DevOps Engine &
Getting Started Guide
Welcome to the Center of AI (CAI) development environment. Multiple developers build, test, and host apps concurrently on this Contabo VPS. Use this guide to deploy safely, configure Caddy proxies, prevent port conflicts, and manage dockerised configurations.
Core Server Rules (Strict Compliance Required)
- Minimum Exposure Rule: Only ports
80(HTTP) and443(HTTPS) should be exposed externally via the firewall/DNS. Caddy manages everything. - Unique Ports Registry: Every project running on the server must occupy a unique port (e.g., 8010, 8020). Coordinate with the team and register your port in the registry below to avoid resource locking!
- Folderization Standard: Folderise and scope all projects neatly inside
~/cai-apps/<project-name>, grouped by team scope. - Gitignore hygiene: Never commit secrets, environment configs (
.env), node_modules, log files, or SSH private keys. Ensure a solid gitignore is in place. - Docker-First: All apps must run within Docker containers. No direct Node/Python runtimes should run raw on the host to avoid version conflicts and memory leak failures.
DevOps Reference Guides
Filter topics or copy quick scripts instantly.
1. Login & SSH Session
Access the server using secure SSH keypairs. Password login has been locked down completely on the Contabo daemon to prevent bot bruteforcing.
ssh root@<CONTABO_IP>
Always exit sessions cleanly to release terminal hooks:
exit
2. Editing Server Files
For rapid config edits, use server-friendly terminal editors like nano or vim.
Avoid editing large application source files on the server directly. Build and deploy them using Git.
3. Project Folderization
Organize projects cleanly within defined directories. Group all production/test apps inside the shared ~/cai-apps root.
mkdir -p ~/cai-apps && cd ~/cai-apps
4. Git & Private Clones
To clone private git repositories securely, you must generate a deployment key on the server and add it to Github/Gitlab.
ssh-keygen -t ed25519 -C "cai-dev-vps"
cat ~/.ssh/id_ed25519.pub
Use deploy keys with Read-Only access in your repositories' Settings -> Deploy Keys to maximize project security.
5. Env Config & Gitignores
Maintain a strict separation between code and secrets. Keep values inside a .env file.
chmod 600 .env
6. Docker Build & Run
Dockerise every application. Do not run processes in background screens directly on the VPS host system.
docker build -t app-name .
docker run -d --name app-name -p 127.0.0.1:8080:8080 --restart always app-name
7. Caddy & Auto-SSL
Caddy sits as the gateway reverse-proxy. It intercepts all HTTPS requests and forwards them internally.
systemctl reload caddy
8. Cron Maintenance
Contabo dev server uses standard Linux crontab routines to run nightly disk cleanups, docker log rotations, and automated backups.
crontab -l
crontab -e
9. Port & Socket Inspector
To inspect active ports, see what processes are running, or identify conflicting local binds, run these diagnostic scripts.
ss -tulpn
netstat -tulpn | grep :8000
Active Port Registry
Review ports currently listening or mapped in Caddy configurations.
| Port Number | Application details | Owner / Agent | Local IP Bind | Proxy domain | Status |
|---|---|---|---|---|---|
| Loading port registry from server api... | |||||
Live Sync: This table reads real-time server sockets from /proc/net/tcp and routing parameters from /etc/caddy/Caddyfile.
If your port is mapped in Caddy but shows OFFLINE, it means the backend application container is down or not bound to that specific port.
Interactive Deploy Script Generator
Configure your project specs below to generate customized setup scripts, Dockerfiles, and Caddy proxy entries.
Troubleshooting logs & Common Errors
Diagnostic definitions for errors often encountered on our Docker/Contabo architecture.
docker: Error response from daemon: driver failed programming external connectivity on endpoint: Bind for 0.0.0.0:8045 failed: port is already allocated.
Another running Docker container or native process has already bound to port 8045 on the host network interfaces.
Run ss -tulpn | grep :8045 to locate the running container, stop it via docker, or switch your project to an unallocated port.
git@github.com: Permission denied (publickey). fatal: Could not read from remote repository. Please make sure you have correct access rights.
The root user ssh key (`~/.ssh/id_ed25519.pub`) is not registered in the target repository's deploy keys, or the ssh agent is not loading the key.
Follow Guide #4. Run cat ~/.ssh/id_ed25519.pub, copy the public key content, and add it to your repo's GitHub Deploy Keys.
systemctl reload caddy Job for caddy.service failed because the control process exited with error code.
Syntax error in the `/etc/caddy/Caddyfile`, missing curly braces, or domains pointing to localhost ports that fail system checks.
Run validation using: caddy validate --config /etc/caddy/Caddyfile or check journal logs using journalctl -u caddy -n 50 --no-pager.