Elitebench Platform¶
Overview¶
Elitebench is a production self-hosted infrastructure platform. 50+ containerized services, 5 domains, automated backups, centralized authentication, distributed storage, and comprehensive monitoring -- all running on a single machine with the resilience of a multi-node cluster.
What started as "I should self-host a few things" became a full platform architecture with its own database layer, reverse proxy mesh, SSO system, and AI capabilities.
Architecture¶
Cloudflare → OPNsense → Cortex (Caddy Docker Proxy) → Services
Every service registers itself with the reverse proxy via Docker labels. No manual nginx configs. No port forwarding spreadsheets. Deploy a container with the right labels and it's live on HTTPS within seconds.
Core Stack¶
SARA -- Storage & Recovery Architecture¶
The database and storage foundation:
- PostgreSQL 16.6 -- Primary database for all services
- PgDog -- Connection pooler (transaction-mode) at port 6432
- JuiceFS -- Distributed filesystem backed by PostgreSQL metadata + S3 storage
- WAL-G -- Continuous Write-Ahead Log archiving to S3, scheduled full backups at 03:30
- MinIO-compatible S3 gateway -- Local object storage access
Cortex -- Connectivity & Observability¶
The networking and monitoring layer:
- Caddy Docker Proxy -- Automatic HTTPS reverse proxy via container labels
- syslog-ng -- Centralized log aggregation at UDP 514
- Uptime Kuma -- Service health monitoring with alerting
- Grafana + Loki + Promtail -- Log visualization and search
Auth -- Identity & Access¶
Centralized authentication for every service:
- Keycloak 26.5.0 -- OAuth2/OIDC identity provider
- Two realms --
nickfixit(personal services) andelitebench(platform services) - PKCE (S256) on all clients
- OAuth2 Proxy sidecar pattern for service authentication
- Custom Keywind theme with TailwindCSS
Service Domains¶
| Domain | Purpose | Services |
|---|---|---|
| nickfixit.com | Personal site & services | Portfolio, blog, shop, Plex, photos, media management |
| elitebench.com | Platform infrastructure | Docs, AI proxy, monitoring, auth |
| sincitypc.com | Legacy brand | Redirect |
| doecakes.com | Client project | Client site |
| rockvale.com | Client project | Client site |
Key Capabilities¶
- Automated backup and disaster recovery -- WAL-G continuous archiving, point-in-time recovery, S3 offsite storage
- Centralized SSO -- Single Keycloak login across all services via OAuth2 Proxy sidecars
- Distributed storage -- JuiceFS provides a POSIX filesystem backed by PostgreSQL + S3, accessible from any container
- Comprehensive monitoring -- Uptime Kuma health checks, Grafana dashboards, centralized syslog
- AI-powered documentation -- MkDocs Material with a live WYSIWYG editor and AI chat integration via LiteLLM
- Media management -- Plex, Sonarr/Radarr/Lidarr, Immich photos, Hoarder bookmarks with AI classification
- Zero-touch HTTPS -- Deploy a container, add Caddy labels, get automatic TLS via Cloudflare origin certs
Technologies¶
Docker, PostgreSQL 16.6, Caddy, Keycloak 26.5, JuiceFS, Python, FastAPI, MkDocs Material, n8n, Plex, Immich, OpenWebUI, Ollama, WAL-G, PgDog, syslog-ng, Grafana, Loki
Status¶
Actively running and continuously evolving. New services are added regularly as needs arise. The platform serves as both production infrastructure and a laboratory for exploring new tools and architectures.