Skip to main content

Hardened Portfolio Infrastructure

·293 words·2 mins
Website Home Page

🎯 Project Vision
#

The goal was to move beyond traditional hosting and engineer a production-grade web environment that prioritizes security, persistence, and privacy. This project serves as a live demonstration of my ability to manage the full technical stackβ€”from the hypervisor to the public domain.

πŸ—οΈ Architecture & Technical Stack
#

  • Hypervisor: Proxmox VE (LXC) β€” Utilized for lightweight, isolated containerization.
    Proxmox Dashboard
  • Networking: Cloudflare Tunnel (Argo) β€” Provides “Zero-Trust” ingress, exposing the site without opening firewall ports or leaking my home IP.
  • Web Engine: Hugo (Extended) β€” A high-performance static site generator utilizing the Blowfish theme.
  • OS: Debian 12 β€” Hardened Linux environment managed via SSH.
Network Architecture Diagram

πŸ› οΈ Key Implementation & Problem Solving
#

1. High Availability via Systemd
#

I transitioned the environment from interactive testing to a persistent production state by creating custom systemd unit files. This ensures that both the web server and the network tunnel auto-start on boot and recover instantly from failures.

Systemd Service Status
Systemd Cloudflare Status

2. Operational Security (OPSEC) & Sanitization
#

A critical phase involved a “History Sanitization” audit. I purged internal network identifiers (IPv4 192.168.x.x) from the Git history and the Hugo build artifacts to ensure zero information leakage to the public.

πŸ”’ Security Hardening
#

  • No Inbound Ports: The environment has zero open ingress ports; the Cloudflare daemon creates an outbound-only connection to the edge network.
    Cloudflare Tunnel Dashboard
  • Artifact Integrity: Implemented a strict .gitignore policy to prevent the leakage of sensitive build metadata and local file paths.
  • Persistence: Configured Restart=always policies for all services to mitigate downtime.

πŸ“ˆ Professional Takeaways
#

  • Security-First Mindset: Demonstrated through the proactive sanitization of the version control history.
  • Infrastructure Ownership: Managed the end-to-end lifecycle from provisioning hardware to configuring public DNS.
  • Resilience: Successfully troubleshot and resolved “502 Bad Gateway” and network binding issues using system-level tools.