cms.c2sgmbh/docs/INFRASTRUCTURE.md

# Infrastruktur Dokumentation

*Letzte Aktualisierung: 15. Februar 2026*

## Gesamtübersicht

```
┌─────────────────────────────────────────────────────────────────────────────────────┐
│                           INFRASTRUKTUR ÜBERSICHT                                  │
│                                                                                     │
│  INTERNET                                                                          │
│      │                                                                             │
│      │  Vodafone Business                                                          │
│      │  5 öffentliche IPs                                                          │
│      │                                                                             │
│      ▼                                                                             │
│  ┌─────────────────────────────────────────────────────────────────────────────┐   │
│  │  UBIQUITI DREAM MACHINE PRO SE                                              │   │
│  │                                                                              │   │
│  │  37.24.237.178  │ Internetzugang                                            │   │
│  │  37.24.237.179  │ cloud.complexcaresolutions.de → 10.10.179.100             │   │
│  │  37.24.237.180  │ zh3.de (Nginx PM) → 10.10.180.100                         │   │
│  │  37.24.237.181  │ porwoll.tech (Caddy) → 10.10.181.99                       │   │
│  │                 │ :2204 → sv-frontend (10.10.181.104:22) [GitHub Actions]    │   │
│  │  37.24.237.182  │ FREI (Reserve)                                            │   │
│  │                                                                              │   │
│  └──────────────────────────────────┬──────────────────────────────────────────┘   │
│                                                                                     │
│  CLOUDFLARE (Proxy)                                                                │
│  ├── zh3.de + Subdomains → 37.24.237.180                                          │
│  ├── porwoll.tech + *.porwoll.tech → 37.24.237.181                                │
│  └── porwoll.org (intern DNS only)                                                │
│                                                                                     │
│  HETZNER (Extern)                                                                  │
│  ├── 78.46.87.137   (Hetzner 1) — blogwoman.de, ccs.de, zweitmeinu.ng            │
│  ├── 94.130.141.114 (Hetzner 2) — porwoll.de, caroline-porwoll.*                  │
│  └── 162.55.85.18   (Hetzner 3) — CMS + Analytics (Payload Prod)                  │
│                                                                                     │
└─────────────────────────────────────────────────────────────────────────────────────┘
```

---

## Server-Übersicht

| Server | IP | Verwaltung | Zweck | Sites |
|--------|-----|-----------|-------|-------|
| **sv-payload** | 10.10.181.100 | LXC (Proxmox) | CMS Development | pl.porwoll.tech |
| **sv-frontend** | 10.10.181.104 | LXC (Proxmox) | Frontend Development | *-dev.porwoll.tech |
| **Hetzner 1** | 78.46.87.137 | Plesk | Frontend Production | blogwoman.de, ccs.de, zweitmeinu.ng |
| **Hetzner 2** | 94.130.141.114 | Plesk | Frontend Production | porwoll.de, caroline-porwoll.* |
| **Hetzner 3** | 162.55.85.18 | Manuell (SSH) | CMS + Analytics Prod | cms.c2sgmbh.de, analytics.c2sgmbh.de |

---

## Öffentliche IP-Adressen

| IP | Verwendung | Ziel (intern) |
|----|------------|---------------|
| 37.24.237.178 | Internetzugang (Default) | - |
| 37.24.237.179 | cloud.complexcaresolutions.de | 10.10.179.100 (Nextcloud) |
| 37.24.237.180 | zh3.de (via Cloudflare) | 10.10.180.100 (Nginx PM) |
| 37.24.237.181 | porwoll.tech (Cloudflare) | 10.10.181.99 (Caddy) |
| 37.24.237.181:2204 | GitHub Actions SSH Deploy | 10.10.181.104:22 (sv-frontend) |
| 37.24.237.182 | FREI (Reserve) | - |

---

## VLANs

| VLAN | Name | Subnetz | Zweck |
|------|------|---------|-------|
| 40 | c2s-prd | 10.10.40.0/24 | Produktion |
| 90 | c2s-mgt | 10.10.90.0/24 | Management (Proxmox) |
| 179 | c2s-179 | 10.10.179.0/24 | Cloud Services |
| 180 | c2s-180 | 10.10.180.0/24 | Web Services (zh3.de) |
| 181 | c2s-181 | 10.10.181.0/24 | Development (porwoll.tech) |

