This page documents the cold standby procedure for the GP Booking App. If the principal VPS (88.208.212.211) suffers a hardware failure or becomes unreachable, the application can be brought back online on the backup VPS (77.68.112.126) within minutes.
Normal Operation:
Users → gp.veripath.co.uk (DNS) → Principal VPS (88.208.212.211)
├── gp_booking_app (Docker)
├── PostgreSQL (Docker)
└── nginx reverse proxy
Failover:
Users → gp.veripath.co.uk (DNS) → Backup VPS (77.68.112.126)
├── gp_booking_app (Docker - restored)
├── PostgreSQL (Docker - restored from BorgBackup)
└── nginx reverse proxy
| Component | During Failover |
|---|---|
| Web application | Docker container from latest image |
| PostgreSQL (dsp_clinic) | Restored from latest BorgBackup snapshot |
| Media files (images) | Restored from BorgBackup or rsync |
| Client VPS data | NOT covered — client VPSes remain online independently |
| Keycloak auth | Auth.veripath.co.uk must remain online (separate infrastructure) |
scp -r /opt/cold-standby/ root@77.68.112.126:/opt/
Or manually deploy from git on the backup VPS.
The database is backed up to the backup VPS nightly via BorgBackup:
borg list /var/backups/borg
borg extract --stdout ::<latest-archive> | psql -U postgres -d dsp_clinic
rsync -avz root@88.208.212.211:/var/www/html/gp_booking_app/media/ /opt/cold-standby/media/
cd /opt/cold-standby
docker compose up -d
Change the A record for gp.veripath.co.uk to point to 77.68.112.126:
| Record | Type | Normal | Failover |
|---|---|---|---|
| gp.veripath.co.uk | A | 88.208.212.211 | 77.68.112.126 |
DNS propagation takes 1–10 minutes depending on TTL.
| File | Purpose |
|---|---|
/opt/cold-standby/docker-compose.yml |
Standalone Docker Compose with app + postgres + redis + nginx |
/opt/cold-standby/nginx.conf |
nginx config with SSL + media serving |
/opt/cold-standby/deploy-standby.sh |
Automated deployment script |
| Limitation | Notes |
|---|---|
| Client databases | Client VPS PostgreSQL databases (sector_client_*) are not part of this failover. Each client VPS runs independently and can be re-tunnelled to the standby. |
| Keycloak dependency | The app requires auth.veripath.co.uk for authentication. If this is also down, logins won't work. |
| Manual DNS switch | DNS must be updated manually. Aim for a max RTO of 15 minutes. |
| No auto-failover | This is a cold standby, not active-active. Monitoring must detect the failure and trigger the procedure. |
Test the failover quarterly: