Self-Hosted Infrastructure
Production infrastructure running 20+ Docker containers across a cloud VPS and a home lab — Traefik reverse proxy, CrowdSec security, automated SSL, monitoring, and CI/CD, all self-managed.
01 Overview
Everything I build runs on infrastructure I own end-to-end — no managed services, full control over deployment, security, and networking. Twenty-plus Docker containers span a cloud VPS and a home lab, all under a single self-managed posture.
The goal is complete ownership of the stack: from the reverse proxy and SSL down to intrusion detection and remote access, every layer is something I run, monitor, and can reason about directly rather than delegating to a platform.
02 How it works
Traefik fronts the stack with automatic Let's Encrypt SSL and Cloudflare DNS,
so every service gets TLS and routing without manual certificate handling.
CrowdSec provides intrusion detection backed by a firewall bouncer that acts
on threats in real time.
A Tailscale mesh VPN secures remote access across the VPS and home lab,
keeping management surfaces off the public internet. Services deploy through a
staging → production workflow with CI/CD, so changes are tested before they reach
anything live.
03 Engineering highlights
Traefikwith automatic Let's Encrypt SSL and Cloudflare DNS — TLS and routing handled automatically across every service.CrowdSecintrusion detection with a firewall bouncer that responds to threats in real time.Tailscalemesh VPN for secure remote access across the cloud VPS and home lab.- Staging → production deployment workflow with CI/CD so changes are validated before reaching live services.
04 Outcome
Full DevOps ownership — no managed services needed.