Servers¶
The physical layer — every individual VPS / VM / managed-DB instance the organization runs apps on.
Total inventory: 3 OCI VPSes + 5 ADBs, all in
uk-london-1. General hosting rule: all PE-side apps (including WordPress) live on Dokploy (E2) in EIDOSDev1; apps on*.448.globallive on the single Free VPS (O1) in ORA448Global.Dual ingress to E2 (confirmed via OCI console 2026-05-06): - E1 (Caddy proxy) at
140.238.97.163— fronts subdomain hostnames (bot.,git.,platform.,crm.*, etc.) and proxies to E2 over the internal network. - E2 (Dokploy / Traefik) at145.241.230.130— receives WordPress apex traffic directly (DNS points apex domains here), plus proxied subdomain traffic from E1.
Inventory at a glance¶
EIDOSDev1 tenancy¶
| # | Resource | Type | Tier | Spec | Compartment | Hosts |
|---|---|---|---|---|---|---|
| E1 | Caddy proxy VPS | Compute (Ampere A1) | Always Free | 1 vCPU / 6 GB RAM | [INFO NEEDED] |
Caddy reverse proxy fronting all PE apps |
| E2 | Dokploy VPS | Compute (Ampere A1) | Always Free | 3 vCPU / 18 GB RAM | [INFO NEEDED] |
Dokploy + every PE app |
| E3 | TnE Connect (Eidos) ADB | Autonomous DB (APEX) | Always Free | 1 OCPU / 20 GB | [INFO NEEDED] |
PE Workforce (eidos-global.tneconnect.app) and apex1.projecteidos.com |
| E4 | Fourway TnE ADB | Autonomous DB (APEX) | Always Free | 1 OCPU / 20 GB | FOURWAY |
Fourway tenant (fourway.tneconnect.app) and apex2.projecteidos.com |
| E5 | Parallax ADB | Autonomous DB (APEX-only) | Paid | [INFO NEEDED] |
UR |
Parallax prod + pre-prod (parallax.projecteidos.com) and apex-ur.projecteidos.com |
ORA448Global tenancy¶
| # | Resource | Type | Tier | Spec | Compartment | Hosts |
|---|---|---|---|---|---|---|
| O1 | All-in-one VPS | Compute (Ampere A1) | Always Free | [INFO NEEDED] (likely 4/24) |
[INFO NEEDED] |
Caddy + Portainer + every *.448.global app + Watchtower + n8n + custom SQLcl image |
| O2 | APEX1 448 ADB | Autonomous DB (APEX) | Always Free | 1 OCPU / 20 GB | [INFO NEEDED] |
apex1.448.global — internal dev / CI/CD |
| O3 | APEX2 448 ADB | Autonomous DB (APEX) | Always Free | 1 OCPU / 20 GB | [INFO NEEDED] |
apex2.448.global — internal dev / CI/CD |
Critical insight: every Free ADB serves two URLs (a "branded" one + an
apex*.projecteidos.comadmin/dev one). Same ADB → same blast radius for both.
Single-host blast radius¶
| Server | Apps hosted | Blast radius |
|---|---|---|
| O1 (ORA448Global Free VPS) | ~15 apps + Watchtower + n8n + SQLcl image — every *.448.global service |
Total internal-tooling outage. Vault and Authentik are Tier-0; their loss cascades. |
| E2 (EIDOSDev1 Dokploy VPS) | Dokploy + Teams Bot + 3 WordPress sites + 3 Twenty CRMs + GitLab + (any future Dokploy-deployed app) | Total PE-side product outage, including the source-control system (GitLab) and the 3 customer-visible WordPress sites. Recovery requires this server and its env-vars / DB. |
| E1 (EIDOSDev1 Caddy VPS) | Single Caddy fronting subdomain hostnames | Every PE subdomain stops resolving even though backends are up. WP apex domains keep working (they bypass E1). Caddyfile is on-host only — recently caused a real outage. |
| E5 (Parallax Paid ADB) | Parallax prod + pre-prod in same DB | Bad migration in pre-prod can corrupt or lock prod. No isolation. |
| E3, E4 (Free ADBs) | TnE Connect tenants (paying-customer-facing) | Free Tier auto-pauses after 7 days idle; no SLA. |
These are the Phase-2 priorities for replication / failover / professional-grade uplift.
