OVH VPS Overview
The OVH VPS is the most powerful server in the fleet, hosting the WhatsApp CRM SaaS platform (Queunir). It runs an Express gateway with 6 Docker-based WhatsApp slices, each running its own Chromium instance for whatsapp-web.js sessions.
Server Specifications
| Item | Details |
|---|---|
| Hostname | vps-6adaa1c1 |
| Provider | OVH |
| IP | 192.99.145.61 |
| SSH | `ssh ovh` |
| OS | Ubuntu 25.04 |
| CPU | 16 vCPU |
| RAM | 61 GB + 31 GB swap |
| Disk | 339 GB (13% used) |
| Node | v20.20.0 |
| PostgreSQL | 17 (native, not Docker) |
| nginx | 17 workers |
Architecture
The request flow follows this path:
Internet --> nginx (80/443) --> Gateway (port 3000, systemd) --> Docker Slices (6)
Domain Routing (nginx):
| Domain | Destination |
|---|---|
| `app.queunir.com` | SPA frontend (`/var/www/app/`) + proxy `/api` to gateway :3000 |
| `queunir.com` | Marketing landing page (`/var/www/marketing/`) |
| `app.ipnoelp.io` | 301 redirect to `app.queunir.com` |
Gateway Service (wank-gateway)
The gateway is a systemd service (not pm2).
| Item | Details |
|---|---|
| Service | `wank-gateway.service` |
| User | ubuntu |
| WorkingDirectory | `/home/ubuntu/gateway/` |
| Runtime | Express + TypeScript (compiled to JS via `npx tsc`) |
| Port | 3000 (bound to 127.0.0.1) |
| Restart | `sudo systemctl restart wank-gateway` |
Gateway Routes
| Route Prefix | Purpose |
|---|---|
| `/api/` | Core API endpoints |
| `/auth/` | Authentication (login, register, sessions) |
| `/billing/` | Stripe subscription management |
| `/admin/` | Admin dashboard endpoints |
| `/orchestrator/` | Slice orchestration and provisioning |
| `/socket.io/` | Real-time WebSocket connections |
| `/health` | Health check endpoint |
Gateway Source Files
| File | Size | Purpose |
|---|---|---|
| `index.ts` | - | Main entry point, Express app setup |
| `admin.ts` | 17 KB | Admin panel API routes |
| `auth.ts` | - | Authentication and session management |
| `billing.ts` | - | Stripe billing integration |
| `database.ts` | - | PostgreSQL connection and queries |
| `health.ts` | - | Health check and status endpoints |
| `monitor.ts` | 12 KB | Resource monitoring and telemetry |
| `orchestrator.ts` | - | Slice lifecycle management |
| `provisioner.ts` | - | New slice provisioning |
| `proxy.ts` | - | Request proxying to slices |
| `sse.ts` | 10 KB | Server-Sent Events for real-time updates |
Docker Slices
Six Docker containers run the WhatsApp backend slices. Each slice runs whatsapp-web.js with its own Chromium browser instance.
Image: `wank-slice:latest` (1.49 GB)
| Container | Host Port | Database | Session Data |
|---|---|---|---|
| wank-slice-1 | 5001 | wa_slice_1 | /data/slices/1/ |
| wank-slice-2 | 5003 | wa_slice_2 | /data/slices/2/ |
| wank-slice-3 | 5005 | wa_slice_3 | /data/slices/3/ |
| wank-slice-4 | 5007 | wa_slice_4 | /data/slices/4/ |
| wank-slice-5 | 5009 | wa_slice_5 | /data/slices/5/ |
| wank-slice-6 | 5011 | wa_slice_6 | /data/slices/6/ |
All slice ports are bound to 127.0.0.1 only (not externally accessible). The gateway proxies requests to the appropriate slice based on user assignment.
PostgreSQL 17 (Native)
PostgreSQL runs natively on the host (not in Docker).
Gateway Database: wank_saas
| Table | Purpose | Key Columns |
|---|---|---|
| `gateway.users` | User accounts | email, password, stripe_customer, subscription_status (trial default), slice_id FK |
| `gateway.slices` | Slice inventory | port (unique), status, user_id, wa_connected, wa_phone, storage_bytes |
| `gateway.sessions` | Session management | Session tokens with expiry timestamps |
| `gateway.telemetry` | Per-slice monitoring | RSS, CPU, disk, swap metrics per slice |
| `gateway.server_telemetry` | Server monitoring | Server-level resource usage metrics |
| `gateway.events` | Event log | Slice events with JSONB detail and resolution tracking |
Slice Databases
Six separate databases (`wa_slice_1` through `wa_slice_6`), one per Docker slice. Each contains the WhatsApp CRM data for that slice’s assigned user.
SSL Certificates
All certificates are managed by Let’s Encrypt (certbot).
| Domain | Expiry |
|---|---|
| `app.queunir.com` | 2026-05-25 |
| `queunir.com` | 2026-05-25 |
| `app.ipnoelp.io` | 2026-05-24 |
Security
| Measure | Details |
|---|---|
| fail2ban | Active — 6 IPs currently banned, 143 total bans from 1,467 failed attempts |
| Slice isolation | All slice ports bound to 127.0.0.1 only |
| Gateway binding | Port 3000 bound to 127.0.0.1 only |
| nginx | Reverse proxy with SSL termination |
Common Operations
Restart the gateway:
ssh ovh
sudo systemctl restart wank-gateway
Rebuild after code changes:
ssh ovh
cd /home/ubuntu/gateway/
npx tsc
sudo systemctl restart wank-gateway
Check gateway logs:
ssh ovh
journalctl -u wank-gateway -f
Check Docker slice status:
ssh ovh
docker ps --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}"
Access a slice database:
ssh ovh
psql -U postgres -d wa_slice_1