GMC Server (Gateway Management Controller)¶
Manual Service - Not Managed by Domain Manager
GMC uses UDP port forwarding via Docker relay, NOT Traefik. The domain entry in Domain Manager has service_type: manual to prevent accidental misconfiguration.
Overview¶
| Property | Value |
|---|---|
| Domain | gmc.microshare.eu |
| Public IP | 51.68.235.106 (hub2) |
| Protocol | UDP |
| Port | 39015 |
| Backend | VM 2912 (gmc-server) via WireGuard |
| Backend IP | REDACTED_IP |
| Service Type | manual (externally managed) |
Architecture¶
XE300 Gateway (Internet)
│
▼ UDP 39015
hub2 public IP (51.68.235.106)
│
▼ Binds directly (host networking)
gmc-relay container (socat)
│
▼ UDP forward to REDACTED_IP:39015
WireGuard VPN (wg-uk interface)
│
▼
GMC Server (REDACTED_IP:39015)
VM 2912 on px1-silverstone
Why This Architecture¶
- UDP, not HTTP/HTTPS - Traefik handles HTTP traffic; UDP requires special handling
- No SSL termination - Raw UDP packets forwarded directly
- WireGuard VPN - GMC server is reachable via WireGuard for stable connectivity
- Docker-managed - Declarative config in docker-compose.yml, auto-restart
- IoT devices - XE300 gateways have hardcoded server address
Configuration¶
Docker Service¶
The relay is defined in /opt/charliehub/docker-compose.yml:
gmc-relay:
image: alpine/socat:latest
container_name: charliehub_gmc_relay
restart: unless-stopped
network_mode: host
command: UDP-LISTEN:39015,fork,reuseaddr UDP:${GMC_IP}:${GMC_PORT}
labels:
- "traefik.enable=false"
Environment Variables¶
In /opt/charliehub/.env:
# GMC Server via WireGuard (VM 2912 on px1)
GMC_IP=REDACTED_IP
GMC_PORT=39015
UFW Rule¶
UDP 39015 is allowed through UFW:
sudo ufw status | grep 39015
# 39015/udp ALLOW Anywhere # GMC WireGuard for XE300 gateways
GMC Server (VM 2912)¶
The GMC server runs on VM 2912 (px1-silverstone, UK homelab):
| Property | Value |
|---|---|
| VM ID | 2912 |
| Hostname | gmc-server |
| Proxmox Host | px1-silverstone |
| LAN IP | REDACTED_IP |
Verification¶
Check relay is running¶
docker ps | grep gmc-relay
docker logs charliehub_gmc_relay
Check port is listening¶
sudo ss -ulnp | grep 39015
# Should show socat listening on *:39015
Check WireGuard connectivity to GMC¶
# From hub2
ping REDACTED_IP
# Check WireGuard interface
sudo wg show wg-uk
Check XE300 connectivity¶
On the XE300 gateway:
wg show
# Should show:
# latest handshake: X seconds ago
# transfer: XX KiB received, XX KiB sent
Troubleshooting¶
XE300 not connecting (0 B received)¶
-
Check relay is running:
docker ps | grep gmc-relay -
Check GMC server is reachable via WireGuard:
ping REDACTED_IP -
Check GMC service is listening:
# From hub2 or any WireGuard-connected device nc -uvz REDACTED_IP 39015 -
Check UFW allows UDP 39015:
sudo ufw status | grep 39015
Relay not starting¶
# Check logs
docker logs charliehub_gmc_relay
# Verify env vars are set
grep GMC /opt/charliehub/.env
# Restart
cd /opt/charliehub && docker compose restart gmc-relay
Operations¶
Restart the relay¶
cd /opt/charliehub && docker compose restart gmc-relay
Update GMC IP¶
If GMC server moves or gets a new IP:
# 1. Update .env
nano /opt/charliehub/.env
# Change GMC_IP=REDACTED_IP to new IP
# 2. Restart relay
cd /opt/charliehub && docker compose restart gmc-relay
View traffic¶
# Watch relay logs
docker logs -f charliehub_gmc_relay
# Watch packet counts on hub2
sudo tcpdump -i any udp port 39015 -c 10
Dependencies¶
| Component | Required For |
|---|---|
| WireGuard (wg-uk) | Route to UK homelab (10.44.x.x) |
| UFW rule | Allow UDP 39015 through firewall |
| Docker | Run gmc-relay container |
| socat | UDP forwarding |
Related Documentation¶
- hub2 - Central hub where relay runs
- WireGuard VPN - VPN connectivity
- Network Layout - Overall network architecture