Security #
Generally, self-hosting is a dangerous adventure. I’ve setup a resilient security stack on my server. I’ve restricted access to my service to certain geographical blocks and use a monitoring stack using loki, promtail and grafana stack to efficiently load and read any log entries.
General Accessibility #
For most Applications, I use wireguard or Tailscale (VPN) to avoid reverse-proxying them to the WAN. Even with the next mentioned security measurements, 1 simple vulnerability in my Applications will already be a possible danger. Applications run in Docker, and docker has known weaknesses, as the daemon needs high privileges on the host to even run.
Crowdsec #
Crowdsec is a open source project that uses lists of known hostile IP addresses. It also bans IPs based on certain patterns or requests locally. It already blocks many requests to my domains, such as Wordpress attacks, or other known weaknesses.
Authentik #
Any Websites that I only wish to serve to my friends, I secure using the Authentication and Authorization Provider Authentik. Users are members of groups, which allows them access to certain Services like: Immich, Nextcloud, Owntracks or many other Apps I run locally. But it also provides them fine grained privileges within these apps.
Observation and Logging #
Im running several applications to log and observe possible hostile requests. Nginx, crowdsec and docker logs are served to Grafana, where I’ve setup simple Dashboards that quickly show me which are the most common requests, how many requests were blocked and allows me to see if any harm was done. I always keep an Eye out on IP addresses that make authentication requests to my websites or APIs.
Cloudflare #
I use the Cloudflare proxy to forward the requests to my IP. This way, attackers won’t see my own IP address, any requests made, are done to Cloudflare servers and Cloudflare acts as an extra Layer of Protection.
This Website #
I’ve come to fall in love for the simplicity, yet complex design of gohugo’s possibilities. Even though Im not good at designing websites, with simple templates, I can twist the looks and possibilities of my website. Allthewhile, having gohugo’s modules for SEO, Image Optimization and other neet tools necessary to run a professional website.
I stay true to my principle: no tracking. This website stays close to the Blowfish theme, stays fast and is perfect for it’s use case.
First Flask Website #
My first web development project, built to learn all facets of full-stack development. I wrote all backend and frontend code myself: database models, authentication, form validation, CSS animations, and security measures. The project grew large and eventually became hard to maintain, so I deprecated it.
Website for my Soccer Team (Archived) #
A gohugo website using the Qubt theme for parents of my soccer team. It featured tournament dates, match rules, and sign-ups, protected by Authentik authentication. The project is no longer in active use.
Website for de Luc’s Büx #
Built with GoHugo for a friend’s Crêpewagen business. Originally a Wordpress site, I rewrote it as a static site for better performance, easier maintenance, and improved security. The site features a bilingual setup (German/English) and links to the Neustadtbrockenhaus café location.
Website for Neustadtbrockenhaus #
A GoHugo website for a second-hand shop and café in Winterthur where my girlfriend works. The site showcases the shop’s offerings, café menu with crêpes, and upcoming events. Built with a warm, inviting design that matches the shop’s atmosphere.
Website for Sail Soup Sew #
A GoHugo website for a friend who sails, cooks and sews. Built with the hugoplate theme. Clean, static, and tracking-free.
