Services & Ports
immichbox services
| Service | Port | Health endpoint | Auth |
|---|---|---|---|
| Jellyfin | 8096 | /health |
None |
| Prowlarr | 9696 | /api/v1/health?apikey=KEY |
API key |
| Radarr | 7878 | /api/v3/health?apikey=KEY |
API key |
| Sonarr | 8989 | /api/v3/health?apikey=KEY |
API key |
| qBittorrent | 8081 | /api/v2/app/version |
IP whitelist |
| Requestrr | 4545 | / (returns 200) |
None |
| Matrix Synapse | 8008 (app) / 9092 (metrics) | /_synapse/metrics |
None (UFW restricted) |
| Caddy | 80 / 443 | Reverse proxy | — |
| Node Exporter | 9100 | — | — |
qBittorrent port gotcha: Every piece of documentation — including the original project notes — says port 8080. The actual port on this installation is 8081. The health endpoint is /api/v2/app/version, not the root path (root returns 404 unauthenticated, 403 authenticated). attic-gremlin (192.168.4.71) must be on the IP whitelist for the health check to work.
Requestrr: Runs baremetal (not Docker) as /opt/Requestrr/requestrr-linux-x64/Requestrr.WebApi. Port 4545. No standard health endpoint — blackbox probes the root path / which returns 200.
Matrix Synapse metrics: Binds to 0.0.0.0:9092 (not the default 127.0.0.1). Requires enable_metrics: true and metrics_bind_host: "0.0.0.0" in /etc/matrix-synapse/homeserver.yaml. UFW allows port 9092 from attic-gremlin only.
smaug services
| Service | Port | Health endpoint | Auth |
|---|---|---|---|
| Immich | 30041 | /server-info/ping |
None |
| TrueNAS UI | 80 / 443 | — | — |
Immich endpoint gotcha: The official Immich documentation gives port 2283 and path /api/server-info/ping. Neither is correct for this installation. The actual port is 30041 and the actual path is /server-info/ping. Using the documented API path returns 404.
attic-gremlin services
| Service | Port | Notes |
|---|---|---|
| Prometheus | 9090 | Central metrics collector |
| Grafana | 3000 | Dashboard UI at http://attic.lan:3000 |
| Node Exporter | 9100 | System metrics |
| Graphite Exporter (receive) | 2003 | Accepts push from smaug |
| Graphite Exporter (scrape) | 9108 | Prometheus scrapes this |
| Blackbox Exporter | 9115 | HTTP health probes |
| Ollama | 11434 | LLM inference (metrics endpoint not working) |
| MkDocs wiki | 8000 | Served via systemd user service |
HAOS
| Service | Port | Health endpoint | Auth |
|---|---|---|---|
| Home Assistant | 8123 | /api/ |
Bearer token (returns 401 without it) |
Health probing requires a long-lived access token. One named prometheus was created under Profile → Long-Lived Access Tokens in the HAOS UI. This token is used in the Blackbox Exporter config via a custom http_2xx_bearer module.
External subdomains (yooshtek.com)
All external traffic enters via Caddy on immichbox (ports 80/443). Caddy terminates HTTPS and reverse-proxies to the appropriate internal host — which may be on a completely different machine.
| Subdomain | Proxies to | Notes |
|---|---|---|
jellyfin.yooshtek.com |
192.168.4.30:8096 |
immichbox |
immich.yooshtek.com |
192.168.4.50:30041 |
smaug |
ha.yooshtek.com |
192.168.4.40:8123 |
HAOS VM |
mainsail.yooshtek.com |
192.168.4.200:4409 |
ender — external access broken, LAN only for now |
matrix.yooshtek.com |
127.0.0.1:8008 |
Matrix Synapse on immichbox |
element.yooshtek.com |
/var/www/element |
Static files on immichbox |
yooshtek.com |
— | .well-known/matrix delegation only |