Public configuration files, scripts, and documentation for production servers.
All secrets, passwords, API keys and FULL IP addresses are stored in a separate PRIVATE repository.
These rules apply to every session. The AI must follow them without exception.
Before answering ANY question — the AI must:
- Read the root
README.md(this file) - Read the relevant server folder
README.md(e.g.222/README.md) - Read
CHANGELOG.mdto understand recent changes - Only THEN answer, based on actual repo contents — not assumptions
If you are not sure what is already set up — check the repo first.
Every change, no matter how small, must be saved to the repo. This includes:
- New scripts or config files
- Any changes to existing scripts
- New cron jobs or systemd units
- Every problem encountered and how it was solved
- Installation steps for any software
- Backup configurations
- Test results
If it was done on a server — it must exist in the repo. No exceptions.
| Where | Language | Notes |
|---|---|---|
| AI ↔ VladiMIR (chat) | 🇷🇺 Russian only | Always communicate in Russian in chat |
This PUBLIC repo (Linux_Server_Public) |
🇬🇧 English only | All .md files, all comments inside scripts, all descriptions |
Private repo (Secret_Privat) |
🇷🇺 Russian | Descriptions, notes and comments in Russian |
Crypto bot repo (crypto-docker / private) |
🇷🇺 Russian | Descriptions, notes and comments in Russian |
Summary:
- Chat with AI → always Russian
- Public GitHub repo → always English (code comments, README, all docs)
- Private / secret repos → Russian
When the AI sends code, it must always clearly mark one of these:
📋 INFO ONLY — do not run this
🚀 RUN ON SERVER: xxx.xxx.xxx.222 (222-DE-NetCup)
🚀 RUN ON SERVER: xxx.xxx.xxx.109 (109-RU-FastVDS)
🚀 RUN ON ALL SERVERS
- Every executable code block must specify the exact server IP where it should run
- If multiple code blocks are needed for the same task → merge them into one script
- Every script must start with
clearto clear the terminal before output - Do NOT send 10 separate snippets when one combined script will do
| ✅ Allowed in PUBLIC repo | ❌ NEVER in PUBLIC repo |
|---|---|
Template placeholders <VALUE> |
Real passwords |
IP format: xxx.xxx.xxx.222 |
Full IP addresses |
| Script logic and structure | API keys / tokens |
| Config templates | SSH private keys |
| Documentation | WireGuard private keys |
| Masked IPs (last octet only visible) | Telegram Bot tokens |
IP masking format: only the last octet is shown. Examples:
152.53.182.222→xxx.xxx.xxx.222212.109.223.109→xxx.xxx.xxx.109109.234.38.47→xxx.xxx.xxx.47
Full IPs, passwords and keys → stored ONLY in the private Secret_Privat repository.
All configuration must be done at the SERVER level — never per-account or per-domain.
- PHP settings (
memory_limit,max_execution_time,opcache, etc.) → set globally inphp.iniorwww.conf - Nginx settings (timeouts, buffers, limits) → set globally in
nginx.conforconf.d/ - MariaDB settings → set globally in
my.cnf - CrowdSec rules → applied globally to all sites automatically
- PHP-FPM pool parameters → use a global template applied to all pools equally
- Individual per-site tuning creates inconsistency and technical debt
- If one site needs more resources, the server needs upgrading — not that one site's config
- All hosted sites are equal — no site gets special treatment at config level
- Easier maintenance: one change fixes all sites at once
If a site shows errors, high CPU, memory issues, or behaves differently from others — do NOT edit its config files directly. Instead:
- Check if WordPress is up to date — log into the site's WP Admin and update all plugins, themes, and WordPress core
- Check if a CAPTCHA plugin is installed and working — every WP site must have an active, up-to-date CAPTCHA (e.g. Cloudflare Turnstile, hCaptcha, or similar)
- Check for outdated or abandoned plugins — deactivate anything not updated in 12+ months
- If the problem persists — investigate at the server level (PHP-FPM pool stats, error logs, CrowdSec decisions)
The AI must notify VladiMIR when a specific domain behaves differently from others:
"Domainexample.czis generating errors — please log into WP Admin, update all plugins/themes/core, and verify that a CAPTCHA plugin is installed and active."
LinuxServerPublic/
├── 222/ → Server 222-DE-NetCup (xxx.xxx.xxx.222) — NetCup.com, Germany
│ Ubuntu 24 / FASTPANEL / Cloudflare / CZ+EU sites
│ 4 vCore AMD EPYC-Genoa / 8 GB DDR5 ECC / 256 GB NVMe
│ Tariff: VPS 1000 G12 (2026) — 8.60 €/mo
│ 📖 Full docs: 222/README.md
│
├── 109/ → Server 109-RU-FastVDS (xxx.xxx.xxx.109) — FastVDS.ru, Russia
│ Ubuntu 24 / FASTPANEL / No Cloudflare / RU sites
│ 4 vCore AMD EPYC 7763 / 8 GB RAM / 80 GB NVMe
│ Tariff: VDS-KVM-NVMe-Otriv-10.0 — 13 €/mo
│ 📖 Full docs: 109/README.md
│
├── VPN/ → AmneziaWG VPN infrastructure
│ Multiple VPN nodes — see VPN node list below
│ Automated Docker backup system with AWS S3
│ 📖 Full docs: VPN/README.md
│
├── scripts/ → Shared scripts used by ALL servers
│ shared_aliases.sh — common aliases (save, load, aw, mc...)
