Server Reference¶
Tags: Reference, Server
Complete reference information for the production server infrastructure.
Server Details¶
| Property | Value |
|---|---|
| IP Address | 50.3.85.110 |
| Hostname | Production Server |
| Environment | Production |
| Primary Function | Docker container host with Traefik reverse proxy |
Access Instructions¶
SSH Access¶
File Transfer¶
# Copy to server
scp -r local/path root@50.3.85.110:/remote/path
# Copy from server
scp -r root@50.3.85.110:/remote/path local/path
Traefik Dashboard¶
- URL: http://50.3.85.110:8080
- Purpose: Monitor routes, services, and middleware
- Access: No authentication configured (restrict in production)
Docker API¶
- Port: 2375 (unencrypted - use with caution)
- Access:
docker -H tcp://50.3.85.110:2375
Installed Software¶
Docker & Containerization¶
| Component | Purpose | Version/Notes |
|---|---|---|
| Docker Engine | Container runtime | Latest stable |
| Docker Compose | Multi-container orchestration | Installed globally |
| Docker CLI | Command-line interface | Compatible with server version |
Reverse Proxy & Load Balancing¶
| Component | Purpose | Configuration |
|---|---|---|
| Traefik | HTTP/HTTPS reverse proxy, load balancer, TLS termination | Running in container, managed via docker-compose |
| Let's Encrypt | Automatic SSL/TLS certificate provisioning | Integrated with Traefik, acme.json storage |
Networking¶
| Component | Purpose | Status |
|---|---|---|
| traefik_public | Primary overlay network for all services | Always running; created via docker network |
| Docker Bridge | Default container networking | Standard Docker setup |
System Requirements¶
- OS: Linux (Ubuntu recommended, verified working)
- Available Disk Space: Monitor with
docker system df - Memory: Sufficient for running all containers (typically 4GB+ recommended)
- Network Connectivity: 24/7 internet connection required for Let's Encrypt and service traffic
Network Architecture¶
traefik_public Network¶
networks:
traefik_public:
driver: bridge
external: true # Created manually, exists outside docker-compose
Services connected to traefik_public: - All public-facing web services - Traefik itself
Isolated networks (if needed): - Database networks (if restricted from internet) - Internal service-to-service communication
Port Mappings¶
| Port | Service | Protocol | Purpose |
|---|---|---|---|
| 80 | Traefik | HTTP | Web traffic, HTTP→HTTPS redirect |
| 443 | Traefik | HTTPS | Encrypted web traffic |
| 8080 | Traefik | HTTP | Management dashboard |
Firewall Configuration¶
# Required inbound rules:
- Allow 22/tcp (SSH)
- Allow 80/tcp (HTTP)
- Allow 443/tcp (HTTPS)
- Allow 8080/tcp (Traefik dashboard - restrict to admin IPs)
# Outbound:
- Allow all (required for Let's Encrypt, package updates)
Server Management¶
Checking System Health¶
# Overall Docker status
docker ps
docker stats
# Network status
docker network ls
docker network inspect traefik_public
# Storage usage
docker system df
# System resources
free -h
df -h
Viewing Logs¶
# Traefik logs (most important for debugging routing)
docker logs traefik -f --tail=100
# Specific service logs
docker logs SERVICE_NAME -f --tail=50
# System journal
journalctl -n 100
journalctl -u docker -f
Common Management Tasks¶
Restart all services:
Update Traefik configuration:
# Edit traefik configuration file or docker-compose.yml
vi docker-compose.yml
# Restart Traefik
docker-compose up -d traefik
Clean up old images and volumes:
# Remove unused images
docker image prune -a
# Remove unused volumes
docker volume prune
# Full cleanup (be careful!)
docker system prune -a
Backup important data:
# Backup acme.json (SSL certificates)
docker cp traefik:/letsencrypt/acme.json ./acme.json.backup
# Backup application data volumes
docker run --rm -v app_volume:/data -v $(pwd):/backup \
ubuntu tar czf /backup/app_volume_backup.tar.gz -C /data .
Server Specifications¶
Recommended Specifications¶
| Resource | Recommended | Minimum |
|---|---|---|
| CPU | 2+ cores | 1 core |
| Memory | 4GB+ | 2GB |
| Storage | 50GB+ SSD | 20GB |
| Network | Gigabit, stable connection | 10Mbps |
| Uptime | 99.5%+ | Production-grade |
Performance Monitoring¶
View container resource usage:
Monitor specific container:
Check disk usage:
Capacity Planning¶
If server approaches capacity: 1. Review active containers: docker ps 2. Identify large images: docker images --size 3. Check volume sizes: docker volume inspect VOLUME 4. Consider cleanup or horizontal scaling (additional servers)
SSL/TLS Certificate Management¶
Certificate Storage¶
# Location in Traefik container
/letsencrypt/acme.json
# Backup on host
docker cp traefik:/letsencrypt/acme.json /backup/
Current Certificates¶
# View all managed certificates
docker exec traefik cat /letsencrypt/acme.json | jq '.[] | keys'
# Check certificate expiry
docker exec traefik openssl x509 -in /path/to/cert -noout -dates
Certificate Renewal¶
- Automatic: Traefik automatically renews certificates 30 days before expiry
- Manual renewal: Restart Traefik:
docker-compose restart traefik - Force renewal: Delete certificate from acme.json and restart Traefik
Disaster Recovery¶
Critical Backups to Maintain¶
- acme.json - All SSL certificates (prevents Let's Encrypt rate limits on recovery)
- docker-compose.yml - Service definitions
- Application data volumes - Databases, uploads, persistent storage
- .env files - Configuration secrets (store securely)
Recovery Procedures¶
Full server restore from backup: 1. Deploy fresh OS on server 2. Install Docker and Docker Compose 3. Restore docker-compose.yml 4. Create networks: docker network create traefik_public 5. Restore volumes: docker volume create APP_VOLUME 6. Copy acme.json: docker cp acme.json traefik:/letsencrypt/ 7. Deploy services: docker-compose up -d
Related Documentation¶
- Troubleshooting Guide: See troubleshooting.md for common issues and solutions
- Infrastructure Architecture: See
docs/journeys/infrastructure.mdfor system design overview - Docker Documentation: https://docs.docker.com/
- Traefik Documentation: https://docs.traefik.io/
- Let's Encrypt: https://letsencrypt.org/