Overview
Live infrastructure status β refreshes every 30s
Services Online
β
Disk Used
β
Memory Used
β
SSL Alerts
β
PM2 Services
Loadingβ¦
System Health
Loadingβ¦
Recent Deployments
Loadingβ¦
Services
All Esipick services β manage via PM2
PM2 Process List
Loadingβ¦
Service Registry
Loadingβ¦
Deploy
Run deployment runbooks β CTO approval + QA sign-off required
β οΈ All deployments require CTO written approval and QA Head sign-off. Fill both reference fields before proceeding.
Update Existing Service (Runbook C)
Emergency Rollback (Runbook D)
Rollback first. Report to CTO second. Do not wait for instruction.
Pre-Deployment Checklist
Logs
PM2 service logs, Nginx error log, auth log
PM2 Service Logs
Select a service and click Load Logs.
Nginx Error Log
Click Load.
Auth / SSH Log
Click Load.
Backups
Manage and trigger backups to /root/backups/
Run Backup
Backup Files on VPS
Click Refresh.
Backup History
Click Refresh.
Backup Schedule (Cron) β Week 1 Action Item
Automated backups are not yet configured. Set up cron on VPS using commands below.
# Daily DB backups β run: crontab -e on VPS and paste these lines
0 2 * * * tar -czf /root/backups/aria_$(date +\%Y\%m\%d).tar.gz /root/aria_v3/ 2>/dev/null
5 2 * * * cp /root/inboxpilot/data/inbox.db /root/backups/inbox_$(date +\%Y\%m\%d).db 2>/dev/null
10 2 * * * cp /root/student-counsellor/data/counsellor.db /root/backups/counsellor_$(date +\%Y\%m\%d).db 2>/dev/null
15 2 * * * cp /root/payrollpilot/data/payroll.db /root/backups/payroll_$(date +\%Y\%m\%d).db 2>/dev/null
0 3 * * 0 tar -czf /root/backups/envs_$(date +\%Y\%m\%d).tar.gz $(find /root -name '.env' 2>/dev/null) 2>/dev/null
0 3 * * 0 tar -czf /root/backups/nginx_$(date +\%Y\%m\%d).tar.gz /etc/nginx/ 2>/dev/null
SSL Certificates
Let's Encrypt via Certbot β auto-renewal should be configured
Certificate Status
Loadingβ¦
Certbot Commands Reference
# Check all certs
certbot certificates
# Dry run renewal (no changes)
certbot renew --dry-run
# Issue new cert for domain
certbot --nginx -d your-domain.esipick.ai
# Renew now (force)
certbot renew --force-renewal
# Cron for auto-renewal (already set up by Certbot installer):
0 3 * * * certbot renew --quiet
Nginx
Reverse proxy configuration and status
Nginx Status
Loadingβ¦
Nginx Server Block Template
server {
listen 80;
server_name [your-domain.esipick.ai];
location / {
proxy_pass http://127.0.0.1:[PORT];
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cache_bypass $http_upgrade;
proxy_read_timeout 300s;
proxy_connect_timeout 75s;
}
# WebSocket support (ARIA, InboxPilot)
location /ws {
proxy_pass http://127.0.0.1:[PORT];
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_read_timeout 86400s;
}
# Certbot will add SSL block below
}
Command Output
Run a command above to see output.
Security
Firewall rules, SSH auth log, credential policies
UFW Firewall Status
Click Refresh.
UFW Rules Policy
| Port | Rule | Reason |
|---|---|---|
22 | ALLOW trusted IPs | SSH key only |
80 | ALLOW all | HTTP + Certbot |
443 | ALLOW all | HTTPS production |
5002,8000β8005 | DENY external | Nginx proxies only |
5678 | DENY external | n8n internal only |
| All others | DENY | Default deny |
Recent Auth / SSH Activity
Click Refresh.
Credential Policy
NEVER log API keys or .env contents. NEVER paste credentials into chat. NEVER commit .env to Git. NEVER share SSH private key. Rotate any exposed credential immediately and notify CTO within 10 minutes.
| Credential | Location | Rotation |
|---|---|---|
| Anthropic API Key | /root/[service]/.env | Every 90 days |
| VAPI Agency + SMB Keys | /root/aria_v3/.env | Every 90 days |
| SMTP credentials | /root/[services]/.env | Every 90 days |
| SendGrid API Key | /root/student-counsellor/.env | Every 90 days |
| Telnyx API Key | /root/student-counsellor/.env | Every 90 days |
| SSH Private Key | Local β authorised users only | On compromise |
Deployment Log
Every deployment must be logged. History is permanent.
Log New Deployment
Deployment History
Loadingβ¦
AI Agent
Instruct the DevOps Agent. All orders must come from CTO. QA sign-off required before deploys.
π€ This is the DevOps Agent β it executes infrastructure operations. It does NOT make architectural decisions. CTO approval + QA sign-off required for all deployments.