Full-Stack Infrastructure: Architecting a Hardened Digital Portfolio

Hosting your own server

Company: Personal Project

Architected and self-hosts a hardened web infrastructure using Proxmox and Apache, achieving a Qualys SSL Labs A+ rating through meticulous cryptographic tuning and automated certificate orchestration via pfSense. This project demonstrates a deep-seated commitment to 'Security by Design' across the entire OSI model.

The Objective

I developed my personal domain as a live laboratory to demonstrate a holistic approach to web hosting, encompassing virtualization, network security, and performance optimization. This project serves as a "living resume" of my ability to manage the entire lifecycle of a web service.

The Infrastructure Stack

My hosting environment is built on a layered architecture designed for isolation, security, and scalability:

  • Virtualization (Proxmox VE): The site is hosted within a dedicated Linux container (LXC) on a Proxmox hypervisor, ensuring resource isolation and easy snapshots for disaster recovery.

  • Web Services: Utilizing a high-performance Apache backend on a hardened Linux distribution.

  • Edge Security (pfSense & Ha-Proxy): I implemented a multi-layered defense strategy:

    • pfSense Firewall: Acts as the primary perimeter defense.

    • Ha-Proxy Reverse Proxy: Manages SSL termination and hides the internal network topology from the public internet.

Security Hardening & SSL Excellence

A major milestone of this project was optimizing the server’s security posture. I transitioned the site’s SSL configuration from a standard 'C' grade to a Qualys SSL Labs A+ Rating.

  • Cryptographic Optimization: Configured modern cipher suites and disabled deprecated protocols (TLS 1.0/1.1).

  • Automated Certificate Management: Integrated Let’s Encrypt with a DNS-01 challenge (via GoDaddy API and pfSense) to automate certificate renewal while maintaining a closed-port posture for the internal network.

  • Header Hardening: Implemented HSTS (HTTP Strict Transport Security) and security headers to mitigate XSS and Man-in-the-Middle attacks.

Key Expertise Demonstrated

  • Cybersecurity: SSL/TLS Hardening, Reverse Proxy Configuration, and Firewall Management (pfSense).

  • Systems Administration: Proxmox Virtualization, Linux Server Management, and Apache/Nginx optimization.

  • Network Engineering: DNS Management, NAT Traversal, and Secure Remote Access.

  • Mail Server Administration: Self-hosting and securing an independent email infrastructure (SMTP/IMAP/SPF/DKIM/DMARC).