jcktrue.dk/content/post/architectural-overview/index.md

---
title: "Architectural Overview"
subtitle: "Overview of the architecture behind this website."
summary: "Overview of the architecture behind this website."
date: 2020-02-27T22:10:31+01:00
lastmod: 2020-02-27T22:10:31+01:00
diagram: true
---
## Introduction

I self host this site. I consider it a learning experience into hosting and managing a full Linux server stack. The purpose of this post is to describe my current setup as notes to myself should I ever need to redo a similar setup. 

My setup attempts to achieve the following goals:

- Require no or little maintenance
  - I do not wish to daily check the status of the server
- High data integrity
  - Losing data is not acceptable. Downtime, while data is being recovered, is however okay.
- Employ best practices
  - TLS, Git, and containers are all considered best practices in modern software development.

Out of scope:

- Uptime and reliability
  - I self-host and do not host any critical services.
- Performance and scaling
  - The server is purely for personal use and hardware is cheap.

## Hardware

The webserver is hosted on an HP MicroServer Gen8. The OS runs off a 120GB SSD drive and 2x3TB HDD running RAID1 using the Btrfs filesystem. This provides a suitable balance between storage capacity, and performance. Offsite backup is done weekly through https://wasabi.com/ and their S3 compatible service.

## Network

The server is connected via Gigabit Ethernet to an ASUS router. The router supports both IPv4 and IPv6 and does port forwarding for port 80 and port 443 to the statically configured IP address.

On the WAN side, a 150/150Mb/sec fiber line from Altibox provides the internet connection, and while the IP address is not static it changes rarely enough for this not to be an issue.

The domain is registered via gandi.net providing both registration and name servers.

## Software

The software stack is built on containers. A reverse proxy is employed to provide SSL certificates through LetsEncrypt. The webserver itself is Nginx running on an internal virtual network.

All containers are automatically updated as is the host system.

```mermaid
graph LR;
  WAN-->Router-->Server;
  
  subgraph Docker
  
  FP-->NGINX;
  FP-->OC["Other Containers"];
  end
  Server-->FP["Traefik"];
```

## Build

The site uses the Hugo static site generator. The content of the site is maintained in a git repository. On each update to the repository, a dedicated build server generates the HTML and pushes it to the webserver. This allows the site to be updated from any machine with access to git.
Added post on architecture 2020-02-27 21:42:33 +00:00			`---`
			`title: "Architectural Overview"`
			`subtitle: "Overview of the architecture behind this website."`
			`summary: "Overview of the architecture behind this website."`
			`date: 2020-02-27T22:10:31+01:00`
			`lastmod: 2020-02-27T22:10:31+01:00`
Theme update. Adding diagram 2021-01-30 09:08:35 +00:00			`diagram: true`
Added post on architecture 2020-02-27 21:42:33 +00:00			`---`
Syntax cleanup 2020-02-29 15:51:43 +00:00			`## Introduction`
Added post on architecture 2020-02-27 21:42:33 +00:00
Clean up language 2021-05-01 17:16:57 +00:00			`I self host this site. I consider it a learning experience into hosting and managing a full Linux server stack. The purpose of this post is to describe my current setup as notes to myself should I ever need to redo a similar setup.`
Added post on architecture 2020-02-27 21:42:33 +00:00
Syntax cleanup 2020-02-29 15:51:43 +00:00			`My setup attempts to achieve the following goals:`
Added post on architecture 2020-02-27 21:42:33 +00:00
			`- Require no or little maintenance`
			`- I do not wish to daily check the status of the server`
			`- High data integrity`
Clean up language 2021-05-01 17:16:57 +00:00			`- Losing data is not acceptable. Downtime, while data is being recovered, is however okay.`
Added post on architecture 2020-02-27 21:42:33 +00:00			`- Employ best practices`
Clean up language 2021-05-01 17:16:57 +00:00			`- TLS, Git, and containers are all considered best practices in modern software development.`
Added post on architecture 2020-02-27 21:42:33 +00:00
Syntax cleanup 2020-02-29 15:51:43 +00:00			`Out of scope:`

			`- Uptime and reliability`
Clean up language 2021-05-01 17:16:57 +00:00			`- I self-host and do not host any critical services.`
Syntax cleanup 2020-02-29 15:51:43 +00:00			`- Performance and scaling`
			`- The server is purely for personal use and hardware is cheap.`

			`## Hardware`
Added post on architecture 2020-02-27 21:42:33 +00:00
Clean up language 2021-05-01 17:16:57 +00:00			`The webserver is hosted on an HP MicroServer Gen8. The OS runs off a 120GB SSD drive and 2x3TB HDD running RAID1 using the Btrfs filesystem. This provides a suitable balance between storage capacity, and performance. Offsite backup is done weekly through https://wasabi.com/ and their S3 compatible service.`
Added post on architecture 2020-02-27 21:42:33 +00:00
Syntax cleanup 2020-02-29 15:51:43 +00:00			`## Network`
Added post on architecture 2020-02-27 21:42:33 +00:00
Sailing experience added 2020-02-29 18:54:31 +00:00			`The server is connected via Gigabit Ethernet to an ASUS router. The router supports both IPv4 and IPv6 and does port forwarding for port 80 and port 443 to the statically configured IP address.`
Added post on architecture 2020-02-27 21:42:33 +00:00
Clean up language 2021-05-01 17:16:57 +00:00			`On the WAN side, a 150/150Mb/sec fiber line from Altibox provides the internet connection, and while the IP address is not static it changes rarely enough for this not to be an issue.`
Added post on architecture 2020-02-27 21:42:33 +00:00
Sailing experience added 2020-02-29 18:54:31 +00:00			`The domain is registered via gandi.net providing both registration and name servers.`
Added post on architecture 2020-02-27 21:42:33 +00:00
Syntax cleanup 2020-02-29 15:51:43 +00:00			`## Software`
Added post on architecture 2020-02-27 21:42:33 +00:00
Clean up language 2021-05-01 17:16:57 +00:00			`The software stack is built on containers. A reverse proxy is employed to provide SSL certificates through LetsEncrypt. The webserver itself is Nginx running on an internal virtual network.`
Added post on architecture 2020-02-27 21:42:33 +00:00
			`All containers are automatically updated as is the host system.`

Theme update. Adding diagram 2021-01-30 09:08:35 +00:00			```mermaid
			`graph LR;`
			`WAN-->Router-->Server;`
Diagram update 2021-01-30 14:25:47 +00:00
			`subgraph Docker`

Diagram added (Still some rendering issue) 2021-01-30 13:12:09 +00:00			`FP-->NGINX;`
Theme update. Adding diagram 2021-01-30 09:08:35 +00:00			`FP-->OC["Other Containers"];`
Diagram update 2021-01-30 14:25:47 +00:00			`end`
			`Server-->FP["Traefik"];`
Theme update. Adding diagram 2021-01-30 09:08:35 +00:00			```

Syntax cleanup 2020-02-29 15:51:43 +00:00			`## Build`
Added post on architecture 2020-02-27 21:42:33 +00:00
Clean up language 2021-05-01 17:16:57 +00:00			`The site uses the Hugo static site generator. The content of the site is maintained in a git repository. On each update to the repository, a dedicated build server generates the HTML and pushes it to the webserver. This allows the site to be updated from any machine with access to git.`