giteadmin/lifeos-prod
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1c2279664cd98b4b193f5f060d0bc7d2d48eafab
lifeos-prod/project-docs/life-os-server-config.docx
Michael 5297da485f Initial commit
2026-03-03 00:44:33 +00:00

350 lines
17 KiB
Plaintext
Raw Blame History

**Life OS**
Server & Infrastructure Configuration
**1. Server Overview**
-----------------------------------------------------------------------
**Property** **Value**
---------------------- ------------------------------------------------
Provider Hetzner Cloud
Server Name defiant-01
Public IP 46.225.166.142
IPv6 2a01:4f8:1c1f:9d94::1
OS Ubuntu 24.04.4 LTS (Noble Numbat)
Kernel Linux 6.8.0-90-generic x86_64
CPU Cores 12
RAM 22 GB
Disk 451 GB total / \~395 GB available
Swap 8 GB
-----------------------------------------------------------------------
**1.1 Installed Software**
-----------------------------------------------------------------------
**Software** **Version** **Notes**
------------------ --------------- ------------------------------------
Ubuntu 24.04.4 LTS Base OS
Python 3.12.3 Host-level, available system-wide
Nginx 1.24.0 Host-level reverse proxy, not
containerized
Docker Active Managing all application containers
PostgreSQL (host) Not installed Postgres runs in Docker containers
only
-----------------------------------------------------------------------
**1.2 Hetzner Cloud Firewall**
Firewall name: firewall-1
------------------------------------------------------------------------------
**Protocol** **Port** **Source** **Purpose**
-------------- ---------- ------------------ ---------------------------------
TCP 22 0.0.0.0/0 SSH access
TCP 80 0.0.0.0/0 HTTP (redirects to HTTPS via
Nginx)
TCP 443 0.0.0.0/0 HTTPS
TCP 8443 0.0.0.0/0 Kasm Workspaces (internal, set
during setup)
------------------------------------------------------------------------------
*Note: UFW is inactive on the host. Docker manages iptables rules
directly for container port exposure. No host-level firewall changes are
needed for new services - Nginx proxies all traffic on 80/443.*
**2. DNS Records**
Domain registrar / DNS provider: managed by Michael
Primary domain: invixiom.com
**2.1 Active DNS Records**
-----------------------------------------------------------------------------------------------
**Subdomain** **Type** **Value** **Purpose** **Status**
----------------------------- ---------- ---------------- ---------------------- --------------
**kasm.invixiom.com** A 46.225.166.142 Kasm Workspaces **ACTIVE**
virtual desktop
**files.invixiom.com** A 46.225.166.142 Nextcloud file storage **ACTIVE**
**lifeos.invixiom.com** A 46.225.166.142 Life OS PROD **PENDING**
application
**lifeos-dev.invixiom.com** A 46.225.166.142 Life OS DEV **PENDING**
application
**code.invixiom.com** A 46.225.166.142 Reserved - future use **RESERVED**
-----------------------------------------------------------------------------------------------
*Note: PENDING means DNS record exists but the Nginx config and
application container are not yet deployed. ACTIVE means fully
configured end-to-end.*
**3. Nginx Configuration**
Nginx runs directly on the host (not in Docker). Config files located at
/etc/nginx/sites-available/. The active config is invixiom (symlinked to
sites-enabled).
