Skip to content
Innovspatial Innovspatial

Server Overview

This document provides a high-level overview of the server architecture, the services running on it, and how to access them.

Core Components

Section titled “Core Components”

  • Portainer A web dashboard for managing Docker containers. Use it to start/stop stacks, view logs, or update configurations.

  • Docker Compose The main configuration is in /opt/websitebackend/docker-compose.yml. This file defines all services and is used by Portainer to deploy the stack.

  • Git & GitHub Actions Pushing to the main branch of the websitebackend repository triggers a GitHub Action that SSHes into the server, pulls the latest code, and applies the latest Directus schema snapshot from snapshots/schema.yaml.

Running Services

Section titled “Running Services”

  • Caddy Acts as a reverse proxy, routing traffic from the Cloudflare Tunnel to the correct service. It also handles security headers. The configuration file is at /opt/websitebackend/Caddyfile.

  • Directus The headless CMS, connected to the PostgreSQL database.

  • PostgreSQL The main database with the PostGIS extension for geospatial data.

  • Plausible An analytics service, connected to both PostgreSQL and ClickHouse.

  • ClickHouse A column-oriented database used for Plausible’s event data. Config files are in /opt/websitebackend/clickhouse/.

  • Netdata A real-time server monitoring dashboard.

Access Points

Section titled “Access Points”

Server SSH

ssh root@46.62.213.56

Cloudflare Tunnel

Section titled “Cloudflare Tunnel”

The Cloudflare Tunnel creates a secure, private connection from Cloudflare directly to the server, bypassing the main firewall for web traffic.

Configuration

Section titled “Configuration”

The cloudflared service runs on the server and reads its configuration from /etc/cloudflared/config.yml.

Access Control

Section titled “Access Control”

docs and portainer are protected by Cloudflare Access (Zero Trust). Users must authenticate via email + OTP before accessing any service. Allowed emails are managed in reusable access policies at Cloudflare One dashboard.

Routing

Section titled “Routing”
URLTunnel Target
admin.innovspatial.comCaddy (port 80) → Directus
analytics.innovspatial.comCaddy (port 80) → Plausible
portainer.innovspatial.comPortainer (port 9001)
docs.innovspatial.comCloudflare Pages → This website

DNS

Section titled “DNS”

Cloudflare DNS uses CNAME records pointing to the tunnel ID for these subdomains.