// project — infrastructure
Portfolio Infrastructure
A fully self-hosted web stack running on a home PC — no cloud servers, no open ports, no VPS.
Nginx serves the site, Cloudflare Tunnel creates a secure encrypted pipe to the internet,
and Portainer keeps everything manageable. The whole thing boots with one command.
Security Model
🔐 Zero Open Ports
The cloudflared container makes an outbound-only connection to Cloudflare's edge network.
No inbound ports are opened on the home router or firewall. The home IP address is
never exposed to visitors — all traffic routes through Cloudflare's infrastructure.
Security model is equivalent to a named Cloudflare Zero Trust tunnel.
🚦 TLS Everywhere
Cloudflare handles TLS termination. Visitors always get HTTPS — no cert management required on the home server.
📦 Container Isolation
Each service (Nginx, cloudflared, Portainer) runs in its own container. Internal networking is Docker-managed — Nginx is never directly reachable from outside.
📂 Read-Only Volume
The site directory is mounted into Nginx as :ro — the container cannot write to or modify site files.
🔄 Auto-Restart
All containers set to restart: unless-stopped — survive PC reboots automatically via Docker Desktop startup.
Key Commands
▶ Start Stack
docker compose up -d
Run from root
🔗 Get Public URL
docker logs portfolio-cloudflared
Look for the trycloudflare.com line
🖥 Portainer UI
Visual container management
📁 Deploy Changes
Save file to site/ folder → Ctrl+Shift+R in browser. No Docker restart needed.
DockerNginxCloudflare Tunnel
PortainerSelf-HostedZero Open Ports
HTTPSAlpine LinuxHTML/CSS/JS