// project: infrastructure
Portfolio Infrastructure
A fully self-hosted web stack running on a home PC, no cloud servers, no open ports, no VPS.
Nginx serves the site, Cloudflare Tunnel creates a secure encrypted pipe to the internet,
and Portainer keeps everything manageable. The whole thing boots with one command.
Traffic Flow
๐
Internet
public HTTPS
โ
โ๏ธ
Cloudflare
edge + TLS
โ
๐
Tunnel
outbound only
โ
๐ณ
Docker
container net
โ
Security Model
๐ Zero Open Ports
The cloudflared container makes an outbound-only connection to Cloudflare's edge network.
No inbound ports are opened on the home router or firewall. The home IP address is
never exposed to visitors, all traffic routes through Cloudflare's infrastructure.
Security model is equivalent to a named Cloudflare Zero Trust tunnel.
๐ฆ TLS Everywhere
Cloudflare handles TLS termination. Visitors always get HTTPS, no cert management required on the home server.
๐ฆ Container Isolation
Each service (Nginx, cloudflared, Portainer) runs in its own container. Internal networking is Docker-managed, Nginx is never directly reachable from outside.
๐ Read-Only Volume
The site directory is mounted into Nginx as :ro, the container cannot write to or modify site files.
๐ Auto-Restart
All containers set to restart: unless-stopped, survive PC reboots automatically via Docker Desktop startup.
Key Commands
โถ Start Stack
docker compose up -d
Run from root
๐ Get Public URL
docker logs portfolio-cloudflared
Look for the trycloudflare.com line
๐ฅ Portainer UI
Visual container management
๐ Deploy Changes
Save file to site/ folder โ Ctrl+Shift+R in browser. No Docker restart needed.
DockerNginxCloudflare Tunnel
PortainerSelf-HostedZero Open Ports
HTTPSAlpine LinuxHTML/CSS/JS