│
├── CHANGELOG.md → Full history of all changes
├── OPERATIONS.md → Operational procedures and runbooks
├── domains.md → Domain list and DNS configuration
└── README.md → This file — AI rules, standards, quick reference
| Name | IP (masked) | Provider | Location | Panel | Cloudflare | Monthly |
|---|---|---|---|---|---|---|
| 222-DE-NetCup | xxx.xxx.xxx.222 | NetCup.com | Germany | FASTPANEL | ✅ Yes | 8.60 € |
| 109-RU-FastVDS | xxx.xxx.xxx.109 | FastVDS.ru | Russia | FASTPANEL | ❌ No | 13 € |
Hardware (both servers): 4 vCore AMD EPYC / 8 GB RAM / 80–256 GB NVMe / Ubuntu 24 LTS
All nodes run AmneziaWG (WireGuard obfuscation) + Samba file sharing.
| Node Name | IP (masked) | Extra Services |
|---|---|---|
| ALEX_47 | xxx.xxx.xxx.47 | AmneziaWG + Samba |
| 4TON_237 | xxx.xxx.xxx.237 | AmneziaWG + Samba + Prometheus |
| TATRA_9 | xxx.xxx.xxx.9 | AmneziaWG + Samba + Kuma Monitoring |
| SHAHIN_227 | xxx.xxx.xxx.227 | AmneziaWG + Samba |
| STOLB_24 | xxx.xxx.xxx.24 | AmneziaWG + Samba + AdGuard Home |
| PILIK_178 | xxx.xxx.xxx.178 | AmneziaWG + Samba |
| ILYA_176 | xxx.xxx.xxx.176 | AmneziaWG + Samba |
| SO_38 | xxx.xxx.xxx.38 | AmneziaWG + Samba |
Full IP addresses, WireGuard keys and configs are stored in the private
Secret_Privatrepository.
MOTD = the banner you see every time you SSH into the server.
| Server | File on server | File in repo |
|---|---|---|
| 222-DE-NetCup | /etc/profile.d/motd_server.sh |
222/motd_server.sh |
| 109-RU-FastVDS | /etc/profile.d/motd_server.sh |
109/motd_server.sh |
| VPN nodes | /etc/profile.d/motd_server.sh |
VPN/motd_server.sh |
🚀 RUN ON SERVER: xxx.xxx.xxx.222 (222-DE-NetCup)
clear
nano /etc/profile.d/motd_server.sh
# Find the block: # Row 1 (SCAN/SERVER/WORDPRESS) or # Row 2 (BOT/GIT/TOOLS)
# Each line format:
# echo -e " ${G}aliasname${X}(description) ${G}alias2${X}(desc)"
# Column width: ~26 chars per column (use spaces to align)
# Test immediately:
bash /etc/profile.d/motd_server.sh
# Save to repo:
cd /root/Linux_Server_Public
cp /etc/profile.d/motd_server.sh 222/motd_server.sh
save| Server | File on server | File in repo |
|---|---|---|
| 222-DE-NetCup | /root/.bashrc |
222/.bashrc |
| 109-RU-FastVDS | /root/.bashrc |
109/.bashrc |
| VPN nodes | /root/.bashrc |
VPN/.bashrc |
| ALL servers (shared) | sourced from .bashrc |
scripts/shared_aliases.sh |
🚀 RUN ON SERVER: xxx.xxx.xxx.222 (222-DE-NetCup)
