The infrastructure behind my self-hosted projects (including this blog)

I've documented my current setup here to share what's working for me and perhaps help others who are building their own self-hosted environments.
The infrastructure behind my self-hosted projects (including this blog)

On this page

TL;DR

Here's a quick overview of my infrastructure:

Domain registrar

When choosing a domain registrar, I prioritized finding one with transparent and consistent pricing without steep renewal fees. Two options stood out: Cloudflare and Porkbun. While Cloudflare is the cheapest, they require exclusive use of their nameservers. To avoid vendor lock-in, I chose Porkbun, which maintains fair pricing without this restriction and has garnered strong support from the Reddit community.

VPS

After tyring DigitalOcean and Vultr, I've settled on Hetzner as my VPS provider. Hetzner provides better specifications for the price and I prefer their web interface for its better design and usability. I keep only the port 22 open on my VPS for SSH. I use Tailscale and Cloudflare Tunnel for private and public access respectively (more details below).

Private VPN

Tailscale provides secure access to my private applications through a VPN. It creates a seamless private network (called a Tailnet) across all my devices, assigning each one a unique IP address and hostname.

CDN

Not much thought went into this. I selected Cloudflare simply because they are the market-leading CDN provider with reliable performance.

Public reverse proxy

Cloudflare Tunnel functions as a reverse proxy for my applications (including this blog). This eliminates the need to open ports on my VPS or set up a traditional reverse proxy like Nginx. Instead, a lightweight daemon (cloudflared) runs on the VPS, creating outbound-only connections to Cloudflare.

Private reverse proxy

Nginx Proxy Manager simplifies setting up reverse proxies for my applications with automatic SSL certificates from Let's Encrypt. It eliminates the need to manually manage Nginx configuration files. Built on top of Nginx, it can be easily self-hosted via Docker.

Containerization

I deploy and manage applications on my VPS using Docker containers, which provides isolation and simplifies deployment.

Backups

For backups, I use Restic to create deduplicated snapshots, storing them offsite in a Backblaze B2 bucket. I've detailed my backup strategy in a separate blog post. Since writing that post, I've switched from Hetzner Storage Box to Backblaze B2, as the latter offers S3-compatible storage with free egress (up to 3× your average monthly stored data).

How I backup my data using open source tools
A guide on setting up an automated backup system using Restic for both on-site and off-site backups.

Conclusion

I've loved building this setup over time. The Tailscale + Cloudflare Tunnel combo has been a game-changer, and Docker makes everything so much easier to manage. While I may change aspects of this setup in the future as my needs evolve, for now, this configuration works extremely well for my self-hosting requirements.

Subscribe to my newsletter

I share my learnings, discoveries and insights through my writing. Receive exclusive content delivered straight to your inbox. It's free!
Great! Check your inbox and click the link to confirm your subscription.
Error! Please enter a valid email address!