myron/do-server-config
1
0
Fork 0
mirror of https://github.com/myronblair/do-server-config synced 2026-06-30 17:50:59 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
do-server-config/README.md
T
myron 5b1f83b1ea Initial: backup/restore scripts + README for DO server 
- backup.sh: weekly cron collecting scripts, systemd, WG, OLS vhosts, cron, mysql creds
- restore.sh: 8-phase interactive disaster recovery wizard
- README.md: full rebuild guide, credentials, architecture notes

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-09 03:53:09 +00:00

173 lines
6.7 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# DO Server Config Backup & Restore
Weekly backup of the DigitalOcean production server (`orbis`, 165.22.1.228).
CyberPanel/OpenLiteSpeed, Ubuntu 24.04, 48GB disk.
---
## What's Backed Up
| Directory | Source | Contents |
|-----------|--------|----------|
| `scripts/` | `/usr/local/bin/` | jarvis-deploy, jarvis-watchdog, jarvis-backup, jarvis-agent, ttg-backup |
| `systemd/` | `/etc/systemd/system/` | jarvis-agent.service, fastapi_ssh_server.service |
| `wireguard/` | `/etc/wireguard/` | wg0.conf (VPN hub for home network), other WG profiles |
| `network/` | `/etc/netplan/` | 50-cloud-init.yaml, hosts, hostname |
| `cron/` | `crontab -l` | root_custom (JARVIS lines), root_full (everything) |
| `ssh/` | `/root/.ssh/` | authorized_keys, id_rsa.pub (no private keys) |
| `ols-vhosts/` | `/usr/local/lsws/conf/vhosts/` | All 8 site OLS vhost configs |
| `mysql/` | `/root/.my.cnf` | MySQL root credentials, database list |
| `infra/` | `/opt/infra/` | DO infra repo snapshot |
| `smtp-docs/` | `/opt/smtp-for-websites/` | CyberMail SMTP config docs |
**Backup schedule:** Every Sunday at 4:00 AM
**Log:** `/var/log/do-server-backup.log`
**Manual trigger:** `/usr/local/bin/do-server-backup`
---
## Sites on This Server
| Domain | GitHub Repo | DB |
|--------|-------------|-----|
| jarvis.orbishosting.com | myronblair/jarvis | jarvis_db |
| tomsjavajive.com | myronblair/tomsjavajive | toms_tjj_db |
| epictravelexpeditions.com | myronblair/epictravelexpeditions | epic_epic_db |
| parkerslingshot.epictravelexpeditions.com | myronblair/parkerslingshot | epic_parkersling |
| parkerslingshotrentals.com | myronblair/parkerslingshotrentals | parker_db |
| orbishosting.com | myronblair/orbishosting | — |
| orbis.orbishosting.com | myronblair/orbis-hosting-portal | — |
| tomtomgames.com | myronblair/tomtomgames | tomt_ttg_db |
GitHub PAT: `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` (expires ~2026-08-20)
---
## What Is NOT Backed Up Here
| Item | Location / Notes |
|------|-----------------|
| Website files | All in GitHub repos — `git pull` on restore |
| Databases | Backed up daily by `jarvis-backup.sh``/var/backups/jarvis/` |
| SSL certs | `/etc/letsencrypt/` — re-issue via CyberPanel after restore |
| Gitignored configs | `api/config.php` files — must recreate manually (see DB creds below) |
| SSH private key | `/root/.ssh/id_rsa` — regenerate or restore from secure storage |
| CyberPanel itself | Reinstall via `sh <(curl https://cyberpanel.net/install.sh)` |
| composer binary | Reinstall: `curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin` |
---
## Disaster Recovery — Full Server Rebuild
**Estimated time: 6090 minutes**
### Step 1 — Create new DigitalOcean Droplet
- Region: Same as original (NYC3 / SFO3 — check DO console)
- Image: Ubuntu 24.04 LTS
- Size: At minimum 4GB RAM, 80GB disk (original was 4vCPU/8GB/160GB)
- Add SSH key from your local machine
### Step 2 — Clone this repo
```bash
apt update && apt install -y git
git clone https://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@github.com/myronblair/do-server-config.git /opt/do-server-config
bash /opt/do-server-config/restore.sh
```
The restore script is interactive — it walks you through each phase and asks before applying each section.
