# Infrastruktur Dokumentation *Letzte Aktualisierung: 15. Februar 2026* ## Gesamtübersicht ``` ┌─────────────────────────────────────────────────────────────────────────────────────┐ │ INFRASTRUKTUR ÜBERSICHT │ │ │ │ INTERNET │ │ │ │ │ │ Vodafone Business │ │ │ 5 öffentliche IPs │ │ │ │ │ ▼ │ │ ┌─────────────────────────────────────────────────────────────────────────────┐ │ │ │ UBIQUITI DREAM MACHINE PRO SE │ │ │ │ │ │ │ │ 37.24.237.178 │ Internetzugang │ │ │ │ 37.24.237.179 │ cloud.complexcaresolutions.de → 10.10.179.100 │ │ │ │ 37.24.237.180 │ zh3.de (Nginx PM) → 10.10.180.100 │ │ │ │ 37.24.237.181 │ porwoll.tech (Caddy) → 10.10.181.99 │ │ │ │ │ :2204 → sv-frontend (10.10.181.104:22) [GitHub Actions] │ │ │ │ 37.24.237.182 │ FREI (Reserve) │ │ │ │ │ │ │ └──────────────────────────────────┬──────────────────────────────────────────┘ │ │ │ │ CLOUDFLARE (Proxy) │ │ ├── zh3.de + Subdomains → 37.24.237.180 │ │ ├── porwoll.tech + *.porwoll.tech → 37.24.237.181 │ │ └── porwoll.org (intern DNS only) │ │ │ │ HETZNER (Extern) │ │ ├── 78.46.87.137 (Hetzner 1) — blogwoman.de, ccs.de, zweitmeinu.ng │ │ ├── 94.130.141.114 (Hetzner 2) — porwoll.de, caroline-porwoll.* │ │ └── 162.55.85.18 (Hetzner 3) — CMS + Analytics (Payload Prod) │ │ │ └─────────────────────────────────────────────────────────────────────────────────────┘ ``` --- ## Server-Übersicht | Server | IP | Verwaltung | Zweck | Sites | |--------|-----|-----------|-------|-------| | **sv-payload** | 10.10.181.100 | LXC (Proxmox) | CMS Development | pl.porwoll.tech | | **sv-frontend** | 10.10.181.104 | LXC (Proxmox) | Frontend Development | *-dev.porwoll.tech | | **Hetzner 1** | 78.46.87.137 | Plesk | Frontend Production | blogwoman.de, ccs.de, zweitmeinu.ng | | **Hetzner 2** | 94.130.141.114 | Plesk | Frontend Production | porwoll.de, caroline-porwoll.* | | **Hetzner 3** | 162.55.85.18 | Manuell (SSH) | CMS + Analytics Prod | cms.c2sgmbh.de, analytics.c2sgmbh.de | --- ## Öffentliche IP-Adressen | IP | Verwendung | Ziel (intern) | |----|------------|---------------| | 37.24.237.178 | Internetzugang (Default) | - | | 37.24.237.179 | cloud.complexcaresolutions.de | 10.10.179.100 (Nextcloud) | | 37.24.237.180 | zh3.de (via Cloudflare) | 10.10.180.100 (Nginx PM) | | 37.24.237.181 | porwoll.tech (Cloudflare) | 10.10.181.99 (Caddy) | | 37.24.237.181:2204 | GitHub Actions SSH Deploy | 10.10.181.104:22 (sv-frontend) | | 37.24.237.182 | FREI (Reserve) | - | --- ## VLANs | VLAN | Name | Subnetz | Zweck | |------|------|---------|-------| | 40 | c2s-prd | 10.10.40.0/24 | Produktion | | 90 | c2s-mgt | 10.10.90.0/24 | Management (Proxmox) | | 179 | c2s-179 | 10.10.179.0/24 | Cloud Services | | 180 | c2s-180 | 10.10.180.0/24 | Web Services (zh3.de) | | 181 | c2s-181 | 10.10.181.0/24 | Development (porwoll.tech) | --- ## VLAN 181 - Development (porwoll.tech) | ID | Hostname | IP | Service | Status | |----|----------|-----|---------|--------| | 699 | sv-caddy | 10.10.181.99 | Caddy Reverse Proxy | ✅ Running | | 700 | sv-payload | 10.10.181.100 | Payload CMS Dev | ✅ Running | | 701 | sv-postgres | 10.10.181.101 | PostgreSQL 17 + Redis Commander | ✅ Running | | 702 | sv-dev-payload | 10.10.181.102 | Payload Test | ⏸️ Stopped | | 703 | sv-analytics | 10.10.181.103 | Umami Analytics | ✅ Running | | 704 | sv-frontend | 10.10.181.104 | Frontend Dev (9 Projekte) | ✅ Running | --- ## sv-frontend (LXC 704) - Frontend Development **SSH:** `ssh frontend@10.10.181.104` ### Software Stack - Node.js 22.x - pnpm - Next.js 16.2.0-canary.41 - Claude Code 2.1.37 - Codex CLI (aktuell) - Gemini CLI (aktuell) ### Projekte & Ports | Port | Service | Repository | Staging URL | Production | |------|---------|------------|-------------|------------| | 3000 | frontend-porwoll | frontend.porwoll.de | porwoll-dev.porwoll.tech | **porwoll.de** ✅ | | 3001 | frontend-blogwoman | frontend.blogwoman.de | blogwoman-dev.porwoll.tech | **blogwoman.de** ✅ | | 3002 | frontend-caroline-com | frontend.caroline-porwoll.com | caroline-com-dev.porwoll.tech | - | | 3003 | frontend-caroline-de | frontend.caroline-porwoll.de | caroline-de-dev.porwoll.tech | - | | 3004 | frontend-ccs | frontend.complexcaresolutions.de | ccs-dev.porwoll.tech | - | | 3005 | frontend-gunshin | frontend.gunshin.de | gunshin-dev.porwoll.tech | - | | 3006 | frontend-sensual | frontend.sensualmoment.de | sensual-dev.porwoll.tech | - | | 3007 | frontend-zweitmeinu | frontend.zweitmeinu.ng | zweitmeinu-dev.porwoll.tech | - | | 3008 | frontend-zytoskandal | frontend.zytoskandal.de | zytoskandal-dev.porwoll.tech | - | ### Service-Verwaltung ```bash # Service starten systemctl start frontend-porwoll # Service stoppen systemctl stop frontend-porwoll # Alle Status systemctl status frontend-* ``` --- ## sv-caddy (LXC 699) - Reverse Proxy - **IP:** 10.10.181.99 - **Software:** Caddy 2.9.x + Cloudflare DNS Plugin - **SSL:** Wildcard *.porwoll.tech via Let's Encrypt DNS-Challenge - **Config:** `/etc/caddy/Caddyfile` ### Routing | URL | Backend | |-----|---------| | pl.porwoll.tech | 10.10.181.100:3000 | | redis.porwoll.tech | 10.10.181.101:8081 | | umami.porwoll.tech | 10.10.181.103:3000 | | *-dev.porwoll.tech | 10.10.181.104:300x | --- ## SSH-Infrastruktur ### Verbindungen von sv-payload | Ziel | Host-Alias | User | Key | Zweck | |------|-----------|------|-----|-------| | sv-frontend (10.10.181.104) | `sv-frontend` | frontend | `~/.ssh/frontend_deploy` | Entwicklung, Work Orders | | Hetzner 1 (78.46.87.137) | `hetzner1` | root | `~/.ssh/plesk_deploy` | Production Troubleshooting | | Hetzner 2 (94.130.141.114) | `hetzner2` | root | `~/.ssh/plesk_deploy` | Production Troubleshooting | ### SSH-Config (`/home/payload/.ssh/config`) ``` Host sv-frontend frontend HostName 10.10.181.104 User frontend IdentityFile ~/.ssh/frontend_deploy IdentitiesOnly yes Host hetzner1 plesk1 HostName 78.46.87.137 User root IdentityFile ~/.ssh/plesk_deploy IdentitiesOnly yes StrictHostKeyChecking accept-new Host hetzner2 plesk2 HostName 94.130.141.114 User root IdentityFile ~/.ssh/plesk_deploy IdentitiesOnly yes StrictHostKeyChecking accept-new ``` ### Port-Forwarding (GitHub Actions → sv-frontend) GitHub Actions kann sv-frontend nicht direkt erreichen (internes Netz). Lösung: UDM Pro SE Port-Forward. ``` GitHub Actions → 37.24.237.181:2204 → UDM Pro SE → 10.10.181.104:22 (sv-frontend) ``` Die SSH-Credentials sind als Repository-Secrets gespeichert (`SSH_HOST`, `SSH_PORT`, `SSH_USER`, `SSH_PRIVATE_KEY`). --- ## GitHub Organisation: complexcaresolutions | Repository | Beschreibung | Visibility | Production | |------------|--------------|------------|------------| | cms.c2sgmbh | Payload CMS Backend | Internal | cms.c2sgmbh.de | | **payload-contracts** | **Shared Types + API Client** | **Internal** | — | | frontend.porwoll.de | porwoll.de Frontend | Internal | **porwoll.de** ✅ | | frontend.blogwoman.de | blogwoman.de Frontend | Internal | **blogwoman.de** ✅ | | frontend.caroline-porwoll.com | caroline-porwoll.com Frontend | Internal | - | | frontend.caroline-porwoll.de | caroline-porwoll.de Frontend | Internal | - | | frontend.complexcaresolutions.de | CCS Website Frontend | Internal | - | | frontend.gunshin.de | gunshin.de Frontend | Internal | - | | frontend.sensualmoment.de | sensualmoment.de Frontend | Internal | - | | frontend.zweitmeinu.ng | zweitmeinu.ng Frontend | Internal | - | | frontend.zytoskandal.de | zytoskandal.de Frontend | Internal | - | ### payload-contracts Shared TypeScript-Package (`@c2s/payload-contracts`) als Git-Dependency für alle Frontends. ``` CMS (payload-cms) Contracts (payload-contracts) Frontends ━━━━━━━━━━━━━━━━ ━━━━━━━━━━━━━━━━━━━━━━━━━━━ ━━━━━━━━━ payload-types.ts ──extract-types──→ src/types/payload-types.ts src/types/collections.ts ←──── import { Page, Post } src/api-client/ ←──── import { createPayloadClient } src/blocks/registry.tsx ←──── import { createBlockRenderer } ``` --- ## Hetzner 1 - Frontend Production (blogwoman.de) - **IP:** 78.46.87.137 - **Verwaltung:** Plesk - **SSH:** `ssh hetzner1` (von sv-payload) - **Web-Server:** nginx-only + Phusion Passenger 6.1.0 - **Node.js:** 22.x ### Sites | Domain | Status | Repository | Deploy | |--------|--------|------------|--------| | blogwoman.de | ✅ Live | frontend.blogwoman.de | GitHub Webhook → Plesk Git Pull | | complexcaresolutions.de | ⏸️ Geplant | frontend.complexcaresolutions.de | - | | zweitmeinu.ng | ⏸️ Geplant | frontend.zweitmeinu.ng | - | ### Deployment - **Methode:** Plesk Git-Integration mit GitHub Webhook - **Webhook:** `complexcaresolutions.de:8443` (SSL-Cert ist für diese Domain) - **Branch:** `main` (Push → Auto-Pull → Passenger Restart) - **Document Root:** `/var/www/vhosts/blogwoman.de/httpdocs/` ### Konfiguration (nginx-only) Plesk muss auf **nginx-only** (nicht nginx→Apache) konfiguriert sein, da Apache ErrorDocument-Directives Next.js 404-Handling stören und Redirect-Loops verursachen. --- ## Hetzner 2 - Frontend Production (porwoll.de) - **IP:** 94.130.141.114 - **Verwaltung:** Plesk - **SSH:** `ssh hetzner2` (von sv-payload) - **Web-Server:** nginx-only + Phusion Passenger 6.1.0 - **Node.js:** 22.x ### Sites | Domain | Status | Repository | Deploy | |--------|--------|------------|--------| | porwoll.de | ✅ Live | frontend.porwoll.de | GitHub Webhook → Plesk Git Pull | | caroline-porwoll.com | ⏸️ Geplant | frontend.caroline-porwoll.com | - | | caroline-porwoll.de | ⏸️ Geplant | frontend.caroline-porwoll.de | - | ### Deployment - **Methode:** Plesk Git-Integration mit GitHub Webhook - **Branch:** `main` (Push → Auto-Pull → Passenger Restart) - **Document Root:** `/var/www/vhosts/porwoll.de/httpdocs/` --- ## Hetzner 3 - CMS + Analytics Production - **IP:** 162.55.85.18 - **Domain:** cms.c2sgmbh.de - **User:** payload - **SSH:** `ssh payload@162.55.85.18` ### Software - Payload CMS 3.76.1 - Next.js 16.2.0-canary.41 - React 19.2.3 - PostgreSQL 