caneast-site1-node3 Docker Services Inventory¶
Node: CanEast Server, REDACTED, Ubuntu 25.10
Docker Compose path: /home/operator/platform/
Last updated: 2026-04-07
Services Status Summary¶
| Service | Stack | Status | Notes |
|---|---|---|---|
| Infisical | infisical | Running | Core secrets platform |
| Infisical DB | infisical | Running | PostgreSQL backend |
| Infisical Redis | infisical | Running | Cache layer |
| Infisical nginx-waf | infisical | Restarting | Known issue -- investigate |
| Elasticsearch | logging | Restarting | Known issue -- investigate |
| Logstash | logging | Running | Log aggregation |
| Kibana | logging | Running | Log visualization |
| CrowdSec | security | Running | Intrusion prevention |
| CrowdSec Cloudflare Bouncer | security | Running | DDoS/bot protection |
| Suricata | security | Running | IDS/IPS |
| Nginx (reverse proxy) | network | Running | TLS termination, routing |
| Portainer agent | management | Running | Docker management API |
| Node-RED | iot | Running | IoT automation platform |
| certbot | management | Running | Let's Encrypt certificate renewal |
| peries-ca | services | Running | Portfolio site generator |
| cloudflare-ddns | network | Running | DDNS for peries.ca domain |
Full Service List by Stack¶
Infisical (secrets platform)¶
infisical - Core application server
infisical-db - PostgreSQL database (port 5432 internal)
infisical-redis - Redis cache (port 6379 internal)
infisical-nginx - TLS termination reverse proxy (port 8443 external)
Security & Intrusion Prevention¶
crowdsec - Intrusion detection and remediation
crowdsec-cf-bouncer - Cloudflare bouncer for CrowdSec
suricata - Network IDS/IPS (monitoring lan-bridge and other interfaces)
Logging & Monitoring¶
elasticsearch - Elastic search engine (port 9200 internal, restarting)
logstash - Log processor and forwarder
kibana - Elasticsearch UI (port 5601 internal)
es-ilm-setup - Elasticsearch Index Lifecycle Management setup job
Network & Routing¶
nginx-waf - Nginx reverse proxy with WAF rules (restarting)
cloudflare-ddns - Dynamic DNS update agent for peries.ca
Application Services¶
node-red - Flow-based automation platform (port 1880 internal)
peries-ca - Portfolio site static generator
portainer_agent - Docker API agent for remote management
Certificate Management¶
CA & PKI¶
Known Issues¶
elasticsearch & nginx-waf in restart loop¶
Both services are restarting repeatedly. Root cause unknown as of 2026-04-07. Needs investigation:
- Check Docker logs:
docker logs <container_name> - Check systemd journal:
journalctl -u docker - Review docker-compose.yml for health checks or resource constraints
- Possible: OOM, resource limits, health check timeouts, missing dependencies
Action item: Create support ticket for investigation.
Access Points¶
| Service | Protocol | Internal Port | External Port | Notes |
|---|---|---|---|---|
| Infisical | HTTPS | 8443 | 8443 | TLS via nginx-waf |
| Elasticsearch | HTTP | 9200 | -- | Internal only |
| Kibana | HTTP | 5601 | -- | Internal only |
| Node-RED | HTTP | 1880 | -- | Internal only |
| Portainer | Agent API | -- | -- | Internal docker.sock |
Resource Monitoring¶
Monitor with:
Storage: Check /home/operator/platform/ disk usage regularly for elasticsearch and logstash volume growth.