Per-server detail¶
E1 — EIDOSDev1 Caddy proxy VPS¶
| Field | Value |
|---|---|
| Tenancy | EIDOSDev1 |
| Instance OCID | ocid1.instance.oc1.uk-london-1.anwgiljrbm2l2oickmz6rrbvwz7f4lxmzcvpoxqyzl47gw45spnpo5h2y6ra |
| Compartment | Dev |
| Provider plan | OCI Compute, Ampere A1 (VM.Standard.A1.Flex), Always Free |
| Region | uk-london-1 |
| vCPU / RAM | 1 vCPU / 6 GB RAM |
| Disk | [INFO NEEDED] GB block volume |
| Public IP(v4) | 140.238.97.163 |
| Internal / Wireguard IP | [INFO NEEDED] |
| OS | [INFO NEEDED] |
| Container runtime | [INFO NEEDED] |
| Reverse proxy | Caddy |
| TLS issuance | [INFO NEEDED] (Caddy auto-LE typical) |
| Caddyfile location | on host only — NOT in Git this caused a recent outage; Phase-2 priority |
| Hosts (apps) | Caddy only |
| Backup snapshot policy | none — see KI-038 |
| Beszel agent | [INFO NEEDED] |
| Watchtower | no — not yet covered |
| Strategic note | This is the reverse proxy that lets us avoid paying ~£500/month for Oracle's "vanity URL enabled ADB" tier. Hosting our own Caddy on Free Tier saves the upcharge across all five ADBs. |
Hostnames routed through E1's Caddy (subdomain DNS points here; WordPress apex bypasses E1 and goes direct to E2):
| Hostname | DNS A → | E1 forwards to |
|---|---|---|
parallax.projecteidos.com |
E1 | E5 (Paid ADB ORDS) |
apex-ur.projecteidos.com |
E1 | E5 (same Paid ADB) |
apex1.projecteidos.com |
E1 | E3 (same Free ADB as eidos-global.tneconnect.app) |
apex2.projecteidos.com |
E1 | E4 (same Free ADB as fourway.tneconnect.app) |
eidos-global.tneconnect.app |
E1 | E3 |
fourway.tneconnect.app |
E1 | E4 |
bot.projecteidos.com |
E1 | E2 (Teams Bot container) |
platform.projecteidos.com |
E1 | E2 (Dokploy admin) |
git.projecteidos.com |
E1 | E2 (GitLab container) |
crm.eidos-global.com |
E1 | E2 (Twenty CRM UK container) |
in.crm.eidos-global.com |
E1 | E2 (Twenty CRM IN container) |
crm.tneconnect.app |
E1 | E2 (Twenty CRM TnE container) |
Hostnames bypassing E1, going direct to E2's Traefik (apex DNS points to E2 = 145.241.230.130):
| Hostname | DNS A → | E2 routes to |
|---|---|---|
projecteidos.com (apex) |
E2 | WordPress container (301 → eidos-global.com) |
eidos-global.com (apex) |
E2 | EIDOS Global WordPress container |
tneconnect.app (apex) |
E2 | TnE Connect WordPress container |
E2 — EIDOSDev1 Dokploy VPS¶
| Field | Value |
|---|---|
| Tenancy | EIDOSDev1 |
| Instance OCID | ocid1.instance.oc1.uk-london-1.anwgiljtbm2l2oicsz2npzclars3a3v5gu6xya4vpohnjygv7wiievozrwqa |
| Compartment | Dev |
| Provider plan | OCI Compute, Ampere A1, Always Free |
| Region | uk-london-1 |
| vCPU / RAM | 3 vCPU / 18 GB RAM |
| Disk | [INFO NEEDED] GB block volume |
| Public IP(v4) | 145.241.230.130 |
| Internal / Wireguard IP | [INFO NEEDED] |
| OS | [INFO NEEDED] |
| Container runtime | Docker (Dokploy default) |
| Reverse proxy on box | Traefik (Dokploy bundles it) |
| Hosts (apps) | Dokploy itself + every Dokploy-deployed app (9 in total) |
| Backup snapshot policy | none — see KI-038 |
| Beszel agent | [INFO NEEDED] |
| Watchtower | no — Dokploy apps have no auto-update mechanism today; gap to fix |
Apps on E2 (full enumeration):
| Hostname | App | Reached via | App doc |
|---|---|---|---|
platform.projecteidos.com |
Dokploy itself | E1 Caddy | 18-dokploy.md |
git.projecteidos.com |
GitLab self-hosted | E1 Caddy | 16-gitlab.md |
bot.projecteidos.com |
Teams Bot (Next.js) | E1 Caddy | 07-teams-bot.md |
crm.eidos-global.com |
Twenty CRM (UK) | E1 Caddy | 04-crm-uk.md |
in.crm.eidos-global.com |
Twenty CRM (IN) | E1 Caddy | 05-crm-in.md |
crm.tneconnect.app |
Twenty CRM (TnE) | E1 Caddy | 06-crm-tne.md |
projecteidos.com (apex) |
PE WordPress (301 → eidos-global) | direct (apex DNS to E2) | 11-pe-wordpress.md |
eidos-global.com (apex) |
EIDOS Global WordPress | direct (apex DNS to E2) | 12-eidos-global-wordpress.md |
tneconnect.app (apex) |
TnE Connect WordPress | direct (apex DNS to E2) | 13-tne-connect-wordpress.md |
9 apps on a single 3-vCPU Free VPS, including GitLab and 3 WordPress sites. GitLab alone is normally sized at 8 GB RAM dedicated; co-tenanting it with WordPress × 3 + Twenty CRM × 3 + Next.js bot is aggressive resource packing. Performance and resilience risk both compound here.
