Blu Blog

The technology by which you read these words

Thu 03 October 2024

[Update: this post is outdated, but I wanted to leave it for posterity. As of 2025-05-08, I'm using Codeberg Pages. Cheaper, easier, more uptime. Less fun, but can't have it all.]

Ok so like there's actually a lot of tech in that chain that I'm not going to cover like ISP infrastructure, HDMI cables, or OLED screens. This is just about my networking and server setup. I figure now that I have my webhosting stack where I more or less want it1, here's a writeup about how it works!

The overview:

What your packets see:

  1. The fly.io reverse proxy
    • a docker container running nginx
  2. my router, with port forwarding handled for each service
    • it's a protectli vault running pfsense
  3. the host machine
    • Dell micro optiplex 5000
    • running Alpine linux headless
  4. and then Docker containers
    • nginx static site serving for blu-blog
    • another nginx static site server for boldforth.games
    • and a container for Gunicorn, with coordinated PostgreSQL and PGAdmin containers to serve the weather widget

So that's a total of 6 docker containers, 3 of which are docker-composed together for the weather widget's flask app.

Fly reverse proxy

I use fly.io because their free tier is good. They're also neat people over there. Back in the day when I first found them, I thought it was neat they used Docker containers and would basically host one or two for free, and that's what got me using Docker. Very fortuitous! But for now, because I wanted to serve a blog and a weather app at least, I've set up a reverse proxy nginx container on Fly instead. My traffic is small enough that I'm firmly in their free tier still. Certbot also means that traffic to and from the reverse proxy is encrypted. Neat!

Also, they only offer static IPv6 addresses. The IPv4 address it uses is shared. So, if you got an address resolution error instead of this page loading, that's probably because your device/network only does IPv4!2

My router

Earlier this year I splurged on a new network appliance of my very own: a Protectli Vault. I wanted a low power and high quality piece of hardware to act as my router. These machines are made for PFSense and run it quite well. The web interface is better than any router I've used before, and I don't even need some stupid fucking xfinity login for it. It also doesn't give me critical errors that just say "something went wrong, please reload or try again later" that lead to an hour and a half debugging only for me to find the app requires you to have stock chrome installed and can't imagine why anyone wouldn't.

The appliance also runs a firewall, as you might expect. This means I have rules configured to prevent any traffic to places that aren't the website and application. There are also rules preventing traffic from places other than the reverse proxy from getting to my home network.

mediummathbox

All my servers are _mathbox. The first one was automathbox, based on an inside joke from a decade ago about a computer being a box that does math. Since it was a server it did the mathboxing automatically. The small mathbox is my wireless accesspoint, and the large mathbox is a big desktop-size computer that I use for game servers. The medium is a happy medium! 3

The box runs Alpine linux, chosen for being non-Debian based 4. It's set up with Hugo and Docker. I copy blog posts over as markdown files, run Hugo, and the Docker container is set up with a volume so that when the new post files are generated, they're automatically picked up by Nginx for serving.

Hugo

Hugo is written in Go, with an explicit goal of very quick static site generation. If I remove all my generated files, while keeping my .md files, the hugo command will re-generate all 15 of my pages in under 100ms. The theme I'm using is Minimalistic.

Docker

Containerization sure is neat.

Etcetera:

Other things also go into this, like accounting for my dynamic IP with dynamic DNS. My domain registrar, NameCheap, lets me update my DNS info via a script. Since my IP changes every time my router shuts off, it's not necessary to update super frequently, but it is necessary to have it updating automatically so that DNS and my fly.io reverse proxy know where to forward traffic to.

  1. I am fooling no-one. I will adjust and overhaul this until I die or get bored of it. 

  2. Hey wait a minute if you're reading this it couldn't have failed to load what am I doing? 

  3. This naming convention absolutely breaks down next time I get a server. 

  4. What do I have against Debian? Literally nothing. My largemathbox is Debian, this laptop is LMDE, and my desktop is Pop!_OS. I just install a different distro on everything I get my little raccoon hands on. 

Tags: