I’m always open to challenge myself and try new things. This website was just one such challenge to help myself stand out in the job market, as well as learn valuable skills about web design and self-hosting.
Some information about this site:
This site scores an “A+” on SSL Labs Online Security Test:
https://www.ssllabs.com/ssltest/analyze.html?d=eric.frydendal.org&hideResults=on
My Goal:
Build a low cost secure website to house my CV using today’s industry leading technology.
Considerations:
The first step to building a site is acquiring the hardware. In this case, I wanted to host the server myself, rather than rely on an outside web host. This would give me full control over the entire infrastructure.
For my physical host, I purchased a used Intel NUC. These extremely capable devices are low-power and extremely versatile. ESXi was the most logical choice for the hypervisor, as it’s the industry leading solution. Additionally, the following software was used:
- Web Server: This was a no-brainer. Nginx is one of the leading web servers today, and is quickly overtaking Apache. In addition, I already have significant experience with Nginx, so familiarity was a large factor.
- CMS: The Content Management System (CMS) was one of the most difficult decisions. I had little web design experience, short of HTML manipulation and a few styling effects, so this was the area I stood to learn the most. WordPress is far and away the market leader in the space (with approximately 60% of the current market share), but can be resource intensive. Other low-resource solutions offered compelling alternatives, but would leave me with less support and a higher knowledge gap to entry. Ultimately, my decision to go with WordPress was decided because it was the market leader and therefore was the tool that would be the most beneficial to learn.
- Database: MySQL pairs well with WordPress and is the default choice for WordPress when installed via Docker.
- Networking: In addition to the website, I had to handle escorting users securely from the Internet to my webserver (and ONLY to my webserver). This is where my OPNsense router stepped in to provide a reliable and secure firewall in a completely separate subnet. Additionally, an additional Nginx reverse proxy helps manage multiple services and my LetsEncrypt SSL certificate auto-renewal.