3-Server Architecture
Architecture Overview: The Mad Monkey project uses a single Docker host architecture with a centralized SSL proxy for all external HTTPS traffic.
Current Status: Phase 2 testing is BLOCKED due to duplicate opt-in email issue. See Issues & Blockers for details.
SSL/HTTPS Flow: Internet → 76.150.65.61:443 → NGINX SSL Proxy (10.0.0.251) → Internal Services
All SSL certificates are managed centrally via Let's Encrypt on the NGINX proxy server.
All SSL certificates are managed centrally via Let's Encrypt on the NGINX proxy server.
Server Topology
NGINX SSL Proxy
10.0.0.251
Let's Encrypt SSL
↓
10.0.0.251
Let's Encrypt SSL
Orchestrator
10.0.0.197
Claude + Projects
↔
10.0.0.197
Claude + Projects
BennyBeen
10.0.0.250
PostgreSQL, Shlink, Listmonk, n8n
10.0.0.250
PostgreSQL, Shlink, Listmonk, n8n
| Server | IP Address | Hostname | Primary Role | Status |
|---|---|---|---|---|
| NGINX SSL Proxy | 10.0.0.251 |
ssl-proxy | SSL termination, Let's Encrypt certs, Reverse proxy | Active |
| Orchestrator | 10.0.0.197 |
orchestrator | Claude Code, Projects, Documentation | Active |
| BennyBeen | 10.0.0.250 |
bennybeen | PostgreSQL, Shlink, Listmonk, n8n (Mad Monkey) | Active |
NGINX SSL Proxy Server (10.0.0.251)
NGINX SSL Proxy
10.0.0.251
Central SSL termination and reverse proxy for all external HTTPS traffic
Purpose
- Handles all SSL/TLS termination for external traffic
- Manages Let's Encrypt certificates via Certbot
- Reverse proxies requests to internal services
- Single point for certificate management
NGINX Proxy Manager Access
NPM Admin UI:
Admin Login:
Proxy Hosts: 27 configured | Redirection Hosts: 5 configured
http://10.0.0.251:81Admin Login:
indigoproductions@yahoo.comProxy Hosts: 27 configured | Redirection Hosts: 5 configured
# SSH to SSL Proxy (dockerhost-02) ssh -i /root/.ssh/id_ed25519_to_250 indigoadmin@10.0.0.251 # Or with bennybeen automation key ssh -i /home/indigoadmin/.ssh/bennybeen_automation indigoadmin@10.0.0.251
Domain Routing (All Active)
| Domain | Backend | Port | Status |
|---|---|---|---|
| n8n.mad-monkey-creations.com | 10.0.0.250 | 5678 | Active |
| hooks.mad-monkey-creations.com | 10.0.0.250 | 5678 | Active |
| list.mad-monkey-creations.com | 10.0.0.250 | 9000 | Active |
| mmlnk.us | 10.0.0.250 | 8081 | Active |
| admin.mmlnk.us | 10.0.0.250 | 8081 | Active (IP-restricted) |
| adventure.mad-monkey-creations.com | 10.0.0.250 | 80 | Active |
| n8n.janness.com (separate, not Mad Monkey) | 10.0.0.198 | 5678 | Active |
Note: n8n.janness.com is a separate, pre-existing n8n instance not part of the Mad Monkey project. Mad Monkey uses a dedicated n8n instance on BennyBeen (10.0.0.250).
NGINX Proxy Manager Docker Setup
# docker-compose.yml on 10.0.0.251
version: '3.8'
services:
nginx-proxy-manager:
image: jlesage/nginx-proxy-manager:latest
container_name: nginx-proxy-manager
restart: unless-stopped
ports:
- '80:8080' # HTTP
- '81:8181' # Admin UI
- '443:4443' # HTTPS
volumes:
- ./config:/config:rw
environment:
- TZ=America/Chicago
- DISABLE_IPV6=0
SSL Certificates (Managed by NPM)
SSL certificates are automatically managed via Let's Encrypt through the NPM web interface. To add/renew certificates:
- Access NPM admin at
http://10.0.0.251:81 - Navigate to SSL Certificates
- Add Let's Encrypt certificate with domain validation
- Assign to proxy hosts
Orchestrator Server (10.0.0.197)
Orchestrator
10.0.0.197
Central management server for Claude Code, project files, and documentation
Purpose
- Hosts Claude Code CLI installation
- Contains all project directories and source code
- Central location for documentation management
- Development and orchestration tasks
Directory Structure
/home/indigoadmin/
├── docker/
│ └── webserver/
│ └── docker-compose.yml
└── projects/
├── BennyBeen/
│ └── CLAUDE.md
├── documentor/
│ ├── CLAUDE.md
│ ├── chats/
│ ├── deployment/
│ ├── html/ # Documentation files
│ └── ...