**3.1 SSL Certificates**
----------------------------------------------------------------------------------------------------------
**Certificate** **Path** **Covers** **Provider**
----------------- ------------------------------------------------------- ----------------- --------------
Primary cert /etc/letsencrypt/live/kasm.invixiom.com/fullchain.pem All active Let\'s Encrypt
subdomains
(wildcard or SAN)
Primary key /etc/letsencrypt/live/kasm.invixiom.com/privkey.pem All active Let\'s Encrypt
subdomains
Legacy cert /etc/nginx/ssl/invixiom.crt Old config only Self-signed or
(kasm manual
site-available)
----------------------------------------------------------------------------------------------------------
*Note: The Let\'s Encrypt cert path uses kasm.invixiom.com as the
primary name. When lifeos.invixiom.com and lifeos-dev.invixiom.com are
added to Nginx, the cert will need to be renewed/expanded to cover the
new subdomains.*
**3.2 Configured Virtual Hosts**
-------------------------------------------------------------------------------------
**Server Name** **Listens **Proxies To** **Notes**
On**
------------------------- ----------- ------------------------ ----------------------
kasm.invixiom.com 443 ssl https://127.0.0.1:8443 WebSocket support,
ssl_verify off, 30min
timeout
files.invixiom.com 443 ssl http://127.0.0.1:8080 Nextcloud container
lifeos-api.invixiom.com 443 ssl http://127.0.0.1:8000 LEGACY - maps to stub
container, to be
replaced
code.invixiom.com 443 ssl http://127.0.0.1:8081 Nothing running on
8081 yet
lifeos.invixiom.com 443 ssl http://127.0.0.1:8002 TO BE ADDED - Life OS
PROD
lifeos-dev.invixiom.com 443 ssl http://127.0.0.1:8003 TO BE ADDED - Life OS
DEV
-------------------------------------------------------------------------------------
**4. Docker Containers**
**4.1 Currently Running Containers**
-------------------------------------------------------------------------------------------------------
**Container Name** **Image** **Ports** **Purpose** **Touch?**
------------------------ --------------------------- ------------- ---------------------- -------------
fastapi stack-fastapi 8000-\>8000 Stub health check **REPLACE**
only - to be replaced
by Life OS PROD
nextcloud nextcloud:27-apache 8080-\>80 Nextcloud file storage **DO NOT
(files.invixiom.com) TOUCH**
redis redis:7-alpine internal Task queue for **DO NOT
existing stack TOUCH**
kasm_proxy kasmweb/proxy:1.18.0 8443-\>8443 Kasm entry point **DO NOT
(kasm.invixiom.com) TOUCH**
kasm_rdp_https_gateway kasmweb/rdp-https-gateway internal Kasm RDP gateway **DO NOT
TOUCH**
kasm_rdp_gateway kasmweb/rdp-gateway 3389-\>3389 Kasm RDP **DO NOT
TOUCH**
kasm_agent kasmweb/agent:1.18.0 internal Kasm agent **DO NOT
TOUCH**
kasm_guac kasmweb/kasm-guac internal Kasm Guacamole **DO NOT
TOUCH**
kasm_api kasmweb/api:1.18.0 internal Kasm API **DO NOT
TOUCH**
kasm_manager kasmweb/manager:1.18.0 internal Kasm manager **DO NOT
TOUCH**
kasm_db kasmweb/postgres:1.18.0 internal Kasm dedicated **DO NOT
Postgres TOUCH**
celery stack-celery internal Celery worker for **DO NOT
existing stack TOUCH**
postgres postgres:16-alpine internal Postgres for existing **DO NOT
stack TOUCH**
-------------------------------------------------------------------------------------------------------
**4.2 Planned Life OS Containers**
-------------------------------------------------------------------------------------------
**Container **Image** **Port** **Purpose** **Status**
Name**
--------------- -------------------- ------------- --------------------------- ------------
lifeos-db postgres:16-alpine internal only Dedicated Postgres for Life **ACTIVE**
OS - hosts lifeos_prod and
lifeos_dev databases
lifeos-prod lifeos-app (custom) 8002-\>8002 Life OS PROD application **TO BE
(lifeos.invixiom.com) CREATED**
lifeos-dev lifeos-app (custom) 8003-\>8003 Life OS DEV application **TO BE
(lifeos-dev.invixiom.com) CREATED**
-------------------------------------------------------------------------------------------
**4.3 Port Allocation**
-----------------------------------------------------------------------------
**Port** **Used By** **Direction** **Notes**
---------- ------------------- --------------- ------------------------------
22 SSH External Hetzner firewall open
inbound
80 Nginx External HTTP redirect to HTTPS
inbound
443 Nginx External HTTPS, all subdomains
inbound
3389 kasm_rdp_gateway External Hetzner firewall open
inbound
8000 fastapi (stub) Internal To be repurposed or removed
8080 nextcloud Internal Proxied via files.invixiom.com
8081 code.invixiom.com Internal Reserved, nothing running
8443 kasm_proxy External Kasm, Hetzner firewall open
inbound
8002 lifeos-prod Internal To be created - proxied via
lifeos.invixiom.com
8003 lifeos-dev Internal To be created - proxied via
lifeos-dev.invixiom.com
-----------------------------------------------------------------------------
**5. Docker Networks**
------------------------------------------------------------------------------------
**Network Name** **Driver** **Subnet** **Used By**
---------------------- ----------------- --------------- ---------------------------
bridge bridge 172.17.0.0/16 Default Docker bridge
kasm_default_network bridge 172.19.0.0/16 All Kasm containers
kasm_sidecar_network kasmweb/sidecar 172.20.0.0/16 Kasm sidecar
stack_web bridge 172.18.0.0/16 fastapi, celery, redis,
postgres containers
lifeos_network bridge 172.21.0.0/16 ACTIVE - lifeos-prod,
lifeos-dev, lifeos-db
------------------------------------------------------------------------------------
**6. Application Directories**
All Life OS application files live under /opt/lifeos on the host,
mounted into containers as volumes.
--------------------------------------------------------------------------
**Path** **Purpose** **Status**
----------------------------- --------------------------- ----------------
/opt/lifeos/lifeos-setup.sh Infrastructure setup script **ACTIVE**
/opt/lifeos/prod PROD application files and **ACTIVE**
config
/opt/lifeos/prod/files PROD user uploaded files **ACTIVE**
storage
/opt/lifeos/dev DEV application files and **ACTIVE**
config
/opt/lifeos/dev/files DEV user uploaded files **ACTIVE**
storage
lifeos_db_data (Docker Postgres data persistence **ACTIVE**
volume)
--------------------------------------------------------------------------
**7. Pending Configuration Tasks**
The following items are in sequence order and must be completed to
finish the infrastructure setup:
--------------------------------------------------------------------------------------------
**\#** **Task** **Status** **Notes**
-------- ------------------------------ -------------- -------------------------------------
1 Verify DNS propagation for **COMPLETE** Verified 2026-02-27
lifeos.invixiom.com and
lifeos-dev.invixiom.com
2 Create Docker network: **PENDING**
lifeos_network
3 Create lifeos-db Postgres **COMPLETE** Container: lifeos-db, image:
container postgres:16-alpine
4 Create lifeos_prod and **COMPLETE** lifeos_dev user created with separate
lifeos_dev databases inside password
lifeos-db
5 Create application directory **COMPLETE** /opt/lifeos/prod, /opt/lifeos/dev,
structure on host file storage dirs
6 Migrate existing Supabase **COMPLETE** 3 domains, 10 areas, 18 projects, 73
production data to lifeos_prod tasks, 5 links, 5 daily_focus, 80
capture, 6 context_types. Files table
empty - Supabase Storage paths
obsolete, files start fresh in R1.
7 Build Life OS Docker image **PENDING** FastAPI app, Python 3.12
(Dockerfile)
8 Create docker-compose.yml for **PENDING** PROD and DEV services
Life OS stack
9 Add lifeos.invixiom.com and **PENDING** New server blocks in
lifeos-dev.invixiom.com to /etc/nginx/sites-available/invixiom
Nginx config
10 Expand SSL cert to cover new **PENDING** Add lifeos.invixiom.com and
subdomains (certbot \--expand) lifeos-dev.invixiom.com to cert
11 Remove or retire stub fastapi **PENDING** After Life OS PROD is live
container on port 8000
12 Test end-to-end: HTTPS access **PENDING**
to lifeos.invixiom.com and
lifeos-dev.invixiom.com
--------------------------------------------------------------------------------------------
Life OS Server & Infrastructure Configuration \| Last updated:
2026-02-27
Reference in New Issue View Git Blame Copy Permalink