Snapshot
Why I built it this way
I wanted a place to write about work without handing the content to a platform I do not control. Shared hosting felt like a step backwards given the infrastructure I was already running at home.
The main architectural choice was publishing through a Cloudflare Tunnel instead of opening inbound firewall ports. That keeps the home IP hidden, avoids open ports on the router, and sidesteps the dynamic-IP mess that comes with residential internet.
The result is a hand-coded static site and a Ghost blog, both running off my own hardware, where I decide what gets deployed and when.
Outcome: A public site that runs from my own hardware, with no open inbound ports and no third-party hosting dependency.
Build
Infrastructure decisions
01
Self-Hosted Hardware & OS
The site runs on a personal mini PC deployed as a home server on a minimal Linux installation. No rented VPS, no shared hosting, and no handoff of the stack to a third party.
Mini PC
Linux
24/7 Uptime
Data Ownership
02
Secure Public Exposure
Instead of exposing the home network with inbound firewall rules, the site is published through a Cloudflare Tunnel. It uses an outbound-only encrypted connection to Cloudflare's edge, which means the origin IP is never exposed and the router stays closed.
Cloudflare Tunnel
Zero Open Ports
DDoS Protection
TLS Termination
03
Web Stack & Content
The portfolio is a hand-coded static site with no CMS, no frameworks, and no dependency churn. The companion Ghost blog runs on the same hardware, which keeps the publishing stack simple and easy to reason about.
Static HTML/CSS/JS
Ghost
Subdomain Routing
Python HTTP Server
Screenshot
Published site