---

## VLAN 181 - Development (porwoll.tech)

| ID | Hostname | IP | Service | Status |
|----|----------|-----|---------|--------|
| 699 | sv-caddy | 10.10.181.99 | Caddy Reverse Proxy | ✅ Running |
| 700 | sv-payload | 10.10.181.100 | Payload CMS Dev | ✅ Running |
| 701 | sv-postgres | 10.10.181.101 | PostgreSQL 17 + Redis Commander | ✅ Running |
| 702 | sv-dev-payload | 10.10.181.102 | Payload Test | ⏸️ Stopped |
| 703 | sv-analytics | 10.10.181.103 | Umami Analytics | ✅ Running |
| 704 | sv-frontend | 10.10.181.104 | Frontend Dev (9 Projekte) | ✅ Running |

---

## sv-frontend (LXC 704) - Frontend Development

**SSH:** `ssh frontend@10.10.181.104`

### Software Stack
- Node.js 22.x
- pnpm
- Next.js 16.2.0-canary.41
- Claude Code 2.1.37
- Codex CLI (aktuell)
- Gemini CLI (aktuell)

### Projekte & Ports

| Port | Service | Repository | Staging URL | Production |
|------|---------|------------|-------------|------------|
| 3000 | frontend-porwoll | frontend.porwoll.de | porwoll-dev.porwoll.tech | **porwoll.de** ✅ |
| 3001 | frontend-blogwoman | frontend.blogwoman.de | blogwoman-dev.porwoll.tech | **blogwoman.de** ✅ |
| 3002 | frontend-caroline-com | frontend.caroline-porwoll.com | caroline-com-dev.porwoll.tech | - |
| 3003 | frontend-caroline-de | frontend.caroline-porwoll.de | caroline-de-dev.porwoll.tech | - |
| 3004 | frontend-ccs | frontend.complexcaresolutions.de | ccs-dev.porwoll.tech | - |
| 3005 | frontend-gunshin | frontend.gunshin.de | gunshin-dev.porwoll.tech | - |
| 3006 | frontend-sensual | frontend.sensualmoment.de | sensual-dev.porwoll.tech | - |
| 3007 | frontend-zweitmeinu | frontend.zweitmeinu.ng | zweitmeinu-dev.porwoll.tech | - |
| 3008 | frontend-zytoskandal | frontend.zytoskandal.de | zytoskandal-dev.porwoll.tech | - |

### Service-Verwaltung

```bash
# Service starten
systemctl start frontend-porwoll

# Service stoppen
systemctl stop frontend-porwoll

# Alle Status
systemctl status frontend-*
```

---

## sv-caddy (LXC 699) - Reverse Proxy

- **IP:** 10.10.181.99
- **Software:** Caddy 2.9.x + Cloudflare DNS Plugin
- **SSL:** Wildcard *.porwoll.tech via Let's Encrypt DNS-Challenge
- **Config:** `/etc/caddy/Caddyfile`

### Routing

| URL | Backend |
|-----|---------|
| pl.porwoll.tech | 10.10.181.100:3000 |
| redis.porwoll.tech | 10.10.181.101:8081 |
| umami.porwoll.tech | 10.10.181.103:3000 |
| *-dev.porwoll.tech | 10.10.181.104:300x |

---

## SSH-Infrastruktur

### Verbindungen von sv-payload

| Ziel | Host-Alias | User | Key | Zweck |
|------|-----------|------|-----|-------|
| sv-frontend (10.10.181.104) | `sv-frontend` | frontend | `~/.ssh/frontend_deploy` | Entwicklung, Work Orders |
| Hetzner 1 (78.46.87.137) | `hetzner1` | root | `~/.ssh/plesk_deploy` | Production Troubleshooting |
| Hetzner 2 (94.130.141.114) | `hetzner2` | root | `~/.ssh/plesk_deploy` | Production Troubleshooting |

### SSH-Config (`/home/payload/.ssh/config`)

```
Host sv-frontend frontend
    HostName 10.10.181.104
    User frontend
    IdentityFile ~/.ssh/frontend_deploy
    IdentitiesOnly yes

Host hetzner1 plesk1
    HostName 78.46.87.137
    User root
    IdentityFile ~/.ssh/plesk_deploy
    IdentitiesOnly yes
    StrictHostKeyChecking accept-new

Host hetzner2 plesk2
    HostName 94.130.141.114
    User root
    IdentityFile ~/.ssh/plesk_deploy
    IdentitiesOnly yes
    StrictHostKeyChecking accept-new
```

### Port-Forwarding (GitHub Actions → sv-frontend)

GitHub Actions kann sv-frontend nicht direkt erreichen (internes Netz). Lösung: UDM Pro SE Port-Forward.

```
GitHub Actions → 37.24.237.181:2204 → UDM Pro SE → 10.10.181.104:22 (sv-frontend)
```

Die SSH-Credentials sind als Repository-Secrets gespeichert (`SSH_HOST`, `SSH_PORT`, `SSH_USER`, `SSH_PRIVATE_KEY`).

