Matt Johnson
880ff09c90
Includes: - Hardware environment reference (Proxmox cluster, VMs, LXCs) - Services inventory with current deployments - Caddy & DNS configuration reference - Runbooks for common deployment procedures Recent additions: - SearXNG deployment (utility CT 102, search.echo6.co) - TOC conversion to Proxmox with cortex VM - Syncthing sync between Contabo and cortex Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
3.7 KiB
3.7 KiB
Contabo VPS Current Configurations
Server: 5.189.158.149 / 100.64.0.4 Last Updated: 2026-02-05
Caddy Configuration
File: /etc/caddy/Caddyfile
# Global options
{
email admin@echo6.co
admin off
}
# Main Mailcow hostname
mail.echo6.co {
reverse_proxy https://127.0.0.1:8443 {
transport http {
tls_insecure_skip_verify
read_timeout 3600s
write_timeout 3600s
}
}
}
# Autodiscover for Outlook
autodiscover.echo6.co {
reverse_proxy https://127.0.0.1:8443 {
transport http {
tls_insecure_skip_verify
}
}
}
# Autoconfig for Thunderbird
autoconfig.echo6.co {
reverse_proxy https://127.0.0.1:8443 {
transport http {
tls_insecure_skip_verify
}
}
}
# Headscale VPN + Headplane Admin
vpn.echo6.co {
handle /admin* {
reverse_proxy 127.0.0.1:3100
}
handle {
reverse_proxy 127.0.0.1:8084
}
}
# Authentik SSO
auth.echo6.co {
reverse_proxy 127.0.0.1:9000
}
# Forgejo Git Forge
forge.echo6.co {
reverse_proxy 127.0.0.1:3001
}
# Vaultwarden Password Manager
vault.echo6.co {
reverse_proxy /notifications/hub 127.0.0.1:3012
reverse_proxy 127.0.0.1:8086
}
Commands
# Validate
caddy validate --config /etc/caddy/Caddyfile
# Restart (admin off, so reload won't work)
systemctl restart caddy
# Logs
journalctl -u caddy -f
dnsmasq Split DNS Configuration
File: /etc/dnsmasq.d/tailscale-dns.conf
# DNSmasq config for Tailscale Split DNS
# Listen only on Tailscale interface
listen-address=100.64.0.4
bind-interfaces
# Upstream DNS servers
server=1.1.1.1
server=8.8.8.8
# Local records for echo6.co services (route through Tailscale)
address=/forge.echo6.co/100.64.0.4
address=/auth.echo6.co/100.64.0.4
address=/mail.echo6.co/100.64.0.4
address=/vpn.echo6.co/100.64.0.4
address=/docs.echo6.co/100.64.0.4
address=/vault.echo6.co/100.64.0.4
address=/stream.echo6.co/100.64.0.7
address=/notes.echo6.co/100.64.0.22
# Don't read /etc/hosts
no-hosts
# Cache size
cache-size=1000
# Log queries for debugging
log-queries
Commands
# Restart
systemctl restart dnsmasq
# Status
systemctl status dnsmasq
# Test resolution
dig +short vault.echo6.co @100.64.0.4
Port Mappings Summary
| Service | Container Port | Host Binding | Caddy Proxy |
|---|---|---|---|
| Authentik | 9000 | 127.0.0.1:9000 | auth.echo6.co |
| Forgejo | 3000 | 127.0.0.1:3001 | forge.echo6.co |
| Forgejo SSH | 22 | 0.0.0.0:2222 | Direct |
| Headscale | 8080 | 127.0.0.1:8084 | vpn.echo6.co |
| Headplane | 3000 | 127.0.0.1:3100 | vpn.echo6.co/admin |
| Mailcow | 8443 | 127.0.0.1:8443 | mail.echo6.co |
| Vaultwarden | 80 | 127.0.0.1:8086 | vault.echo6.co |
| Vaultwarden WS | 3012 | 127.0.0.1:3012 | vault.echo6.co/notifications/hub |
DNS Records (GoDaddy → Contabo)
| Subdomain | IP | Service |
|---|---|---|
| auth | 5.189.158.149 | Authentik |
| forge | 5.189.158.149 | Forgejo |
| 5.189.158.149 | Mailcow | |
| vpn | 5.189.158.149 | Headscale |
| vault | 5.189.158.149 | Vaultwarden |
| autodiscover | 5.189.158.149 | Mailcow |
| autoconfig | 5.189.158.149 | Mailcow |
Split DNS Mappings (Tailscale)
| Domain | Tailscale IP | Server |
|---|---|---|
| auth.echo6.co | 100.64.0.4 | Contabo |
| forge.echo6.co | 100.64.0.4 | Contabo |
| mail.echo6.co | 100.64.0.4 | Contabo |
| vpn.echo6.co | 100.64.0.4 | Contabo |
| vault.echo6.co | 100.64.0.4 | Contabo |
| docs.echo6.co | 100.64.0.4 | Contabo |
| stream.echo6.co | 100.64.0.7 | PeerTube |
| notes.echo6.co | 100.64.0.22 | Cloud |
Last updated: 2026-02-05