This site is primary used for development and testing. The main site is hosted in the cloud but many of the links go to a private network/server with a dynamic IP-Address so DDNS is used.
Most services are hosted on very basic hardware, a Raspberry Pi 5 with a M.2 pi hat to enable a more robust SSD storage. Docker is used together with Traefik as HTTP reverse proxy to enable easy deployment of micro-services.
The use of a none business internet line combined with dynamic IP-address will cause some inconsistency regarding certain links (~99.99% uptime). Let’s Encrypt is used for the majority of the SSL encryption and exclusively for all sub domains. They offer basic level protection totally free, though they appreciate donations.
Future improvements/todo list
Use signed certificates from a certificate authority for my home NAS, as I’m using self-signed certificates today. Possibly use Let’s Encrypt as it is free and works great.Use NGINX as reverse proxy to handle all traffic and enable SSL.Setup Apache Guacamole on NAS to enable Remote Desktop through HTML.Implement Kubernetes instead of docker swarm.Switch to Traefik as kubernetes ingress (reverse proxy) and use ACME provider Let’s Encrypt for automatic certificate handling.- Switch CMS to something more interesting, possibly react or angular based front-end, today WordPress is used.
Add 2FA (two-factor authentication) through an external and/or internal identity provider and connect it through Traefik reverse proxy.