Skip to main content
  1. Portfolio/

Websites

·878 words·5 mins
Author
Kees Fluitman
I am a pedagog, hobbyist, allrounder and self-taught beginning software engineer. I am also a privacy advocate and enjoy privacy enhancing technologies.
Table of Contents
As a hobby, I set up websites and host them personally

Security
#

Generally, self-hosting is a dangerous adventure. I’ve setup a resilient security stack on my server. I’ve restricted access to my service to certain geographical blocks and use a monitoring stack using loki, promtail and grafana stack to efficiently load and read any log entries.

General Accessibility
#

For most Applications, I use wireguard or Tailscale (VPN) to avoid reverse-proxying them to the WAN. Even with the next mentioned security measurements, 1 simple vulnerability in my Applications will already be a possible danger. Applications run in Docker, and docker has known weaknesses, as the daemon needs high privileges on the host to even run.

Crowdsec
#

Crowdsec is a open source project that uses lists of known hostile IP addresses. It also bans IPs based on certain patterns or requests locally. It already blocks many requests to my domains, such as Wordpress attacks, or other known weaknesses.

Authentik
#

Any Websites that I only wish to serve to my friends, I secure using the Authentication and Authorization Provider Authentik. Users are members of groups, which allows them access to certain Services like: Immich, Nextcloud, Owntracks or many other Apps I run locally. But it also provides them fine grained privileges within these apps.

Observation and Logging
#

Im running several applications to log and observe possible hostile requests. Nginx, crowdsec and docker logs are served to Grafana, where I’ve setup simple Dashboards that quickly show me which are the most common requests, how many requests were blocked and allows me to see if any harm was done. I always keep an Eye out on IP addresses that make authentication requests to my websites or APIs.

Cloudflare
#

I use the Cloudflare proxy to forward the requests to my IP. This way, attackers won’t see my own IP address, any requests made, are done to Cloudflare servers and Cloudflare acts as an extra Layer of Protection.

This Website
#

I’ve come to fall in love for the simplicity, yet complex design of gohugo’s possibilities. Even though Im not good at designing websites, with simple templates, I can twist the looks and possibilities of my website. Allthewhile, having gohugo’s modules for SEO, Image Optimization and other neet tools necessary to run a professional website.

I stay true to my principle: no tracking. This website stays close to the Blowfish theme, stays fast and is perfect for it’s use case.

First Flask Website
#

As you can read in my portfolio entry: Python Programming, my first ever endeavour was made to learn all facets of web development. I wrote all backend and frontend code myself for this project. It made the project much bigger than anticipated though. As it grew in size because of all the modular functionalities I wrote myself: Backend Database with Models for: Blog, Authentication, About page. But also form validation, css animations, security measures, all gave me a good grasp of what is necessary in Web Development these days.

I deprecated the project, as it wasn’t all the best written code, got chaotic and for the little time I spent on it afterwards, was hard to get back into and maintain.

It did offer me a easy way to host small APIs and other functionalities I needed on the WAN. Like hosting the API for my gohugo Soccer team website, which gets it’s data directly from this website.

Website for my Soccer Team
#

In Switzerland, Kids play in a new Tournament format: Play More Football. Aless, Parents of course, have no clue about it yet. Causing some confusion about rules, tournaments and presence times. Especially with the high cultural differences in Switzerland, it’s hard sometimes as a trainer. I decided to put my experience to use and used a gohugo Qubt theme, to get started. I wrote some custom css, js and simple api for the database. The website is protected by my Authentik instance, only allowing the parents and me in, whilst allowing them to read up on all Tournament Dates, Match rules and formats, and most importantly, sign up for the tournaments.

Preview

Website for de Luc’s Büx
#

As a favor for a friend with his own Crèpewagen, I’ve set up a Website to get him going digitally. It was a good first experience with Wordpress. As security, I’ve set up Crowdsec to block any common wordpress attacks, and use Cloudflare’s WAN rules to block the /admin and /login endpoints. Still, I intend to replace the website with a simpler, static theme using GoHugo. For a faster, easier, and more futureproof solution. As Wordpress requires much more updating and security measurements. Wordpress just wouldn’t run fast enough in a docker container, with long load times.

Website for Sail Soup Sew
#

As a favor for a friend who sails, cooks and sews, I’ve set up a Website with GoHugo. GoHugo, as a static site generator, gives me much more controll over what is on the pages. No google tags, tracking cookies, etc. Just a clean static website with decent looking design. If I’d have time, I would add more sleak CSS transitions, but for now, it’s a quick and easy way to make it work. Sailsoupsew, on janaschatto.com, is based on hugoplate.