# Hetzner VPS

## Description

This page documents facts received from the Codex session running on the Hetzner VPS / homelab server.

The relationship between this VPS and the Raspberry Pi 5 homelab is not yet clarified.

## Current configuration

- Hostname: `ubuntu-4gb-hel1-1`
- Public IPv4: `135.181.153.108`
- Public IPv6: `2a01:4f9:c014:98f0::1`
- Tailscale IP: `100.95.58.48`
- Incorrect Tailscale IP explicitly ruled out: `100.108.208.3`

Network interfaces reported:

- `docker0`: `172.17.0.1/16`, `DOWN`
- `br-b467702c0f28`: `172.18.0.1/16`, `DOWN`
- `br-40cc27c6ea24`: `172.19.0.1/16`, `DOWN`

Docker networks:

- `bridge`
- `host`
- `none`
- `npm_default`
- `proxy`
- Planned after Joplin start: `joplin-net`

Docker volumes:

- No Docker named volumes currently exist.
- Planned after Joplin start: `joplin_postgres_data`

Running containers:

- `npm`

## Known facts

- `npm` uses image `jc21/nginx-proxy-manager:latest`.
- `npm` status was reported as `Up about an hour`.
- `npm` Compose path is `/home/dockeruser/docker/npm`.
- `npm` uses `network_mode: host`.
- Because `npm` uses host networking, Nginx Proxy Manager binds directly to host ports.
- Nginx Proxy Manager admin UI responds `200 OK` internally at `http://127.0.0.1:81`.
- Nginx Proxy Manager HTTP listener responds `200 OK` internally at `http://127.0.0.1:80`.
- Nginx Proxy Manager responded `200 OK` at `http://100.95.58.48:81`.
- Nginx Proxy Manager responded `200 OK` at `http://135.181.153.108:81`.
- Nginx config test passes.
- Laptop-side diagnostics on 2026-04-15 verified:
  - `tailscale status` shows `ubuntu-4gb-hel1-1` at `100.95.58.48` as active.
  - `tailscale ping 100.95.58.48` returns pong responses through DERP relay `hel`.
  - `tailscale ping 100.95.58.48` reports direct connection not established.
  - `ping -c 4 100.95.58.48` returns 4 received, 0% packet loss.
  - `ping -c 4 135.181.153.108` returns 4 received, 0% packet loss.
  - `curl -v --connect-timeout 5 http://100.95.58.48:81` connects and returns `HTTP/1.1 200 OK`.
  - `curl -I --connect-timeout 5 http://100.95.58.48:81` returns `HTTP/1.1 200 OK`.
  - `curl -v --connect-timeout 5 http://135.181.153.108:81` connects and returns `HTTP/1.1 200 OK`.
  - `curl -I --connect-timeout 5 http://135.181.153.108:81` returns `HTTP/1.1 200 OK`.
- From a laptop/browser, the reported Nginx Proxy Manager admin UI URLs are:
  - `http://100.95.58.48:81` over Tailscale
  - `http://135.181.153.108:81` publicly if firewall allows it

Nginx Proxy Manager Compose file:

- Path: `/home/dockeruser/docker/npm/docker-compose.yml`
- Service:
  - `container_name: npm`
  - `image: jc21/nginx-proxy-manager:latest`
  - `restart: unless-stopped`
  - `network_mode: host`
  - `TZ: Europe/Warsaw`
  - Volumes:
    - `./data:/data`
    - `./letsencrypt:/etc/letsencrypt`

## Unknown / needs clarification

- Whether this Hetzner VPS is part of the homelab, a separate public edge, or both.
- Operating system version.
- Firewall rules.
- Whether port `81` is intentionally reachable on public IPv4.
- Whether ports `80` and `443` are publicly reachable from the internet.
- Why Tailscale direct connection is not established and traffic uses DERP relay `hel`.
- Whether any services other than `npm` are running outside Docker.
- Backup configuration.
- Monitoring and alerting configuration.