This site's architecture

2025-10-19

So this site is very simple.

• It's a simple static website that is a collection of HTML files (currently no CSS, wth no JS forever, probably)
• The repo is on a private gitlab repository, and the CI pipeline builds the wesite image on merge to main. The image base is nginx.
• The website is on a local raspberry-pi node that has docker installed, running this image, mapping the 80 / 443 ports directly.
• The container image is kept up to date using watchtower.
• A simple docker-compose file is used to run these commands. This file is held in a private gitlab repository (independent of the website itself).
• I route traffic to the 80 / 443 ports to my router to my raspberry-pi at the same port.
• I bought the domain name on namecheap.com. I tried to buy it from cloudflare but payment literally always failed, both with paypal and mastercard.
  • Get your shit together cloudflare!! Or if I've being shadow-banned, let me know thx.
  • I set up the A (for the @ and wwww subdomains) records to point to my IP address.
• I use let's encrypt and their handy certbot to generate certificates for HTTPS traffic. I then configured nginx to work with HTTPS traffic using these certificates (which involve mounting them when I run the image)

That's it! Though there was this one funny hiccup.

As I was setting up HTTPS, HTTP traffic worked just fine but HTTPS traffic didn't. All the code / configuration looked correct, and using tcpdump even told me that I was receiving HTTPS traffic (both on the node and in the container), though the handshake did not work.

It turns out I forgot to update my image running on the node. That is, it was running a version prior to setting up HTTPS to work on the image. That was quite funny!