### Step 3 — DNS Update (if IP changed)
If the new droplet has a different IP, update DNS before or immediately after:
- Cloudflare → DNS → Update A records for all domains
- Also update GitHub webhook URLs if they use IP directly (they don't — they use jarvis.orbishosting.com which is behind Cloudflare)
### Step 4 — Database Restore
Databases are in daily backups at `/var/backups/jarvis/`. If restoring to a new server:
```bash
# Copy the latest backup from old server (if still accessible)
scp root@165.22.1.228:/var/backups/jarvis/jarvis_backup_YYYY-MM-DD_*.tar.gz /tmp/
# Extract and restore
cd /tmp && tar -xzf jarvis_backup_*.tar.gz
# Then for each database:
mysql -u root -p jarvis_db < sql/jarvis_db.sql
mysql -u root -p toms_tjj_db < sql/toms_tjj_db.sql
mysql -u root -p tomt_ttg_db < sql/tomt_ttg_db.sql
mysql -u root -p epic_epic_db < sql/epic_epic_db.sql
mysql -u root -p epic_parkersling < sql/epic_parkersling.sql
mysql -u root -p parker_db < sql/parker_db.sql
```
You'll need to create the DB users first:
```sql
CREATE USER 'jarvis_user'@'localhost' IDENTIFIED BY 'J4rv1s_Pr0t0c0l_2026!';
GRANT ALL ON jarvis_db.* TO 'jarvis_user'@'localhost';
-- repeat for each DB user
```
### Step 5 — Recreate Gitignored Configs
After pulling website code, create these manually:
**`/home/jarvis.orbishosting.com/api/config.php`** — Contains all JARVIS credentials (Groq API key, Ollama URL, GitHub PAT, JARVIS DB credentials, ElevenLabs key, etc.)
**`/home/tomsjavajive.com/config/database.php`** — TJJ DB credentials
**`/home/epictravelexpeditions.com/api/config.php`** — Epic/Parker credentials
Reference: `api/config.php.example` or `config/database.php.example` in each repo.
---
## Key Credentials Quick Reference
| Service | User | Password |
|---------|------|----------|
| Root SSH | root | Gonewalk1974!@# |
| CyberPanel admin | admin | (set during reinstall) |
| MySQL root | root | Z9Of4NVs6ji74x (see mysql/my.cnf) |
| jarvis_db | jarvis_user | J4rv1s_Pr0t0c0l_2026! |
| toms_tjj_db | toms_tjj_user | +60wlPc+55e@gFq4 |
| tomt_ttg_db | tomt_ttg_user | q#q+mrOcozsa7I6J |
| epic_parkersling | epic_parkersling | Joker1974!!! |
---
## WireGuard VPN (wg0)
The DO server is the VPN hub for the home network tunnel:
- `wg0` on DO: `10.201.0.1/24`, ListenPort 51820
- Peer: Alpine LXC CT110 on home network → `10.201.0.2/32`
- Traffic flows: CT110 → DO for MediaStack VPN exit
Config is in `wireguard/wg0.conf`. Keys are included (this is a private repo).
---
## Architecture Notes
- **CyberPanel/OLS** manages PHP-FPM, virtual hosts, SSL, DNS (PowerDNS), mail (Postfix)
- **Cloudflare** is in front of all public sites — DNS proxy mode, Rocket Loader ON (breaks inline JS — `Cache-Control: no-transform` header is the fix)
- **JARVIS webhooks** at `/home/jarvis.orbishosting.com/public_html/webhook.php` handle auto-deploys for all 8+ GitHub repos
- **Deploy queue** `/tmp/jarvis-deploy-queue.txt` processed by `jarvis-deploy.sh` every minute
- **Watchdog** `jarvis-watchdog.sh` runs every 5 min — restarts lsws/mysql/redis if down, inserts alerts to DB
- **Daily DB backup** `jarvis-backup.sh` runs at 2am → `/var/backups/jarvis/` (7-day retention)
- **JARVIS agent** registers this server with JARVIS monitoring dashboard
---
## After Restore — Verify Services
```bash
systemctl status lsws mysql redis jarvis-agent
crontab -l
wg show
curl -sk https://jarvis.orbishosting.com/api.php?action=ping
tail -f /home/jarvis.orbishosting.com/logs/watchdog.log
```
Reference in New Issue View Git Blame Copy Permalink