This repository demonstrates a single-node production-style Linux application hosting platform.
The focus of this phase includes:
- Linux system administration
- Structured network design
- Container-based application hosting
- Monitoring implementation
- Backup and recovery procedures
This project does not simulate a distributed cloud system. It represents a controlled, production-oriented baseline suitable for small-to-mid scale environments.
The previous exploratory version of this repository is archived for reference:
- 📄 File archive at 🌿 Historical branch
The earlier version documents broader experimentation before the scope was refined into a production-focused baseline.
Internet
│
▼
Reverse Proxy (HTTPS)
│
▼
Docker Network
┌────────┴─────────┐
│ │
Java Web App Database
│
▼
Monitoring
Admin Access
├─ SSH
└─ VPN
Live Application Endpoint:
The system runs on a single VPS and includes:
- Linux host with SSH access and fail2ban protection
- VPN tunnel access via SoftEther
- Docker runtime for containerized application services
- Reverse proxy for HTTPS access
- Database with persistent storage (internal network only)
- Monitoring service accessible through the internal network
- Backup and recovery procedures
The network structure follows structured IP planning principles:
-
Public exposure limited to:
- 22 (SSH)
- 443 (HTTPS)
- VPN port 1194
-
Internal Docker bridge network for service isolation
-
Database accessible only from internal network
-
Clear separation between:
- Public access layer
- Application layer
- Data layer
Protocol selection (TCP/UDP) is determined by service characteristics and transport requirements.
- VPS (8GB RAM)
- Linux operating system
- System hardening
- SSH administrative access
- fail2ban protection
- Public HTTPS access
- SSH administrative access
- VPN tunnel via SoftEther for internal access
- Docker runtime
- Containerized application services
- Reverse proxy for TLS termination
- Database service
- Persistent storage via Docker volumes
- Java-based web application
- Containerized runtime
- Database backend (internal access only)
- Persistent storage via Docker volumes
- Health endpoint enabled
The application is packaged and deployed in a production-style environment rather than a local development setup.
Deployment sequence:
- Provision VPS
- Apply base system hardening
- Install Docker and dependencies
- Deploy services via docker-compose
- Configure reverse proxy and TLS
- Enable monitoring
- Test application health
- Validate backup and restore procedure
The system is designed to be reproducible from a clean host.
Monitoring covers:
- CPU usage
- Memory usage
- Disk utilization
- Container status
- Service availability
Monitoring is performed using Zabbix for host and service metrics.
Monitoring dashboards are restricted to the internal network and accessed through the VPN layer.
Backup procedures include:
- Scheduled database dumps
- Docker volume backup
- Restore procedure documentation
- Recovery validation testing
Restore procedures are periodically tested to ensure service recovery in case of system failure.
| Component | CPU | RAM | Storage | Exposure |
|---|---|---|---|---|
| Host OS | 1 core | 512MB | 10GB | No |
| Java App | 1 core | 512MB | 1GB | via proxy |
| Database | 1 core | 512MB | 5GB | Internal |
| Monitoring | shared | 256MB | minimal | Internal |
| VPN | minimal | 128MB | minimal | Limited |
Capacity planning is estimated based on:
- Observed idle-state host measurements
- JVM baseline memory behavior under default configuration
- Typical lightweight database memory footprint
- Docker runtime overhead
- Monitoring agent resource usage
Allocations are intentionally conservative to prevent resource contention under moderate load.
The current scope establishes a stable operational baseline.
Future improvements will focus on:
- Application lifecycle refinement (build, package, release discipline)
- JVM configuration tuning and resource optimization
- Log management enhancement
- Service dependency handling and graceful restart procedures
Expansion will remain aligned with practical infrastructure roles before gradually extending toward deeper application engineering responsibilities.