hub2 (OVH Dedicated Server)¶

hub2 is the central services hub running on an OVH dedicated server. It hosts all public-facing charliehub services and acts as the main entry point for all HTTPS traffic.

Overview¶

Property	Value
Hostname	hub2
Public IP	51.68.235.106
WireGuard IPs	wg-uk: REDACTED_IP, wg-fr: REDACTED_IP
Location	OVH Datacenter
OS	Ubuntu 24.04
Purpose	Central services hub

Migration from hub1

hub2 replaced hub1 (151.80.58.99) which was taken offline after a DDoS attack. All services were migrated to a new dedicated server with WireGuard VPN for homelab connectivity.

Services¶

Service	Container	Port	Domain
Traefik	charliehub-traefik	80, 443	traefik.charliehub.net
Authelia SSO	charliehub_authelia	9091	auth.charliehub.net
Domain Manager	charliehub_domain_manager_v3	8001	domains.charliehub.net
UniFi API	charliehub_unifi_api	8002	unifi.charliehub.net
Docs	charliehub_docs_mkdocs	8000	docs.charliehub.net
Code Server	charliehub_code_server	8080	code.charliehub.net
Prometheus	charliehub_prometheus	9090	prometheus.charliehub.net
Grafana	charliehub_grafana	3000	grafana.charliehub.net
PostgreSQL	charliehub-postgres	5432	(internal)
Redis	charliehub_authelia_redis	6379	(internal)
GMC Relay	charliehub_gmc_relay	39015/udp	UDP forwarding

Disabled Services¶

Service	Reason
DDNS	Static IP (51.68.235.106) - no longer needed

Manual Services (Non-Traefik)¶

Externally Managed

These services bypass Traefik and use Docker relay containers for UDP forwarding. See their individual documentation for configuration details.

Service	Port	Backend	Documentation
GMC Server	UDP 39015	VM 2912 via WireGuard	GMC Docs

Docker Containers¶

# Check running containers (hub2 uses ubuntu user)
ssh ubuntu@51.68.235.106 docker ps

# Or with SSH config alias
ssh hub2 docker ps

Key Directories¶

Path	Purpose
`/opt/charliehub/`	Main application directory
`/opt/charliehub/docker-compose.yml`	Service orchestration
`/opt/charliehub/.env`	Secrets and credentials
`/opt/charliehub/traefik/`	Traefik config and certs
`/opt/charliehub/authelia/`	Authelia SSO config
`/opt/charliehub/domain-manager/`	Domain Manager app
`/opt/charliehub/unifi-api/`	UniFi Network API
`/opt/charliehub/monitoring/`	Prometheus + Grafana

Health Checks¶

# All services via internal endpoints
curl http://localhost:8001/health  # Domain Manager
curl http://localhost:8002/health  # UniFi API
curl http://localhost:9091/api/health  # Authelia
curl http://localhost:9090/-/healthy  # Prometheus

# Via public endpoints
curl https://domains.charliehub.net/health
curl https://auth.charliehub.net/api/health

UniFi API Multi-Controller¶

The UniFi API manages both UK and FR UniFi Cloud Gateways:

# List controllers and status
curl https://unifi.charliehub.net/api/controllers

# Get clients from UK controller
curl "https://unifi.charliehub.net/api/clients?controller=uk"

# Get clients from FR controller
curl "https://unifi.charliehub.net/api/clients?controller=fr"

# Get all clients from both controllers
curl https://unifi.charliehub.net/api/all-clients

Common Operations¶

Restart all services¶

cd /opt/charliehub && docker compose restart

Restart a specific service¶

cd /opt/charliehub && docker compose restart unifi-api

View logs¶

docker logs charliehub_unifi_api --tail 100 -f

Rebuild after code changes¶

cd /opt/charliehub && docker compose build <service> && docker compose up -d <service>

Update all images¶

cd /opt/charliehub && docker compose pull && docker compose up -d

Traefik Configuration¶

hub2 runs the parent Traefik that handles all incoming HTTPS traffic:

Terminates TLS for most services
TCP passthrough to parking infrastructure's child Traefik
Let's Encrypt certificate management

# Check Traefik logs
docker logs charliehub-traefik --tail 50

# Reload dynamic config
docker kill -s HUP charliehub-traefik

WireGuard VPN¶

hub2 connects to homelabs via WireGuard VPN:

Interface	IP	Routes To
wg-uk	REDACTED_IP	UK homelab (REDACTED_SUBNET)
wg-fr	REDACTED_IP	FR homelab (REDACTED_SUBNET)

# Check WireGuard status
sudo wg show

# Test homelab connectivity
ping REDACTED_IP  # px1
ping REDACTED_IP  # px5

Monitoring¶

Prometheus Targets¶

Target	Endpoint
hub2 node metrics	51.68.235.106:9100
Prometheus self	localhost:9090

Grafana Access¶

URL: https://grafana.charliehub.net
Default user: admin
Password: See /opt/charliehub/.env (GRAFANA_ADMIN_PASSWORD)

Troubleshooting¶

Service not responding¶

# Check container status
docker compose ps

# Check logs
docker logs <container_name> --tail 100

# Restart container
docker compose restart <service>

Traefik not routing¶

# Check Traefik dashboard
curl http://localhost:8091/api/overview

# Check routers
curl http://localhost:8091/api/http/routers

# Verify certificates
ls -la /opt/charliehub/traefik/certs/

Can't reach homelab services¶

# Check WireGuard status
sudo wg show

# Check routes
ip route | grep -E "10.44|10.35"

# Test connectivity
ping REDACTED_IP   # UK UCG
ping REDACTED_IP   # FR UCG

Backup¶

Critical data to backup:

Path	Content
`/opt/charliehub/.env`	All secrets
`/opt/charliehub/authelia/`	SSO config and users
`/opt/charliehub/traefik/certs/`	Let's Encrypt certs
`/opt/charliehub/monitoring/grafana/data/`	Grafana dashboards
`/opt/charliehub/monitoring/prometheus/data/`	Metrics history
`/opt/charliehub/postgres/data/`	PostgreSQL data (domains DB)

PostgreSQL Backup¶

Domain Manager data is stored in PostgreSQL (charliehub-postgres):

# Dump domains database
docker exec charliehub-postgres pg_dump -U charliehub charliehub_domains > domains_backup.sql

# Restore
docker exec -i charliehub-postgres psql -U charliehub charliehub_domains < domains_backup.sql

Network Layout - Complete network architecture
WireGuard VPN - VPN connectivity to homelabs
Cluster Overview - Overall architecture