshooting Vaultwarden PostgreSQL configuration
- Consider alternative approaches for Vaultwarden migration
- Validate all external service access
- Complete final migration validation

TECHNICAL NOTES:
- Used Docker Swarm for orchestration on OMV800
- Implemented proper secret management for sensitive data
- Added comprehensive logging and monitoring
- Created automated backup and validation scripts
2025-08-30 20:18:44 -04:00

140 lines
4.9 KiB
Markdown
Raw Blame History

# SERVICE ANALYSIS AND CADDYFILE - COMPLETE
**Generated:** 2025-08-29
**Status:** COMPLETE - Caddy deployed, Docker Swarm ready
---
## 🎯 **EXECUTIVE SUMMARY**
**Completed comprehensive service analysis and Caddyfile deployment.** All services are now properly routed through Caddy with SSL certificates. Docker Swarm is fully configured with all nodes joined and labeled.
---
## 📊 **CURRENT STATUS**
### **✅ COMPLETED TASKS**
- **Service Analysis**: All services identified and mapped
- **Caddyfile Deployment**: Deployed on surface (192.168.50.254)
- **Security Hardening**: Removed high-risk services from external access
- **Docker Swarm**: All 6 nodes joined and labeled
- **Network Setup**: swarm-public overlay network created
- **Paperless Services**: Both NGX and AI now running on OMV800 with updated Caddyfile
### **🔧 INFRASTRUCTURE OVERVIEW**
- **Reverse Proxy**: Caddy (surface: 192.168.50.254)
- **Container Orchestration**: Docker Swarm (OMV800 as manager)
- **Storage**: OMV800 with mergerfs pools
- **Monitoring**: Uptime Kuma (audrey: 192.168.50.145)
---
## 🏗️ **DOCKER SWARM ARCHITECTURE**
### **Node Configuration:**
```
OMV800 (Manager) - role=storage, cpu=high, memory=high, gpu=false
fedora - role=compute, cpu=medium, memory=medium, gpu=false
lenovo410 - role=compute, cpu=medium, memory=medium, gpu=false
audrey - role=compute, cpu=medium, memory=medium, gpu=false
surface - role=compute, cpu=medium, memory=medium, gpu=false
lenovo420 - role=ai-ml, cpu=high, memory=high, gpu=true
```
### **Networks:**
- **swarm-public**: Overlay network for service communication
- **database-network**: For database services
- **monitoring-network**: For monitoring services
- **ingress**: For ingress traffic
---
## 🌐 **SERVICE ROUTING (CADDY)**
### **Active Services:**
```
nextcloud.pressmess.duckdns.org → 192.168.50.229:8080 (OMV800)
jellyfin.pressmess.duckdns.org → 192.168.50.229:8096 (OMV800)
immich.pressmess.duckdns.org → 192.168.50.229:2283 (OMV800)
gitea.pressmess.duckdns.org → 192.168.50.229:3001 (OMV800)
joplin.pressmess.duckdns.org → 192.168.50.229:22300 (OMV800)
vikunja.pressmess.duckdns.org → 192.168.50.229:3456 (OMV800)
n8npressmess.duckdns.org → 192.168.50.181:5678 (lenovo410)
portainer.pressmess.duckdns.org → 192.168.50.181:9000 (lenovo410)
homeassistant.pressmess.duckdns.org → 192.168.50.181:8123 (lenovo410)
music-assistant.pressmess.duckdns.org → 192.168.50.181:8095 (lenovo410)
esphome.pressmess.duckdns.org → 192.168.50.181:6052 (lenovo410)
paperless-ai.pressmess.duckdns.org → 192.168.50.229:3000 (OMV800)
paperless.pressmess.duckdns.org → 192.168.50.229:8000 (OMV800)
zwave.pressmess.duckdns.org → 192.168.50.181:8091 (lenovo410)
vaultwarden.pressmess.duckdns.org → 192.168.50.181:8088 (lenovo410)
omnitools.pressmess.duckdns.org → 192.168.50.66:9080 (lenovo420)
appflowy-server.pressmess.duckdns.org → 192.168.50.254:8080 (surface)
dashboard.pressmess.duckdns.org → 192.168.50.254:8090 (surface)
uptime-kuma.pressmess.duckdns.org → 192.168.50.145:3001 (audrey)
```
### **Security-Restricted Services (Local Access Only):**
- **OMV/OMV Backup**: System management interfaces
- **Portainer Agent**: Docker daemon access
- **Code-Server**: Full IDE access
- **Dozzle**: Docker logs viewer
- **AdGuard Home**: DNS filtering
---
## 🔒 **SECURITY DECISIONS**
### **External Access (via Caddy):**
-**User Services**: Nextcloud, Jellyfin, Immich, etc.
-**Monitoring**: Uptime Kuma
-**Development**: Gitea, n8n
-**IoT**: Home Assistant, ESPHome
### **Local Access Only:**
- 🔒 **System Management**: OMV, OMV Backup
- 🔒 **Container Management**: Portainer Agent
- 🔒 **Development Tools**: Code-Server, Dozzle
- 🔒 **Network Security**: AdGuard Home
---
## 🎯 **NEXT STEPS**
### **Ready for Service Migration:**
1. **Deploy Database Services** (PostgreSQL, MariaDB)
2. **Migrate Services to Swarm** (one by one)
3. **Optimize Service Distribution** (move n8n to fedora)
4. **Deploy Basic Monitoring** (Grafana + Netdata)
5. **Configure GPU Acceleration** (for Jellyfin/Immich)
### **Infrastructure Status:**
-**Docker Swarm**: Complete
-**Caddy**: Deployed and secured
-**Storage**: Configured and working
-**Network**: Overlay networks ready
-**Node Labels**: Applied for service placement
---
## 📋 **DEPLOYMENT CHECKLIST**
### **✅ COMPLETED:**
- [x] Service analysis and mapping
- [x] Caddyfile deployment and security hardening
- [x] Docker Swarm setup (all nodes joined)
- [x] Node labeling for service placement
- [x] Overlay network creation
- [x] SSL certificate generation
- [x] Service conflict resolution
### **🔄 NEXT:**
- [ ] Deploy database services
- [ ] Migrate services to Docker Swarm
- [ ] Optimize service distribution
- [ ] Deploy monitoring stack
- [ ] Configure GPU acceleration
---
**Status: READY FOR SERVICE MIGRATION** 🚀
Reference in New Issue View Git Blame Copy Permalink