VPS Architecture — Single Source of Truth
VPS Architecture — SSOT
Version: 2.0 | Cập nhật: 2026-03-26 S139. Status: Active (Production) Scope: Toàn bộ hạ tầng VPS Incomex Saigon Corp
I. TỔNG QUAN
VPS là môi trường production duy nhất cho Incomex Business OS. Mọi services chạy Docker trên server này. GCP chỉ còn Secret Manager (~$2/month).
⚠️ MySQL, Firestore, GCS, Firebase Hosting, App Engine, Artifact Registry = TẤT CẢ RETIRED.
II. THÔNG SỐ SERVER
| Thuộc tính | Giá trị |
|---|---|
| Provider | Contabo Cloud VPS 20 |
| IP | 38.242.240.89 |
| Region | European Union |
| OS | Ubuntu 24.04.4 LTS |
| CPU | 6 vCPU (AMD EPYC) |
| RAM | 12 GB |
| Storage | 96 GB NVMe |
| Cost | ~$8/month |
| SSH | ssh contabo (key auth, user root) |
III. DOCKER SERVICES
| Container | Image | Port (internal) | Vai trò |
|---|---|---|---|
| postgres | postgres:16 | 5432 | SOLE DATABASE — Directus + integrity system |
| incomex-qdrant | qdrant/qdrant:latest | 6333 | Vector search cho Agent Data |
| incomex-directus | directus/directus:11.5.1 | 8055 | CMS / Admin UI / API |
| incomex-agent-data | custom build | 8000 | Knowledge Management API |
| incomex-nuxt | custom build | 3000 | Frontend SSR |
| incomex-nginx | nginx:alpine | 80, 443 | Reverse proxy + SSL |
⚠️ PG container =
postgres, KHÔNG PHẢIworkflow-postgres(tên cũ). ⚠️ MySQL container = REMOVED hoàn toàn (S104-S110). ⚠️ Uptime Kuma = đã gỡ. ⚠️ Prefect/Kestra = KHÔNG sử dụng.
IV. NETWORK & DOMAINS
Public Ports (UFW)
| Port | Service |
|---|---|
| 22 | SSH (key auth + Fail2ban) |
| 80 | Nginx HTTP → redirect HTTPS |
| 443 | Nginx HTTPS (Let's Encrypt) |
Domains
| Domain | Target | Vai trò |
|---|---|---|
| vps.incomexsaigoncorp.vn | Nuxt + Agent Data /api | Main site + Knowledge API |
| directus.incomexsaigoncorp.vn | Directus 8055 | Admin CMS |
| ops.incomexsaigoncorp.vn | Directus 8055 (filtered) | AI Agents CRUD |
⚠️
ai.incomexsaigoncorp.vn= REMOVED (PR #452, S107). ⚠️ Firebase Hosting CDN = RETIRED.
V. DATA ARCHITECTURE
| Layer | Technology | Vai trò | Location |
|---|---|---|---|
| Relational | PostgreSQL 16 | ALL data — Directus, triggers, views, guards | VPS Docker |
| Vector | Qdrant | Embeddings | VPS Docker |
| Secrets | Secret Manager | API keys, credentials | GCP |
MySQL= RETIRED.Firestore= RETIRED.GCS= RETIRED.
VI. BACKUP STRATEGY
| What | Schedule | Destination |
|---|---|---|
| PostgreSQL | Daily 2:00 AM | Local (7 days retention) |
| Qdrant | Daily 3:00 AM | Local (7 days retention) |
| Disk monitor | Hourly | Auto-prune at 85% |
⚠️ MySQL backup = REMOVED (no MySQL). GCS backup destination = RETIRED.
VII. CI/CD PIPELINE
GitHub push → GitHub Actions (4 required checks) → rsync → VPS auto-deploy
4 required checks: Pass Gate, Quality Gate, check-critical-files, Contract Schema.
Non-blocking: build, E2E Tests, Terraform, docs-guard.
CẤM: --admin merge, manual deploy, push thẳng main.
VIII. GCP RESOURCES
Active
| Service | Vai trò | Cost |
|---|---|---|
| Secret Manager (8 secrets) | Credentials SSOT | ~$2/month |
ALL RETIRED
Cloud SQL, Cloud Run (3 services + agent-data-test), Cloud Function, Cloud Scheduler, App Engine, Firestore, GCS (6 buckets), Firebase Hosting, Artifact Registry, 34 secrets.
IX. INTEGRITY TOOLING (S167D)
| Tool | Status |
|---|---|
| Runner (scripts/integrity/main.js) | ⚠️ Không chạy trên VPS — TD-377 đang fix |
| Scanner (dot/bin/dot-layer-integrity-audit) | ✅ Cloud mode |
| PG verify_counts() | ✅ |
| 26 PG triggers | ✅ |
| WATCHDOG (ISS-0752) | ✅ Alive |
v2.0 | 2026-03-26 S139. Major rewrite: PG sole DB, MySQL/Firestore/GCS retired, domain ai. removed. v1.0 | 2026-02-28. Original.