Skip to main content

Project Hub: Home Proxmox / Web-edge

This hub documents the home Proxmox stack and the web-edge services you expose (LAN-first; public via MikroTik port-forward + DNS).

Core nodes / IPs

  • Proxmox host: 10.10.9.100
  • VM101: 10.10.9.101 (ChirpStack / LoRa UDP 1700)
  • VM102 (core-services-102): 10.10.9.104
  • VM103 (web-edge-103): 10.10.9.103

Public endpoints (DNS-only mode)

  • Docs (KB): https://docs.aurbotstem.com
  • Portal: https://portal.aurbotstem.com
  • Dash: https://dash.aurbotstem.com

Services map (what runs where)

VM103 — Web-edge

  • Caddy (reverse proxy + TLS)
    • config: /etc/caddy/Caddyfile
    • static roots:
      • KB: /var/www/docusaurus-kb
      • Portal: /var/www/portal
      • Dash frontend: /var/www/second-brain-frontend
  • Second Brain agent backend (systemd)
    • health: http://10.10.9.103:8000/health

VM102 — Core-services

  • MCP Gateway (IBM ContextForge Gateway) (systemd)
    • URL: http://10.10.9.104:8787
    • service: mcpgateway
    • config/env: /opt/mcpgateway/mcpgateway.env

How to use: MCP Gateway

Check status

From any LAN machine:

curl -sS http://10.10.9.104:8787/health

Manage service (on VM102)

sudo systemctl status mcpgateway
sudo journalctl -u mcpgateway -f
sudo systemctl restart mcpgateway

Auth notes

Gateway supports auth features; current deployment is intended for LAN-only usage. If/when you expose it, we will lock down:

  • strong admin creds
  • allowlist/forward auth via Caddy/Authentik
  • firewall rules (WAN block)

How to use: AI agent (Orchestrator)

Planned: run the orchestrator on VM103 and let it call tools via the MCP Gateway on VM102.

Recommended usage pattern:

  1. You talk to the orchestrator (HTTP endpoint / UI later)
  2. Orchestrator calls MCP Gateway tools (device/service ops)
  3. Orchestrator writes outcomes back into KB / dashboards

Status: orchestrator deployment needs finalization (we’ll standardize it as a systemd service + Caddy route).

Operating rules / safety

  • Keep public exposure only on VM103 (web-edge)
  • Keep VM102 services LAN-only unless a strong reason
  • Prefer DNS-only mode unless you explicitly adopt Cloudflare Tunnel