scubbo
/
blogcontent
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
44 Commits
3 Branches
0 Tags
6.0 MiB
 
 
 
 
Tag: Branch: Tree: ce35a86600
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'ce35a86600'
${ noResults }
blogcontent/blog/content/posts/self-hosting-blog.md

3.0 KiB
Raw Blame History Escape

title date tags
Self Hosting Blog 2022-05-02T19:01:33-07:00 [meta homelab]

Despite this blog being [initially set up to primarily talk about self-hosting]({{< ref "/posts/my-first-post." >}}), I'd actually been hosting it on AWS until very recently. This was due to caution - I know just enough about security to know that I know next-to-nothing about security, and so I didn't want to expose any ports on my own network to the Internet. Instead, I set up an AWS CodePipeline to build the blog and deploy to S3 anytime I pushed a new change. Admittedly, this was a pretty cool project in itself that taught me a lot more about CDK and some AWS services; but it didn't feel like true self-hosting, even though I wasn't using anything like Medium or WordPress.

Thanks to this great blog post, I found an alternative that allowed me to feel the nerd-pride of self-hosting while retaining security. Cloudflare offer a free service called "Cloudflare Tunnel" (formerly "Cloudflare Argo"). To quote that blog:

This approach solves a lot of problems at once: there’s no need to open up any inbound firewall ports (hooray!); I don’t need to set up dynamic DNS records for my home IP address (which would, among other things, have some bad privacy implications); and I get Cloudflare’s DDoS protection and CDN features (which I would have wanted anyways for the blog). And crazily enough, it’s all free!

My setup's a little different than that author's (for one thing, I'm not running k8s...yet...), but the approach still works just fine. I built:

I do admire the elegance of my previous setup (and of the setup I'm copying) whereby a push to the repo will trigger the build-and-republish - but, since I haven't taken the plunge to self-host Gitea yet1, that will have to wait. I suppose I could set up a local server (to trigger rebuild) which is called by a GitHub action after pushing, but that seems like throwaway work for nothing.

I also don't have quite the same level of paranoia as the author about network rules. That said, I did just install an OPNSense router (to replace the ISP-provided router that kept dropping my Raspberries Pi after a few days of uptime), so learning more about VLANs and Route Tables could well be in my future, too.

  1. and probably never will until I have Backblaze or some other reliable backup system setup - I trust GitHub's durability more than my own, and losing my code would be game over!