---

## GitHub Organisation: complexcaresolutions

| Repository | Beschreibung | Visibility | Production |
|------------|--------------|------------|------------|
| cms.c2sgmbh | Payload CMS Backend | Internal | cms.c2sgmbh.de |
| **payload-contracts** | **Shared Types + API Client** | **Internal** | — |
| frontend.porwoll.de | porwoll.de Frontend | Internal | **porwoll.de** ✅ |
| frontend.blogwoman.de | blogwoman.de Frontend | Internal | **blogwoman.de** ✅ |
| frontend.caroline-porwoll.com | caroline-porwoll.com Frontend | Internal | - |
| frontend.caroline-porwoll.de | caroline-porwoll.de Frontend | Internal | - |
| frontend.complexcaresolutions.de | CCS Website Frontend | Internal | - |
| frontend.gunshin.de | gunshin.de Frontend | Internal | - |
| frontend.sensualmoment.de | sensualmoment.de Frontend | Internal | - |
| frontend.zweitmeinu.ng | zweitmeinu.ng Frontend | Internal | - |
| frontend.zytoskandal.de | zytoskandal.de Frontend | Internal | - |

### payload-contracts

Shared TypeScript-Package (`@c2s/payload-contracts`) als Git-Dependency für alle Frontends.

```
CMS (payload-cms)                    Contracts (payload-contracts)        Frontends
━━━━━━━━━━━━━━━━                    ━━━━━━━━━━━━━━━━━━━━━━━━━━━         ━━━━━━━━━
payload-types.ts ──extract-types──→  src/types/payload-types.ts
                                     src/types/collections.ts    ←────  import { Page, Post }
                                     src/api-client/             ←────  import { createPayloadClient }
                                     src/blocks/registry.tsx     ←────  import { createBlockRenderer }
```

---

## Hetzner 1 - Frontend Production (blogwoman.de)

- **IP:** 78.46.87.137
- **Verwaltung:** Plesk
- **SSH:** `ssh hetzner1` (von sv-payload)
- **Web-Server:** nginx-only + Phusion Passenger 6.1.0
- **Node.js:** 22.x

### Sites

| Domain | Status | Repository | Deploy |
|--------|--------|------------|--------|
| blogwoman.de | ✅ Live | frontend.blogwoman.de | GitHub Webhook → Plesk Git Pull |
| complexcaresolutions.de | ⏸️ Geplant | frontend.complexcaresolutions.de | - |
| zweitmeinu.ng | ⏸️ Geplant | frontend.zweitmeinu.ng | - |

### Deployment

- **Methode:** Plesk Git-Integration mit GitHub Webhook
- **Webhook:** `complexcaresolutions.de:8443` (SSL-Cert ist für diese Domain)
- **Branch:** `main` (Push → Auto-Pull → Passenger Restart)
- **Document Root:** `/var/www/vhosts/blogwoman.de/httpdocs/`

### Konfiguration (nginx-only)

Plesk muss auf **nginx-only** (nicht nginx→Apache) konfiguriert sein, da Apache ErrorDocument-Directives Next.js 404-Handling stören und Redirect-Loops verursachen.

---

## Hetzner 2 - Frontend Production (porwoll.de)

- **IP:** 94.130.141.114
- **Verwaltung:** Plesk
- **SSH:** `ssh hetzner2` (von sv-payload)
- **Web-Server:** nginx-only + Phusion Passenger 6.1.0
- **Node.js:** 22.x

### Sites

| Domain | Status | Repository | Deploy |
|--------|--------|------------|--------|
| porwoll.de | ✅ Live | frontend.porwoll.de | GitHub Webhook → Plesk Git Pull |
| caroline-porwoll.com | ⏸️ Geplant | frontend.caroline-porwoll.com | - |
| caroline-porwoll.de | ⏸️ Geplant | frontend.caroline-porwoll.de | - |

### Deployment

- **Methode:** Plesk Git-Integration mit GitHub Webhook
- **Branch:** `main` (Push → Auto-Pull → Passenger Restart)
- **Document Root:** `/var/www/vhosts/porwoll.de/httpdocs/`

---

## Hetzner 3 - CMS + Analytics Production

- **IP:** 162.55.85.18
- **Domain:** cms.c2sgmbh.de
- **User:** payload
- **SSH:** `ssh payload@162.55.85.18`