└── workflow/
├── CLAUDE.md
└── workflows/
Access
# SSH to Orchestrator ssh indigoadmin@10.0.0.197 # Or as root ssh root@10.0.0.197 # Project directory cd /home/indigoadmin/projects/
Installed Software
| Software | Version | Purpose |
|---|---|---|
| Claude Code CLI | Latest | AI-assisted development |
| Node.js | v24.x | JavaScript runtime |
| Docker | 20.10+ | Container runtime |
BennyBeen Server (10.0.0.250)
BennyBeen
10.0.0.250
Docker host for all Mad Monkey services: database, URL shortener, email platform, n8n workflows, and reverse proxy
Purpose
- PostgreSQL 16 database server
- n8n workflow automation (dedicated Mad Monkey instance)
- Shlink URL shortener for QR code links
- Listmonk email marketing platform
- Traefik reverse proxy (internal routing)
Service Port Mapping
| Service | Container | Port | Domain | Status |
|---|---|---|---|---|
| PostgreSQL | mm-postgres | 5432 | Internal only | Active |
| n8n (Mad Monkey) | mm-n8n | 5678 | n8n.mad-monkey-creations.com | Active |
| Shlink | mm-shlink | 8081 | mmlnk.us, admin.mmlnk.us | Active |
| Listmonk | mm-listmonk | 9000 | list.mad-monkey-creations.com | Active |
| Traefik | mm-traefik | 80, 443, 8080 | Internal routing (SSL via NGINX proxy) | Active |
Note: SSL termination is handled by the NGINX SSL Proxy at 10.0.0.251, not Traefik. External HTTPS requests go through:
Internet → 76.150.65.61:443 → NGINX (10.0.0.251) → BennyBeen services (10.0.0.250)
Access
# SSH to BennyBeen ssh bennybeen@10.0.0.250 # Project directory cd /home/bennybeen/mad-monkey/ # Docker commands docker ps | grep mm- docker logs -f mm-postgres
Directory Structure
/home/bennybeen/mad-monkey/ ├── backups/ # Database and system backups ├── deployment/ # Deployment configuration │ ├── docker-compose.yml │ ├── n8n-workflows/ │ └── postgres-init/ ├── docker-compose.yml # Root docker compose ├── landing-page/ # Benny landing page files ├── letsencrypt/ # SSL certificates (Traefik) ├── listmonk-data/ # Listmonk container data ├── n8n-data/ # n8n container data (legacy) ├── postgres-data/ # PostgreSQL container data └── shlink-data/ # Shlink container data
External IP: 76.150.65.61 (DYNAMIC - can change)
When external IP changes, DNS records must be updated. See DNS-UPDATE-PROCESS.md.
When external IP changes, DNS records must be updated. See DNS-UPDATE-PROCESS.md.
n8n Workflows (Mad Monkey Dedicated)
n8n API Key:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI5MTRhOTA4OS04ZDcyLTRiYzgtOTZhNi03ZWNmOTI3YjE0OTYiLCJpc3MiOiJuOG4iLCJhdWQiOiJwdWJsaWMtYXBpIiwiaWF0IjoxNzY3MzA3MjY2fQ.daVjOjgJ4pyzSK45Z5hA824i0aMfiu3etVyMga0qMEo
Active Workflows
| Workflow | Trigger | Status | Notes |
|---|---|---|---|
| Scan Intake | Webhook: /webhook/scan |
Active | Log QR scans and redirect to landing page |
| Email Capture | Webhook: /webhook/entry |
Active | Process form submissions, create Listmonk subscribers |
| Confirmation | Webhook: /webhook/listmonk/confirm |
Active | Handle subscriber confirmation |
| Story & Reward Drip | Schedule | Active | Automated email sequence |
| Monthly Winner Selection | Cron | Active | Select random verified entry |
Deployment Workflows
| Workflow | ID | Trigger | Status | Notes |
|---|---|---|---|---|
| Deploy Mad Monkey Stack | WdkBuXICkoVN4Kuw |
Manual | Inactive | SSH deploy script runner; needs SSH credentials configured |
| Update DNS on IP Change | oIuqN3SqD9ROnLZh |
Hourly Schedule | Inactive | Monitors external IP; needs Redis + Slack credentials |
Network Topology
Internal Network (10.0.0.0/24)
| IP Address | Hostname | Role |
|---|---|---|
10.0.0.251 |
ssl-proxy | NGINX SSL Proxy, Let's Encrypt certificates |
10.0.0.157 |
admin-workstation | Admin whitelist IP (for admin.mmlnk.us access) |
10.0.0.197 |
orchestrator | Claude Code, Projects, Documentation |
10.0.0.250 |
bennybeen | Docker Services Host (PostgreSQL, Shlink, Listmonk, n8n) |
External Access
| External IP | Type | Notes |
|---|---|---|
76.150.65.61 |
Dynamic (Comcast) | Can change; requires DNS updates when it does |
Server Connectivity
Inter-Server Communication
| From | To | Port | Purpose |
|---|---|---|---|
| Internet | SSL Proxy (10.0.0.251) | 443 | External HTTPS traffic |
| SSL Proxy (10.0.0.251) | BennyBeen (250) | 5678, 8081, 9000 | Proxied requests to n8n, Shlink, Listmonk |
| Orchestrator (197) | BennyBeen (250) | 22, 5432, 5678 | SSH, Database access, n8n API |
| BennyBeen n8n | BennyBeen PostgreSQL | 5432 | Database queries (localhost) |
| BennyBeen n8n | BennyBeen Listmonk | 9000 | Listmonk API calls (localhost) |
| BennyBeen n8n | BennyBeen Shlink | 8081 | Shlink API calls (localhost) |
Testing Connectivity
# From Orchestrator, test SSL Proxy nc -zv 10.0.0.251 443 # From Orchestrator, test BennyBeen services nc -zv 10.0.0.250 5432 # PostgreSQL nc -zv 10.0.0.250 5678 # n8n nc -zv 10.0.0.250 8081 # Shlink nc -zv 10.0.0.250 9000 # Listmonk # Test all Mad Monkey servers for ip in 10.0.0.251 10.0.0.197 10.0.0.250; do echo "Testing $ip..." nc -zv -w 2 $ip 22 done
Architecture Benefits
- Centralized SSL: All certificates managed at SSL Proxy (10.0.0.251)
- Consolidated Services: All Mad Monkey Docker services on single host (BennyBeen)
- Simplified Networking: Internal service communication via localhost
- Easy Maintenance: Single docker-compose.yml manages all containers
- Development: Orchestrator provides clean development environment