E3 — EIDOSDev1 TnE Connect (Eidos) Free ADB¶
| Field | Value |
|---|---|
| Tenancy | EIDOSDev1 |
| Compartment | [INFO NEEDED] |
| Type | Oracle Autonomous Database, Always Free |
| Workload | APEX |
| Spec | 1 OCPU / 20 GB storage (Free Tier limits) |
| Region | uk-london-1 |
| ADB instance name | [INFO NEEDED] |
| ADB OCID | [INFO NEEDED] |
| Hostnames served | eidos-global.tneconnect.app and apex1.projecteidos.com |
| Auto-pause after 7 days idle | yes (Free Tier behavior) |
| Backup retention | 60 days automated (Oracle-managed) |
| ADB ADMIN — Vault path | [INFO NEEDED] |
Both URLs point to the same ADB; same APEX workspace likely with multiple apps. A pause/outage takes both URLs down simultaneously.
E4 — EIDOSDev1 Fourway TnE Free ADB¶
| Field | Value |
|---|---|
| Tenancy | EIDOSDev1 |
| Compartment | FOURWAY |
| Type | Oracle Autonomous Database, Always Free |
| Workload | APEX |
| Spec | 1 OCPU / 20 GB storage |
| Region | uk-london-1 |
| ADB instance name | [INFO NEEDED] |
| ADB OCID | [INFO NEEDED] |
| Hostnames served | fourway.tneconnect.app and apex2.projecteidos.com |
| Auto-pause after 7 days idle | yes |
| Backup retention | 60 days automated |
| ADB ADMIN — Vault path | [INFO NEEDED] |
Fourway is a paying client running on Free Tier auto-pausing infra. Both URLs share blast radius.
E5 — EIDOSDev1 Paid ADB (Parallax)¶
| Field | Value |
|---|---|
| Tenancy | EIDOSDev1 |
| Compartment | UR |
| Type | Oracle Autonomous Database, Paid |
| Workload | APEX-only |
| Spec (OCPU / storage) | [INFO NEEDED] |
| Region | uk-london-1 |
| ADB instance name | [INFO NEEDED] |
| ADB OCID | [INFO NEEDED] |
| Hostnames served | parallax.projecteidos.com and apex-ur.projecteidos.com |
| Hosts | Parallax prod + pre-prod (same ADB) |
| Auto-scale enabled | [INFO NEEDED] |
| Backup retention | [INFO NEEDED] |
| Cross-region DR | none (single-region uk-london-1) |
| ADB ADMIN — Vault path | [INFO NEEDED] |
O1 — ORA448Global all-in-one VPS¶
| Field | Value |
|---|---|
| Tenancy | ORA448Global |
| Instance OCID | ocid1.instance.oc1.uk-london-1.anwgiljrhprog4acbvjayc7q7w3qrtb3x2lnsi5f4enwnsnzfemyguck4m4q |
| Compartment | DotConnect (also referred to as DC) |
| Provider plan | OCI Compute, Ampere A1, Always Free |
| Region | uk-london-1 |
| vCPU / RAM | 4 vCPU / 24 GB RAM (full Free-Tier Ampere A1 headroom) |
| Disk | [INFO NEEDED] |
| Public IP(v4) | 140.238.90.91 |
| Internal / Wireguard IP | [INFO NEEDED] |
| OS | [INFO NEEDED] |
| Container runtime | Docker, managed via Portainer |
| Reverse proxy | Caddy |
| TLS issuance | [INFO NEEDED] (Caddy auto-LE typical) |
| Caddyfile location | on host only — NOT in Git |
| Hosts (apps) | Caddy + Portainer + ~13 *.448.global apps + Watchtower + n8n + custom SQLcl image |
| Backup snapshot policy | scheduled — ~£15/month: • Weekly incremental, midnight Sunday, 4-week retention • Monthly incremental, midnight 1st of month, 12-month retention • Yearly incremental, first part of January, 5-year retention |
| Beszel agent | self-monitoring (Beszel server itself is here) |
