Service Port Map

caneast-site1-node3 (REDACTED)

Port	Service	Notes
2222	SSH	Hardened -- not port 22
1880	Node-RED	Flow automation
5601	Kibana	Log visualization
8443	Infisical	Self-hosted, nginx TLS proxy
9001	Portainer Agent	Docker agent
9090	k3s metrics	Prometheus scrape target
9100	Node Exporter	Prometheus scrape target
6443	k3s API	Kubernetes API server
30080	AWX	k3s NodePort

Background services (no external port): - CrowdSec -- intrusion prevention - CrowdSec Cloudflare bouncer -- edge IP banning - Suricata -- IDS/IPS - nginx-WAF -- web application firewall - Elasticsearch -- log storage - Logstash -- log pipeline - cloudflare-ddns -- dynamic DNS updater - certbot -- TLS certificate renewal - peries-ca -- internal portfolio mirror

caneast-site1-node2 (REDACTED)

Port	Service	Notes
2222	SSH	Hardened
80	Nginx Proxy Manager	HTTP reverse proxy
81	Nginx Proxy Manager Admin
443	Nginx Proxy Manager	HTTPS reverse proxy
3000	Homepage	Dashboard
3001	Uptime Kuma	Uptime monitoring
3002	Grafana	Metrics visualization
3080	AdGuard Home	DNS + ad blocking admin UI
8000	Portainer Edge Agent
8086	InfluxDB	Time series database
8123	Home Assistant	Home automation
9443	Portainer	HTTPS admin
9100	Node Exporter	Prometheus scrape target
20211	NetAlertX UI	Network scanner web UI
20212	NetAlertX API	GraphQL backend
61208	Glances	System monitoring

Background services (no external port): - Telegraf -- metrics collector - Diun -- Docker image update notifier

caneast-site1-node1 (REDACTED)

Port	Service	Notes
22	SSH	RPi -- standard port
53	DNS	PiHole/AdGuard DNS resolver
80	WireGuard Dashboard	HTTP
443	WireGuard Dashboard	HTTPS
10086	WireGuard Dashboard	Alt port

caneast-site1-mqtt1 (REDACTED)

Port	Service	Notes
22	SSH	RPi -- standard port
1883	Mosquitto MQTT	OT broker -- isolated network

CanEast AI Node (REDACTED)

Port	Service	Notes
3000	Open WebUI	Ollama frontend
11434	Ollama API	GPU-accelerated, Qwen3:4b
18789	OpenClaw	AI agent + Telegram bot backend