Project Writeup

Self-Hosted Portfolio Website

A professional resume and technical portfolio site self-hosted on a Proxmox-based home lab using a dedicated Debian Linux container, Nginx, Cloudflare Tunnel, HTTPS, DNS routing, firewall controls, and basic edge protections.

Project Goal

The goal of this project was to build a public-facing professional portfolio that demonstrates practical infrastructure skills while keeping the internal home network protected. The site needed to be simple, fast, secure, easy to maintain, and suitable for recruiters, hiring managers, and technical interviewers reviewing my work.

The design intentionally avoids opening inbound firewall ports. Public traffic is routed through Cloudflare Tunnel to a dedicated web container inside the lab environment.

Architecture

Technologies Used

Proxmox Debian Linux LXC Containers Nginx Cloudflare DNS Cloudflare Tunnel HTTPS Firewall Rules Static HTML/CSS Resume Hosting

What I Built

Dedicated Web Container

Created a dedicated Debian LXC container for the portfolio website, separating public web content from other lab services.

Nginx Static Site

Installed and configured Nginx to serve a lightweight static website and public resume PDF without requiring a CMS or database.

Cloudflare Tunnel Routing

Published the site through an existing Cloudflare Tunnel route, avoiding direct inbound exposure from the internet.

Public Resume Delivery

Added a downloadable PDF resume link that is served directly from the web container over HTTPS.

Security Considerations

No inbound web port forwarding is configured on the home gateway.
Public access is routed through Cloudflare Tunnel instead of direct internet exposure.
Cloudflare redirects HTTP requests to HTTPS.
Cloudflare custom security rules block common scanner paths such as WordPress admin, login, Git, environment file, and phpMyAdmin probes.
Cloudflare rate limiting is configured to reduce basic bot and scanner traffic.
Proxmox firewall is enabled at the datacenter and container level.
The portfolio container allows only required local HTTP traffic from the lab network.
The website is static HTML/CSS, reducing attack surface by avoiding WordPress, databases, plugins, or login portals.

What I Learned

This project reinforced the value of simple, layered design: isolate the service, expose only what is needed, route traffic through a controlled edge provider, and keep the origin server minimal. It also created a practical example I can discuss in interviews when explaining virtualization, secure publishing, DNS routing, firewall planning, and operational documentation.

Project Status

Live and operational. Future improvements may include individual project pages for Proxmox, Pi-hole, Ansible, Docker services, monitoring, and OpenClaw / AI workflow experimentation.