clear
nano /root/.bashrc
# Add line: alias myalias='command'
source /root/.bashrc # apply without re-login
# Also add it to MOTD menu (motd_server.sh) so it shows in the banner!
# Save to repo:
cd /root/Linux_Server_Public
cp /root/.bashrc 222/.bashrc
save🚀 RUN ON SERVER: xxx.xxx.xxx.222 (222-DE-NetCup)
clear
# Pull latest from repo and install on server:
cd /root/Linux_Server_Public && git pull
cp 222/motd_server.sh /etc/profile.d/motd_server.sh
cp 222/.bashrc /root/.bashrc
source /root/.bashrc
bash /etc/profile.d/motd_server.sh
# After editing files on server — push back to repo:
cd /root/Linux_Server_Public
cp /etc/profile.d/motd_server.sh 222/motd_server.sh
cp /root/.bashrc 222/.bashrc
save📋 INFO ONLY — run on your LOCAL machine
ssh-keygen -t ed25519 -C "yourname@server" -f ~/.ssh/id_ed25519_servername📋 INFO ONLY — adjust IP before running
ssh-copy-id -i ~/.ssh/id_ed25519_servername.pub root@SERVER_IP
# OR manually:
cat ~/.ssh/id_ed25519_servername.pub >> /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keysHost 222
HostName <FULL_IP_FROM_SECRET_REPO>
User root
IdentityFile ~/.ssh/id_ed25519_222
Host 109
HostName <FULL_IP_FROM_SECRET_REPO>
User root
IdentityFile ~/.ssh/id_ed25519_109
Then simply: ssh 222 or ssh 109
🚀 RUN ON SERVER where CrowdSec is broken
clear
mkdir -p /etc/crowdsec/hub
cscli hub update
cscli hub upgrade
systemctl restart crowdsec
systemctl status crowdsec --no-pager | head -5If you receive a Telegram alert:
⚠️ 222-DE-NetCup
PHP-FPM pool kk-med.eu
CPU=103% for 29min → php-fpm restarted automatically
This means the watchdog (php_fpm_watchdog.sh) detected a runaway PHP-FPM pool and restarted it.
This is normal auto-recovery — no manual action needed unless it repeats.
To investigate:
🚀 RUN ON SERVER: xxx.xxx.xxx.222 (222-DE-NetCup)
clear
watchdog # check current PHP-FPM state
sos # check recent nginx/php errors
wphealth # check WordPress sites health- Script:
VPN/vpn_docker_backup.sh - Uploads encrypted archives to AWS S3
- Runs daily at 03:30 via cron
- Keeps last 7 backups (KEEP=7)
- Full docs:
VPN/BACKUP.md
- Script:
222/backup_clean.shand109/backup_clean.sh - Backs up all WordPress sites, databases, and configs
- Full docs:
222/README.md
Every script committed to this repository must follow these rules:
RED='\033[0;31m' # Errors, critical warnings
YEL='\033[1;33m' # Warnings, detected values
GRN='\033[0;32m' # Success, OK messages
CYN='\033[0;36m' # Section headers, info blocks
NC='\033[0m' # Reset colour# Version: v2026-04-12#!/bin/bash
# =============================================================
# Script: script_name_vYYYY-MM-DD.sh
# Version: vYYYY-MM-DD
# Server: [server label and masked IP, e.g. 222-DE-NetCup xxx.xxx.xxx.222]
# Description: What this script does (2-4 sentences).
# Usage: bash script_name.sh
# Dependencies: list tools required (e.g. docker, pigz, curl)
# WARNING: [side effects if any — e.g. restarts nginx]
# = Rooted by VladiMIR | AI =
# =============================================================
clear- ✅ Templates with
<PLACEHOLDER>— allowed - ✅ Masked IPs
xxx.xxx.xxx.222— allowed - ❌ Passwords, API keys, tokens, private keys — NEVER in this repo
- ❌ Full IP addresses — NEVER in this repo
- Real credentials and IPs → private
Secret_Privatrepo only
| Location | Purpose |
|---|---|
222/ |
Scripts/configs for NetCup Germany server |
109/ |
Scripts/configs for FastVDS Russia server |
VPN/ |
Scripts/configs for AmneziaWG VPN nodes |
scripts/ |
Shared across ALL servers |
NN_servername_description_vYYYY-MM-DD.sh
Example: 01_222_clean_vpn_reports_v2026-04-12.sh
🚀 RUN ON SERVER: xxx.xxx.xxx.222 (222-DE-NetCup)
clear
bash /root/Linux_Server_Public/222/set_php_fpm_limits_v2026-04-07.sh🚀 RUN ON SERVER: xxx.xxx.xxx.109 (109-RU-FastVDS)
clear
bash /root/Linux_Server_Public/109/set_php_fpm_limits_v2026-04-07.sh| Parameter | Value | Effect |
|---|---|---|
pm.max_children |
≤8 (calc from RAM) | Limits concurrent PHP processes |
pm.max_requests |
500 | Prevents memory leaks |
CPUQuota |
320% (4 cores × 80%) | Hard CPU cap via systemd |
MemoryMax |
~6.8 GB (85% of 8 GB) | Hard RAM cap via systemd |
OOMScoreAdjust |
300 | OOM killer priority |
🚀 RUN ON SERVER: xxx.xxx.xxx.222 (222-DE-NetCup)
clear
bash /root/Linux_Server_Public/VPN/vpn_docker_backup.sh🚀 RUN ON SERVER: xxx.xxx.xxx.222 (222-DE-NetCup)
clear
bash /root/Linux_Server_Public/VPN/amnezia_stat.sh- 📁 222/ folder (NetCup DE)
- 📁 109/ folder (FastVDS RU)
- 📁 VPN/ folder (AmneziaWG)
- 📁 scripts/ folder (shared)
- 📋 CHANGELOG
- 📋 OPERATIONS
- 🌐 Domain List
= Rooted by VladiMIR | AI =