Self-hosted infrastructure with reverse proxy, monitoring, automated backups and workflow automation.
Design, deployment and maintenance of a self-hosted production infrastructure on VPS. Hosting all client and personal projects with isolated staging and production environments.
Traefik v3 reverse proxy with automatic Docker label-based routing, auto-renewing Let's Encrypt SSL certificates, HTTP to HTTPS redirect, and Basic Auth protected admin dashboard. All applications routed via a shared Docker network (traefik-public) with security headers (HSTS, XSS filter, content-type nosniff).
Monitoring stack: Portainer CE for visual Docker container management, and Uptime Kuma for availability monitoring with alerts. Workflow automation via n8n with dedicated PostgreSQL database.
Automated daily backup system: automatic MySQL container detection, compressed database dumps, Docker volume exports (storage, media, JWT, encryption keys), sync to Cloudflare R2 with 30-day retention, 2-day local rotation. Scheduled via cron at 03:00 UTC.
All services run as non-root containers with minimal capabilities (CAP_DROP: ALL), resource limits (CPU/memory), and JSON logging with rotation. Automated deployment via GitHub Actions and GitLab CI.