# Managing Services #### Listing & Inspecting Services ```bash # List all services across all projects elestio services # Filter by project elestio services --project 112 # Get detailed info for one service elestio service ``` --- #### Power Management ```bash elestio reboot # Graceful OS reboot (safest) elestio restart-stack # Restart Docker containers only (fastest, no OS reboot) elestio shutdown # Graceful shutdown via ACPI signal elestio poweroff # Force power off (like unplugging) elestio poweron # Power on a stopped VM elestio reset # Hard power cycle ```

**Tip:** Prefer `restart-stack` When you just need to restart the application, it is much faster than a full `reboot` and avoids OS startup time.

--- #### Resizing a Service ```bash # Upgrade or downgrade VM size elestio resize --size LARGE-4C-8G # Check available sizes first elestio sizes --provider netcup ```

**Important:** Not all providers support downgrades. Only **Netcup, AWS, Azure, and Scaleway** allow downgrading instance sizes. Attempting a downgrade on Hetzner or GCP will be blocked automatically by the CLI.

--- ##### Termination Protection Prevent accidental deletion: ```bash elestio lock # Enable termination protection elestio unlock # Disable termination protection ``` --- #### Firewall Management ```bash # View current rules elestio firewall get # Enable firewall with rules elestio firewall enable --rules '[ {"type":"INPUT","port":"22","protocol":"tcp","targets":["0.0.0.0/0"]}, {"type":"INPUT","port":"443","protocol":"tcp","targets":["0.0.0.0/0"]}, {"type":"INPUT","port":"8080","protocol":"tcp","targets":["10.0.0.0/8"]} ]' # Update all rules (replaces existing ruleset) elestio firewall update --rules '[...]' # Disable firewall elestio firewall disable ``` #### Firewall rule format ```json { "type": "INPUT", "port": "22", "protocol": "tcp", "targets": ["0.0.0.0/0", "::/0"] } ``` - `port`: single port (`"22"`) or range (`"8000-8080"`) - `protocol`: `"tcp"` or `"udp"` - `targets`: list of CIDR ranges; `"0.0.0.0/0"` means all IPv4 --- #### SSL & Custom Domains ```bash # List current domains elestio ssl list # Add a custom domain (SSL auto-provisioned via Let's Encrypt) elestio ssl add myapp.example.com # Remove a domain elestio ssl remove myapp.example.com ```

Point your domain's DNS A record to the service's IPv4 address before running `ssl add`.

--- #### SSH Keys ```bash elestio ssh-keys list elestio ssh-keys add --name "my-laptop" --key "ssh-ed25519 AAAA..." elestio ssh-keys remove --name "my-laptop" ```

Provide only the key type + key data. **Do not** include the trailing comment (e.g., `user@host`).

--- #### SSH & Web Access ```bash elestio ssh # Open SSH web terminal URL in browser elestio ssh --direct # Print the direct SSH command elestio vscode # Open VSCode in browser elestio files # Open web file manager elestio credentials # Print application URL + admin credentials ``` --- #### Auto-Updates ```bash # OS security updates only, every Sunday at 05:00 elestio updates system-enable --day 0 --hour 5 --security-only # All OS updates elestio updates system-enable --day 0 --hour 5 # Disable OS auto-updates elestio updates system-disable # Trigger an OS update now elestio updates system-now # Application-level updates (the Docker image) elestio updates app-enable --day 0 --hour 3 elestio updates app-disable elestio updates app-now # Upgrade/downgrade application version elestio change-version 16 # e.g., PostgreSQL 16 ``` **`--day` values:** 0 = Sunday, 1 = Monday, … 6 = Saturday --- #### Moving a Service ```bash elestio move-service ``` --- #### Deleting a Service ```bash elestio delete-service --force ```

Always use `elestio lock ` first if you want to protect a service from accidental deletion.

--- #### VM Architecture Every service runs on a dedicated VM with this layout: ``` /opt/elestio/nginx/ ← Reverse proxy (managed by Elestio, do not modify) /opt/app/ ← Your application ├── docker-compose.yml ← For catalog services └── / ← For CI/CD pipelines ``` - A reverse proxy handles HTTPS termination automatically - SSL is auto-renewed via Let's Encrypt - Internal Docker network:`172.17.0.1` - Bind application ports to `172.17.0.1:PORT` not `0.0.0.0`