KB-31D4 rev 4
VPS Contabo Server Info
4 min read Revision 4
VPS Contabo — Server Info
Last updated: 2026-02-23
Connection
- IP: 38.242.240.89
- IPv6: 2a02:c207:2308:463::1
- User: root
- Auth: SSH key (~/.ssh/contabo_vps)
- SSH shortcut:
ssh contabo - OS: Ubuntu 24.04.4 LTS
- Kernel: 6.8.0-90-generic
- Provider: Contabo Cloud VPS 20
- Region: European Union
Specs
- CPU: 6 vCPU (AMD EPYC)
- RAM: 12 GB
- Storage: 96 GB NVMe
- Bandwidth: Unlimited (Fair Usage)
- Port: 300 Mbit/s
Software
- Docker: 29.2.1
- Docker Compose: v5.0.2
- rclone: v1.73.0
- UFW: active (SSH, 80, 443)
- Fail2ban: enabled (sshd jail)
Directory Structure
/opt/incomex/
├── docker/ # Docker Compose files + .env
├── backups/ # Local backup staging (MySQL + Qdrant)
├── scripts/ # Operational scripts (backup, monitoring)
├── logs/ # Application logs
└── config/ # Environment configs
Security
- UFW: SSH (22), HTTP (80), HTTPS (443) only
- Fail2ban: enabled, sshd jail active
- SSH key auth: ed25519 (~/.ssh/contabo_vps)
- SSL: Let's Encrypt, auto-renew via certbot.timer
Backups
- MySQL: daily 2AM via
/opt/incomex/scripts/mysql-backup.sh, 7-day retention (~10MB each) - Qdrant: daily 3AM via
/opt/incomex/scripts/qdrant-backup.sh, 7-day retention (~11MB each) - Disk monitor: hourly via
/opt/incomex/scripts/disk-monitor.sh, auto-prune at 85%
Cost
- $7.95/month (1 month plan)
Purpose
VPS is the sole production environment for the Incomex Business OS. All services run as Docker containers on this single server.
Docker Stack
| Container | Port | Purpose |
|---|---|---|
| mysql | 3306 | Directus database |
| qdrant | 6333 | Vector search |
| directus | 8055 | CMS admin |
| agent-data | 8000 | Knowledge API |
| nuxt | 3000 | Frontend SSR |
| nginx | 80/443 | Reverse proxy + SSL |
Data Residency (sau S109 Migration)
- Primary data: VPS — MySQL, PostgreSQL, Qdrant, Docker volumes, local file storage
- Secrets: Google Secret Manager (duy nhất dịch vụ GCP còn dùng)
- KHÔNG CÒN: GCS Buckets, Firestore, Firebase Hosting, Artifact Registry, Cloud Run, App Engine
GCP Resources (post-cleanup 2026-02-23, updated S176 2026-04-11)
Only free-tier/minimal resources remain on GCP:
- Cloud Run
agent-data-test(backup, $0) - 6 GCS buckets
- Firestore (default)
- Firebase Hosting
- ~22 secrets in Secret Manager (LARK_APP_ID/SECRET, PG_, DIRECTUS_, GH PAT, OPENAI, QDRANT, etc.)
- Active SA on VPS:
cursor-ci-builder@github-chatgpt-ggcloud.iam.gserviceaccount.com- displayName: "GitHub Actions Build / Push Artifact Registry" (tạo cho CI, repurpose làm VPS SA)
- Roles:
artifactregistry.writer,cloudsql.client,datastore.user,secretmanager.secretAccessor(grant S176) - Note: docs cũ ghi
chatgpt-deployer— drift, đã sửa S176. Không có Terraform IaC quản lý IAM — tất cả thủ công qua gcloud CLI.
Cloud SQL, 3 Cloud Run services, Cloud Function, Cloud Scheduler, and 34 secrets were deleted on 2026-02-23.