This site is primary used for development and testing. The main site is hosted in the cloud but many of the links go to a private network/server with a dynamic IP-Address (FreeDNS is used).

Most services are hosted on very basic hardware, a Raspberry Pi 5 with a M.2 pi hat to enable a more robust SSD storage. Docker is used together with Traefik as HTTP reverse proxy to enable easy deployment of micro-services.

The use of a none business internet line combined with dynamic IP-address will cause some inconsistency regarding certain links (~99.99% uptime). Let’s Encrypt is used for the majority of the SSL encryption and exclusively for all sub domains. They offer basic level protection totally free, though they appreciate donations.

Future improvements/todo list

  • Use signed certificates from a certificate authority for my home NAS, as I’m using self-signed certificates today. Possibly use Let’s Encrypt as it is free and works great.
  • Use NGINX as reverse proxy to handle all traffic and enable SSL.
  • Setup Apache Guacamole on NAS to enable Remote Desktop through HTML.
  • Implement Kubernetes instead of docker swarm.
  • Switch to Traefik as kubernetes ingress (reverse proxy) and use ACME provider Let’s Encrypt for automatic certificate handling.
  • Switch CMS to something more interesting, possibly react or angular based front-end, today WordPress is used.
  • Add 2FA (two-factor authentication) through an external and/or internal identity provider and connect it through Traefik reverse proxy.