echo6-docs/runbooks/expose-service-contabo.md

# Expose Service on Contabo

## Prerequisites
- Service running in Docker on Contabo
- Port bound to `127.0.0.1` only (never `0.0.0.0`)

## Steps

### 1. Deploy the service

```bash
ssh root@100.64.0.6
mkdir -p /opt/<service>
# Create docker-compose.yml with port bound to 127.0.0.1:<port>
docker compose up -d
```

### 2. Add DNS record

```bash
# On TOC
source /home/zvx/projects/.ref/credentials
godaddy-dns.py add-a echo6.co <service> 5.189.158.149
dig +short <service>.echo6.co @8.8.8.8  # Verify
```

### 3. Add Caddy site block

```bash
ssh root@100.64.0.6
nano /etc/caddy/Caddyfile

# Add:
# <service>.echo6.co {
#     reverse_proxy 127.0.0.1:<port>
# }

caddy validate --config /etc/caddy/Caddyfile
systemctl reload caddy
```

### 4. Add dnsmasq split DNS entry

```bash
ssh root@100.64.0.6
nano /etc/dnsmasq.d/tailscale-dns.conf

# Add:
# address=/<service>.echo6.co/100.64.0.6

systemctl restart dnsmasq
```

### 5. Verify

```bash
# Public
curl -I https://<service>.echo6.co

# Tailscale
dig +short <service>.echo6.co @100.64.0.6  # Should return 100.64.0.6
```

### 6. Update docs

- Update `~/.claude/docs/infrastructure/caddy.md` with new site block
- Update `~/.claude/docs/infrastructure/services.md` with new service
- Add credentials to `/home/zvx/projects/.ref/credentials` if applicable

## Checklist

```
□ Docker container running, port on 127.0.0.1 only
□ GoDaddy DNS → 5.189.158.149
□ Caddy site block added and reloaded
□ dnsmasq entry added and restarted
□ Public access verified
□ Tailscale access verified
□ Docs updated
```
Initial commit: infrastructure documentation Includes: - Hardware environment reference (Proxmox cluster, VMs, LXCs) - Services inventory with current deployments - Caddy & DNS configuration reference - Runbooks for common deployment procedures Recent additions: - SearXNG deployment (utility CT 102, search.echo6.co) - TOC conversion to Proxmox with cortex VM - Syncthing sync between Contabo and cortex Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-02-06 21:27:29 +01:00			`# Expose Service on Contabo`

			`## Prerequisites`
			`- Service running in Docker on Contabo`
			- Port bound to `127.0.0.1` only (never `0.0.0.0`)

			`## Steps`

			`### 1. Deploy the service`

			```bash
			`ssh root@100.64.0.6`
			`mkdir -p /opt/<service>`
			`# Create docker-compose.yml with port bound to 127.0.0.1:<port>`
			`docker compose up -d`
			```

			`### 2. Add DNS record`

			```bash
			`# On TOC`
			`source /home/zvx/projects/.ref/credentials`
			`godaddy-dns.py add-a echo6.co <service> 5.189.158.149`
			`dig +short <service>.echo6.co @8.8.8.8 # Verify`
			```

			`### 3. Add Caddy site block`

			```bash
			`ssh root@100.64.0.6`
			`nano /etc/caddy/Caddyfile`

			`# Add:`
			`# <service>.echo6.co {`
			`# reverse_proxy 127.0.0.1:<port>`
			`# }`

			`caddy validate --config /etc/caddy/Caddyfile`
			`systemctl reload caddy`
			```

			`### 4. Add dnsmasq split DNS entry`

			```bash
			`ssh root@100.64.0.6`
			`nano /etc/dnsmasq.d/tailscale-dns.conf`

			`# Add:`
			`# address=/<service>.echo6.co/100.64.0.6`

			`systemctl restart dnsmasq`
			```

			`### 5. Verify`

			```bash
			`# Public`
			`curl -I https://<service>.echo6.co`

			`# Tailscale`
			`dig +short <service>.echo6.co @100.64.0.6 # Should return 100.64.0.6`
			```

			`### 6. Update docs`

			- Update `~/.claude/docs/infrastructure/caddy.md` with new site block
			- Update `~/.claude/docs/infrastructure/services.md` with new service
			- Add credentials to `/home/zvx/projects/.ref/credentials` if applicable

			`## Checklist`

			```
			`□ Docker container running, port on 127.0.0.1 only`
			`□ GoDaddy DNS → 5.189.158.149`
			`□ Caddy site block added and reloaded`
			`□ dnsmasq entry added and restarted`
			`□ Public access verified`
			`□ Tailscale access verified`
			`□ Docs updated`
			```