# Contabo VPS Current Configurations **Server:** 5.189.158.149 / 100.64.0.4 **Last Updated:** 2026-02-05 --- ## Caddy Configuration **File:** `/etc/caddy/Caddyfile` ```caddyfile # Global options { email admin@echo6.co admin off } # Main Mailcow hostname mail.echo6.co { reverse_proxy https://127.0.0.1:8443 { transport http { tls_insecure_skip_verify read_timeout 3600s write_timeout 3600s } } } # Autodiscover for Outlook autodiscover.echo6.co { reverse_proxy https://127.0.0.1:8443 { transport http { tls_insecure_skip_verify } } } # Autoconfig for Thunderbird autoconfig.echo6.co { reverse_proxy https://127.0.0.1:8443 { transport http { tls_insecure_skip_verify } } } # Headscale VPN + Headplane Admin vpn.echo6.co { handle /admin* { reverse_proxy 127.0.0.1:3100 } handle { reverse_proxy 127.0.0.1:8084 } } # Authentik SSO auth.echo6.co { reverse_proxy 127.0.0.1:9000 } # Forgejo Git Forge forge.echo6.co { reverse_proxy 127.0.0.1:3001 } # Vaultwarden Password Manager vault.echo6.co { reverse_proxy /notifications/hub 127.0.0.1:3012 reverse_proxy 127.0.0.1:8086 } ``` ### Commands ```bash # Validate caddy validate --config /etc/caddy/Caddyfile # Restart (admin off, so reload won't work) systemctl restart caddy # Logs journalctl -u caddy -f ``` --- ## dnsmasq Split DNS Configuration **File:** `/etc/dnsmasq.d/tailscale-dns.conf` ```conf # DNSmasq config for Tailscale Split DNS # Listen only on Tailscale interface listen-address=100.64.0.4 bind-interfaces # Upstream DNS servers server=1.1.1.1 server=8.8.8.8 # Local records for echo6.co services (route through Tailscale) address=/forge.echo6.co/100.64.0.4 address=/auth.echo6.co/100.64.0.4 address=/mail.echo6.co/100.64.0.4 address=/vpn.echo6.co/100.64.0.4 address=/docs.echo6.co/100.64.0.4 address=/vault.echo6.co/100.64.0.4 address=/stream.echo6.co/100.64.0.7 address=/notes.echo6.co/100.64.0.22 # Don't read /etc/hosts no-hosts # Cache size cache-size=1000 # Log queries for debugging log-queries ``` ### Commands ```bash # Restart systemctl restart dnsmasq # Status systemctl status dnsmasq # Test resolution dig +short vault.echo6.co @100.64.0.4 ``` --- ## Port Mappings Summary | Service | Container Port | Host Binding | Caddy Proxy | |---------|---------------|--------------|-------------| | Authentik | 9000 | 127.0.0.1:9000 | auth.echo6.co | | Forgejo | 3000 | 127.0.0.1:3001 | forge.echo6.co | | Forgejo SSH | 22 | 0.0.0.0:2222 | Direct | | Headscale | 8080 | 127.0.0.1:8084 | vpn.echo6.co | | Headplane | 3000 | 127.0.0.1:3100 | vpn.echo6.co/admin | | Mailcow | 8443 | 127.0.0.1:8443 | mail.echo6.co | | Vaultwarden | 80 | 127.0.0.1:8086 | vault.echo6.co | | Vaultwarden WS | 3012 | 127.0.0.1:3012 | vault.echo6.co/notifications/hub | --- ## DNS Records (GoDaddy → Contabo) | Subdomain | IP | Service | |-----------|-----|---------| | auth | 5.189.158.149 | Authentik | | forge | 5.189.158.149 | Forgejo | | mail | 5.189.158.149 | Mailcow | | vpn | 5.189.158.149 | Headscale | | vault | 5.189.158.149 | Vaultwarden | | autodiscover | 5.189.158.149 | Mailcow | | autoconfig | 5.189.158.149 | Mailcow | --- ## Split DNS Mappings (Tailscale) | Domain | Tailscale IP | Server | |--------|-------------|--------| | auth.echo6.co | 100.64.0.4 | Contabo | | forge.echo6.co | 100.64.0.4 | Contabo | | mail.echo6.co | 100.64.0.4 | Contabo | | vpn.echo6.co | 100.64.0.4 | Contabo | | vault.echo6.co | 100.64.0.4 | Contabo | | docs.echo6.co | 100.64.0.4 | Contabo | | stream.echo6.co | 100.64.0.7 | PeerTube | | notes.echo6.co | 100.64.0.22 | Cloud | --- *Last updated: 2026-02-05*