Server maintenance

DeployCrate provisions servers with a baseline maintenance posture, but not every maintenance workflow is user-facing yet.

What is configured during provisioning

Managed servers include:

  • journald retention limits
  • fail2ban for SSH brute-force protection
  • Docker log rotation
  • host preflight checks
  • Docker garbage collection timers
  • node_exporter for host metrics
  • Caddy for TLS and routing
  • blue/green crate-operator services

These defaults are installed during server setup and are intended to keep routine operation predictable.

Operator health

DeployCrate checks operator health and stores operator status. If the operator is unreachable, deployment and maintenance actions for that server can fail until connectivity or the operator service is restored.

Operator updates

DeployCrate has internal admin workflows for rolling out crate-operator versions across servers. Operator updates use a downloaded artifact, checksum verification, inactive instance startup, and traffic switching between the operator's blue and green services.

This is currently an internal/admin capability rather than a normal end-user workflow.

System package updates

The crate-operator API includes capabilities to check for system package updates and apply safe or full package updates. The server sudo policy grants the operator access to the package commands needed for this.

This capability exists at the operator/API layer, but the user-facing maintenance workflow is not fully built yet.

Customer access

The customer admin account remains the break-glass path for server ownership. Use it when direct inspection is required, but avoid unmanaged one-off changes to DeployCrate-owned paths because future provisioning or operator actions may overwrite them.

Use DeployCrate for provisioning, deployments, operator health checks, and operator-managed actions. For OS-level maintenance that is not yet exposed in the UI, plan a maintenance window and verify the application after applying changes directly or through internal operator tooling.