| Watchtower | yes — covers *.448.global containers only |
Apps on O1 (full enumeration):
| Hostname | App | App doc |
|---|---|---|
auth.448.global |
Authentik | 14-authentik.md |
vault.448.global |
Vault | 15-vault.md |
s3.448.global |
MinIO | 17-minio.md |
portainer.448.global |
Portainer | 19-portainer.md |
wg.448.global |
Wireguard portal | 20-wireguard.md |
monitor.448.global |
Beszel | 21-beszel.md |
notify.448.global |
Gotify | 23-gotify.md |
coder.448.global |
Coder | 24-coder.md |
n8n.448.global |
n8n (also runs CI/CD pipelines for the SQLcl image) | 25-n8n.md |
ai.448.global |
Open WebUI | 26-open-webui.md |
draw.448.global |
Draw.io | 27-drawio.md |
tools.448.global |
IT Tools | 28-it-tools.md |
videos.448.global |
PE Tube | 29-pe-tube.md |
| (background daemon) | Watchtower | 22-watchtower.md |
| (utility container) | Custom SQLcl image (Alpine-based) | 32-sqlcl-container.md |
Active operational issue on O1: the SQLcl container has no static internal Docker IP — it picks up
172.0.0.xxaddresses that change on restart, breaking n8n CI/CD pipelines that hard-code the IP. Phase-2: assign a static internal IP / use Docker network alias / DNS.
O2 — ORA448Global APEX1 Free ADB¶
| Field | Value |
|---|---|
| Tenancy | ORA448Global |
| Type | Oracle Autonomous Database, Always Free |
| Spec | 1 OCPU / 20 GB |
| Region | uk-london-1 |
| Hostname served | apex1.448.global |
| Auto-pause after 7 days idle | yes |
| Use | Internal dev environment + CI/CD experimentation |
| ADB ADMIN — Vault path | [INFO NEEDED] |
O3 — ORA448Global APEX2 Free ADB¶
| Field | Value |
|---|---|
| Tenancy | ORA448Global |
| Type | Oracle Autonomous Database, Always Free |
| Spec | 1 OCPU / 20 GB |
| Region | uk-london-1 |
| Hostname served | apex2.448.global |
| Auto-pause after 7 days idle | yes |
| Use | Internal dev environment + CI/CD experimentation |
| ADB ADMIN — Vault path | [INFO NEEDED] |
Summary: ADB hostname matrix¶
| ADB | Tenancy | Tier | Hostnames |
|---|---|---|---|
| E5 | EIDOSDev1 | Paid | parallax.projecteidos.com, apex-ur.projecteidos.com |
| E3 | EIDOSDev1 | Free | eidos-global.tneconnect.app, apex1.projecteidos.com |
| E4 | EIDOSDev1 | Free | fourway.tneconnect.app, apex2.projecteidos.com |
| O2 | ORA448Global | Free | apex1.448.global |
| O3 | ORA448Global | Free | apex2.448.global |
The 5 ADBs serve 9 distinct hostnames.
Open items¶
- ~~Verify E1/E2 IP assignment via OCI console~~ — confirmed; OCIDs captured.
- ~~Compartments per server (E1, E2, O1)~~ — confirmed: E1+E2 in
Dev, O1 inDotConnect(DC). - ~~O1 instance OCID~~ — captured.
- Internal / Wireguard IPs of all 3 VPSes —
[INFO NEEDED] - ADB instance names + OCIDs for E3, O2, O3 —
[INFO NEEDED](E4 = APEX2, E5 = UR-Prod, EIDOSDev for E3 captured) - Whether Beszel agents run on E1, E2 —
[INFO NEEDED] - Why does E2 have apex DNS pointed direct (bypassing E1)? Most likely a Dokploy convention where each app's primary domain is bound directly. Worth confirming whether this was intentional or a migration artefact — if intentional, it means E1's blast-radius excludes WP, which is good news.