### Software
- Payload CMS 3.76.1
- Next.js 16.2.0-canary.41
- React 19.2.3
- PostgreSQL 17
- Redis
- Umami Analytics

### Services

| Service | User | Port | URL | Status |
|---------|------|------|-----|--------|
| PostgreSQL 17 | postgres | 5432 | localhost | ✅ Läuft |
| Payload CMS | payload | 3001 | https://cms.c2sgmbh.de | ✅ Läuft |
| Umami Analytics | umami | 3000 | https://analytics.c2sgmbh.de | ✅ Läuft |
| Redis Cache | redis | 6379 | localhost (auth: REDIS_PASSWORD, policy: noeviction) | ✅ Läuft |
| Nginx | root | 80/443 | Reverse Proxy | ✅ Läuft |

### Deploy
```bash
~/deploy.sh
```

---

## Deployment-Workflow

### CMS (Payload)

```
sv-payload (develop) → GitHub CI → sv-payload (main) → Hetzner 3 (deploy.sh)
```

### Frontends

```
sv-frontend (develop)                GitHub                   Plesk (Hetzner 1/2)
━━━━━━━━━━━━━━━━━━━━                ━━━━━━                   ━━━━━━━━━━━━━━━━━━━

1. Entwicklung                       CI: Lint + Build
   (Claude Code)         ──push──→   ✅ auf develop
                                         │
2. Staging-Test                          │
   (*-dev.porwoll.tech)                  │
                                         │
3. Merge develop → main  ──push──→   CI: Lint + Build
                                     ✅ auf main
                                         │
                                     Webhook ─────────→  4. Plesk Git Pull
                                                         5. pnpm install
                                                         6. pnpm build
                                                         7. Passenger Restart
                                                         8. Site live ✅
```

### Staging-Deploy (GitHub Actions)

Push auf `develop` → GitHub Actions → SSH via Port-Forward → `pnpm install && pnpm build` auf sv-frontend.

### Work-Order-Workflow (neue Blocks/Collections)

```
sv-payload                              sv-frontend
━━━━━━━━━━                              ━━━━━━━━━━━
1. CMS Block/Collection ändern
2. pnpm payload generate:types
3. cd ~/payload-contracts && pnpm extract
4. ./scripts/create-work-order.sh "Titel"
5. git commit && git push
                                         6. git pull (payload-contracts)
                                         7. Claude Code mit Work Order starten
                                         8. Block implementieren
                                         9. pnpm build (Verify)
                                        10. git commit && git push
11. Ergebnis verifizieren
12. Work Order → completed/ verschieben
```

---

## URLs Übersicht

### Development (porwoll.tech)

| Service | URL |
|---------|-----|
| Portal | https://porwoll.tech |
| Payload CMS | https://pl.porwoll.tech |
| Redis Commander | https://redis.porwoll.tech |
| Umami Analytics | https://umami.porwoll.tech |
| Frontend porwoll.de | https://porwoll-dev.porwoll.tech |
| (8 weitere) | https://*-dev.porwoll.tech |

### Production (Hetzner)

| Service | URL | Server |
|---------|-----|--------|
| Payload Admin | https://cms.c2sgmbh.de/admin | Hetzner 3 |
| Payload API | https://cms.c2sgmbh.de/api | Hetzner 3 |
| Umami Analytics | https://analytics.c2sgmbh.de | Hetzner 3 |
| blogwoman.de | https://blogwoman.de | Hetzner 1 |
| porwoll.de | https://porwoll.de | Hetzner 2 |

---

## Quick Reference

```bash
# --- Development ---
ssh frontend@10.10.181.104          # sv-frontend
ssh root@10.10.181.99               # sv-caddy
systemctl reload caddy              # Caddy Caddyfile neu laden

# --- CMS Production ---
ssh payload@162.55.85.18            # Hetzner 3
pm2 logs payload                    # CMS Logs

# --- Frontend Production ---
ssh hetzner1                        # Hetzner 1 (blogwoman.de)
ssh hetzner2                        # Hetzner 2 (porwoll.de)

# Git-Status auf Production prüfen
ssh hetzner1 "cd /var/www/vhosts/blogwoman.de/httpdocs && git log --oneline -3"
ssh hetzner2 "cd /var/www/vhosts/porwoll.de/httpdocs && git log --oneline -3"

# Passenger-Status
ssh hetzner1 "passenger-status"
ssh hetzner2 "passenger-status"

# --- Work Orders ---
cd ~/payload-contracts
./scripts/create-work-order.sh "Titel" --extract
./scripts/execute-work-order.sh work-orders/YYYY-MM-DD-slug.md
```

---

*Dokumentation: Martin Porwoll | Complex Care Solutions GmbH | 15.02.2026*