- Evidence BI (bare-metal, blue-green) —
evidence.sayhellocollege.com
evidence-a.service (port 3001) — slot Aevidence-b.service (port 3002) — slot B- Active slot tracked in
/srv/evidence/active
- Data refresh cron every 15 min, deploys via GitHub Actions
- n8n workflow automation —
n8n.sayhellocollege.com (Docker via Coolify)
- Coolify (manages n8n only; Evidence removed from Coolify)
- Traefik reverse proxy (SSL termination, routing)
- Redis (for n8n)
- PostgreSQL 14 on host (legacy — used by GitHub Actions runners?)
- Wiki.js docs site —
docs.sayhellocollege.com (Docker, SQLite, Traefik labels)
- 3x GitHub Actions runners (
hc-portal-vps-2/3/4) — portal CI/CD + Evidence deploys
- Obsidian Sync headless service (
obsidian-sync.service)
# As dev (standard work)
ssh hc-central
# As root (infrastructure changes)
ssh root@62.171.177.227
- hc-knowledge-mcp —
mcp.sayhellocollege.com (Docker via Coolify)
- hc-portal — Coolify container (sslip.io domain, possibly legacy test)
- Qdrant vector DB —
qdrant.sayhellocollege.com
- Redis 7.2 (app Redis for portal)
- Coolify (manages MCP, portal, Qdrant, Redis deployments)
- Traefik reverse proxy
- PM2 processes (as
dev user):
dev-dashboard — /home/dev/dashboard/server.jshc-evidence — Evidence dev server (port 4000)hc-portal — Next.js dev server (11 restarts — unstable)mcp-server — /home/dev/hc-knowledge-mcp/dist/index.js (duplicate of Docker container?)
ssh root@5.78.149.183
- UFW is INACTIVE on both servers — no OS-level firewall. All exposed ports are publicly reachable.
- Qdrant ports 6333-6334 are directly exposed on hc-vps (in addition to Traefik routing).
- Dev server ports (3000, 3100, 5173, 8787, 9000) are bound to 0.0.0.0 on both servers.
- Traefik dashboards (port 8080) are exposed on both servers.
- Recommendation: Enable UFW on both servers, allow only 22, 80, 443.