Glossary¶
Plain-language decoder for the technical terms used elsewhere in this repo. If a term in any doc isn't here, please add it.
Hosting & infrastructure¶
- VPS (Virtual Private Server): a rented slice of a physical computer in a data centre. Cheaper than a full server, isolated from other tenants.
- Bare VM / bare metal: a single server (physical or virtual) running our software directly, with no orchestrator on top.
- Container: a self-contained, portable software bundle. Like a shipping container — same package runs anywhere.
- Docker: the most common tool for running containers.
- Orchestrator: software that decides which containers run where and restarts them when they fail. Examples we use: Portainer, Dokploy.
- Portainer: a web dashboard for managing Docker containers across one or more hosts.
- Dokploy: a self-hosted "platform-as-a-service" — push code, it builds + deploys it. Similar to Heroku/Vercel, but on our own servers.
- Watchtower: automation that watches for new versions of our containers and updates them.
- Reverse proxy: a piece of software that sits in front of our apps and routes incoming web traffic to the right one (also handles HTTPS). Common ones: Traefik, Caddy, Nginx.
- TLS / SSL certificate: what makes the padlock appear in the browser. Encrypts traffic between user and app. Let's Encrypt issues them for free; commercial CAs charge.
Networking¶
- Public IP: the internet-reachable address of a server. Anyone can attempt to connect.
- Private / internal IP: an address only reachable from inside our own network.
- Wireguard: the VPN we use. When connected, your laptop is "inside" our private network and can reach internal-only services.
- Port: a numbered door on a server. 443 is HTTPS, 22 is SSH, 5432 is PostgreSQL, etc.
- DNS: the phonebook that maps names like
parallax.projecteidos.comto IP addresses.
Identity & secrets¶
- SSO (Single Sign-On): log in once, get into multiple apps. We use Authentik for this.
- Authentik: our SSO/identity provider. It's the thing apps trust to confirm "yes, this is Adam".
- MFA / 2FA: multi-factor / two-factor authentication. A second proof beyond a password (authenticator app, security key).
- Vault (HashiCorp Vault): our secret-storage system at
vault.448.global. All passwords, API keys, and certificates should live here, not in code or.envfiles. - API key / token: a long random string that acts as a password for one app to talk to another.
Software development¶
- Repo (repository): a folder of source code tracked by Git.
- GitLab: our self-hosted version of GitHub at
git.projecteidos.com. Stores code, runs CI/CD pipelines. - CI/CD: Continuous Integration / Continuous Deployment. Automation that runs tests on every code change and deploys passing builds.
- Pipeline: the sequence of automated steps a code change goes through (test → build → deploy).
- Dependency: a third-party software library our code relies on.
Data¶
- Database: structured storage for our application data. Common types: PostgreSQL (relational), MySQL (relational), Oracle (relational, enterprise), MongoDB (document), Redis (key-value/cache).
- Object storage: dumb storage for files (images, videos, backups). We use MinIO at
s3.448.global, which speaks the same language as Amazon S3. - PII (Personally Identifiable Information): any data that can identify a person — names, emails, phone numbers, addresses, government IDs.
- Backup: a copy of data taken at a point in time, stored separately, so we can recover if the primary is lost or corrupted.
- Restore test: actually using a backup to bring data back. A backup that has never been restored is not yet proven to work.
Operations & risk¶
- SPOF (Single Point of Failure): a component whose failure brings down a service. Eliminating SPOFs is core to "professional-grade" operation.
- High Availability (HA): designed so the system survives the loss of any one component without downtime.
- DR (Disaster Recovery): the plan and tooling to restore service after a major incident (data centre fire, ransomware, etc.).
- RTO (Recovery Time Objective): how long we're willing to be down. "Our RTO is 4 hours" means within 4 hours of an outage we expect to be running again.
- RPO (Recovery Point Objective): how much data we're willing to lose. "Our RPO is 1 hour" means we accept losing up to 1 hour of recent data.
- SLO / SLA: Service Level Objective (internal target) / Service Level Agreement (contractual promise). E.g. "99.9% uptime".
- Incident: an unplanned event that degrades or breaks a service.
- Runbook: a written, step-by-step procedure for handling a specific problem.
- Maturity (hobby / trial / professional): our internal label for how production-ready an app is.
- Hobby: runs because someone set it up once. No backups, no monitoring, single host, manual everything.
- Trial: monitored, has some backups, but unverified, with manual recovery.
- Professional: redundant, monitored, alerted, backed up and restore-tested, deploy automated, secrets in Vault, owner identified, runbook exists.
Specific products in our stack¶
| Product | What it is |
|---|---|
| Authentik | SSO / identity provider |
| Beszel | Lightweight server-monitoring dashboard |
| Coder | Web-based developer environments |
| Dokploy | Self-hosted PaaS — git-push deploys |
| Draw.io | Web-based diagramming tool |
| GitLab | Source control + CI/CD |
| Gotify | Self-hosted push-notification server |
| HashiCorp Vault | Secret store |
| IT Tools | Bundle of small developer/sysadmin utilities |
| MinIO | S3-compatible object storage |
| n8n | Visual workflow automation (like Zapier, self-hosted) |
| Open WebUI | Web chat front-end for self-hosted LLMs |
| Oracle APEX | Low-code database-app platform from Oracle |
| PeerTube | Self-hosted video platform (likely what powers PE Tube) |
| Portainer | Docker container management UI |
| SQLcl | Oracle's command-line SQL client |
| Watchtower | Automatic container-image updater |
| WireGuard | Modern VPN protocol |
| WordPress | The most-used content management system on the web |