17 - Redis - Umami Analytics ### Services | Service | User | Port | URL | Status | |---------|------|------|-----|--------| | PostgreSQL 17 | postgres | 5432 | localhost | ✅ Läuft | | Payload CMS | payload | 3001 | https://cms.c2sgmbh.de | ✅ Läuft | | Umami Analytics | umami | 3000 | https://analytics.c2sgmbh.de | ✅ Läuft | | Redis Cache | redis | 6379 | localhost (auth: REDIS_PASSWORD, policy: noeviction) | ✅ Läuft | | Nginx | root | 80/443 | Reverse Proxy | ✅ Läuft | ### Deploy ```bash ~/deploy.sh ``` --- ## Deployment-Workflow ### CMS (Payload) ``` sv-payload (develop) → GitHub CI → sv-payload (main) → Hetzner 3 (deploy.sh) ``` ### Frontends ``` sv-frontend (develop) GitHub Plesk (Hetzner 1/2) ━━━━━━━━━━━━━━━━━━━━ ━━━━━━ ━━━━━━━━━━━━━━━━━━━ 1. Entwicklung CI: Lint + Build (Claude Code) ──push──→ ✅ auf develop │ 2. Staging-Test │ (*-dev.porwoll.tech) │ │ 3. Merge develop → main ──push──→ CI: Lint + Build ✅ auf main │ Webhook ─────────→ 4. Plesk Git Pull 5. pnpm install 6. pnpm build 7. Passenger Restart 8. Site live ✅ ``` ### Staging-Deploy (GitHub Actions) Push auf `develop` → GitHub Actions → SSH via Port-Forward → `pnpm install && pnpm build` auf sv-frontend. ### Work-Order-Workflow (neue Blocks/Collections) ``` sv-payload sv-frontend ━━━━━━━━━━ ━━━━━━━━━━━ 1. CMS Block/Collection ändern 2. pnpm payload generate:types 3. cd ~/payload-contracts && pnpm extract 4. ./scripts/create-work-order.sh "Titel" 5. git commit && git push 6. git pull (payload-contracts) 7. Claude Code mit Work Order starten 8. Block implementieren 9. pnpm build (Verify) 10. git commit && git push 11. Ergebnis verifizieren 12. Work Order → completed/ verschieben ``` --- ## URLs Übersicht ### Development (porwoll.tech) | Service | URL | |---------|-----| | Portal | https://porwoll.tech | | Payload CMS | https://pl.porwoll.tech | | Redis Commander | https://redis.porwoll.tech | | Umami Analytics | https://umami.porwoll.tech | | Frontend porwoll.de | https://porwoll-dev.porwoll.tech | | (8 weitere) | https://*-dev.porwoll.tech | ### Production (Hetzner) | Service | URL | Server | |---------|-----|--------| | Payload Admin | https://cms.c2sgmbh.de/admin | Hetzner 3 | | Payload API | https://cms.c2sgmbh.de/api | Hetzner 3 | | Umami Analytics | https://analytics.c2sgmbh.de | Hetzner 3 | | blogwoman.de | https://blogwoman.de | Hetzner 1 | | porwoll.de | https://porwoll.de | Hetzner 2 | --- ## Quick Reference ```bash # --- Development --- ssh frontend@10.10.181.104 # sv-frontend ssh root@10.10.181.99 # sv-caddy systemctl reload caddy # Caddy Caddyfile neu laden # --- CMS Production --- ssh payload@162.55.85.18 # Hetzner 3 pm2 logs payload # CMS Logs # --- Frontend Production --- ssh hetzner1 # Hetzner 1 (blogwoman.de) ssh hetzner2 # Hetzner 2 (porwoll.de) # Git-Status auf Production prüfen ssh hetzner1 "cd /var/www/vhosts/blogwoman.de/httpdocs && git log --oneline -3" ssh hetzner2 "cd /var/www/vhosts/porwoll.de/httpdocs && git log --oneline -3" # Passenger-Status ssh hetzner1 "passenger-status" ssh hetzner2 "passenger-status" # --- Work Orders --- cd ~/payload-contracts ./scripts/create-work-order.sh "Titel" --extract ./scripts/execute-work-order.sh work-orders/YYYY-MM-DD-slug.md ``` --- *Dokumentation: Martin Porwoll | Complex Care Solutions GmbH | 15.02.2026*