This site is primary used for development and testing. The main site is hosted in the cloud but many of the links go to a private network/server with a dynamic IP-Address (FreeDNS is used).
Most services are hosted on very basic hardware, a number of rack mounted Raspberry Pi 4‘s running a Kubernetes cluster. Traefik is used as HTTP reverse proxy to enable easy deployment of micro-services. Docker containers are used together with a network distributed storage Gluster.
The use of a none business internet line combined with dynamic IP-address will cause some inconsistency regarding certain links (~99.99% uptime). Let’s Encrypt is used for the majority of the SSL encryption and exclusively for all sub domains. They offer basic level protection totally free, though they appreciate donations.
Future improvements/todo list
Use signed certificates from a certificate authority for my home NAS, as I’m using self-signed certificates today. Possibly use Let’s Encrypt as it is free and works great. Use NGINX as reverse proxy to handle all traffic and enable SSL. Setup Apache Guacamole on NAS to enable Remote Desktop through HTML. Implement Kubernetes instead of docker swarm. Switch to Traefik as kubernetes ingress (reverse proxy) and use ACME provider Let’s Encrypt for automatic certificate handling.
- Switch CMS to something more interesting, possibly react or angular based front-end, today WordPress is used.