fuhlig/Blog
1
0
Fork 0
Code Activity

Rebuild

Browse Source
This commit is contained in:
Florian Uhlig
2025-12-03 12:46:48 +01:00
parent 5767c31162
commit 207f56128c
17 changed files with 285 additions and 245 deletions
Download Patch File Download Diff File Expand all files Collapse all files

130
public/posts/whatimworkingoncurrently/index.html
View File

@@ -1,6 +1,6 @@
<!DOCTYPE html>
<html lang="en">
<head><script src="/livereload.js?mindelay=10&amp;v=2&amp;port=1313&amp;path=livereload" data-no-instant defer></script>
<head>
<title>What am I currently working on :: TechnicalBlog</title>
@@ -8,56 +8,56 @@
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="Building a Self-Sustaining Infrastructure: A Two-Server Docker Setup Overview Creating a resilient, self-sustaining infrastructure doesn&rsquo;t require complex enterprise solutions. With two strategically configured servers and a well-thought-out backup strategy, you can achieve both reliability and security for your self-hosted applications.
The Architecture Docker Host Server The primary server runs all application workloads using Docker containers. This containerized approach provides:
Isolation: Each service runs in its own container with defined resources
Isolation: Each service runs in its own container with defined resources Portability: Services can be easily migrated or replicated Consistency: Docker Compose configurations ensure reproducible deployments The Docker host maintains minimal external exposure, with only essential ports opened to the internet. This reduces the attack surface while still providing necessary services.
" />
<meta name="keywords" content="" />
<meta name="robots" content="noodp" />
<link rel="canonical" href="http://localhost:1313/posts/whatimworkingoncurrently/" />
<link rel="canonical" href="https://blog.fuhlig.de/posts/whatimworkingoncurrently/" />
<link rel="stylesheet" href="http://localhost:1313/css/buttons.min.86f6b4c106b6c6eb690ae5203d36b442c1f66f718ff4e8164fa86cf6c61ad641.css">
<link rel="stylesheet" href="https://blog.fuhlig.de/css/buttons.min.86f6b4c106b6c6eb690ae5203d36b442c1f66f718ff4e8164fa86cf6c61ad641.css">
<link rel="stylesheet" href="http://localhost:1313/css/code.min.d529ea4b2fb8d34328d7d31afc5466d5f7bc2f0bc9abdd98b69385335d7baee4.css">
<link rel="stylesheet" href="https://blog.fuhlig.de/css/code.min.d529ea4b2fb8d34328d7d31afc5466d5f7bc2f0bc9abdd98b69385335d7baee4.css">
<link rel="stylesheet" href="http://localhost:1313/css/fonts.min.5bb7ed13e1d00d8ff39ea84af26737007eb5051b157b86fc24487c94f3dc8bbe.css">
<link rel="stylesheet" href="https://blog.fuhlig.de/css/fonts.min.5bb7ed13e1d00d8ff39ea84af26737007eb5051b157b86fc24487c94f3dc8bbe.css">
<link rel="stylesheet" href="http://localhost:1313/css/footer.min.eb8dfc2c6a7eafa36cd3ba92d63e69e849e2200e0002a228d137f236b09ecd75.css">
<link rel="stylesheet" href="https://blog.fuhlig.de/css/footer.min.eb8dfc2c6a7eafa36cd3ba92d63e69e849e2200e0002a228d137f236b09ecd75.css">
<link rel="stylesheet" href="http://localhost:1313/css/gist.min.a751e8b0abe1ba8bc53ced52a38b19d8950fe78ca29454ea8c2595cf26aad5c0.css">
<link rel="stylesheet" href="https://blog.fuhlig.de/css/gist.min.a751e8b0abe1ba8bc53ced52a38b19d8950fe78ca29454ea8c2595cf26aad5c0.css">
<link rel="stylesheet" href="http://localhost:1313/css/header.min.75c7eb0e2872d95ff48109c6647d0223a38db52e2561dd87966eb5fc7c6bdac6.css">
<link rel="stylesheet" href="https://blog.fuhlig.de/css/header.min.75c7eb0e2872d95ff48109c6647d0223a38db52e2561dd87966eb5fc7c6bdac6.css">
<link rel="stylesheet" href="http://localhost:1313/css/main.min.36833afd348409fc6c3d09d0897c5833d9d5bf1ff31f5e60ea3ee42ce2b1268c.css">
<link rel="stylesheet" href="https://blog.fuhlig.de/css/main.min.36833afd348409fc6c3d09d0897c5833d9d5bf1ff31f5e60ea3ee42ce2b1268c.css">
<link rel="stylesheet" href="http://localhost:1313/css/menu.min.3c17467ebeb3d38663dce68f71f519901124fa5cbb4519b2fb0667a21e9aca39.css">
<link rel="stylesheet" href="https://blog.fuhlig.de/css/menu.min.3c17467ebeb3d38663dce68f71f519901124fa5cbb4519b2fb0667a21e9aca39.css">
<link rel="stylesheet" href="http://localhost:1313/css/pagination.min.bbb986dbce00a5ce5aca0504b7925fc1c581992a4bf57f163e5d69cc1db7d836.css">
<link rel="stylesheet" href="https://blog.fuhlig.de/css/pagination.min.bbb986dbce00a5ce5aca0504b7925fc1c581992a4bf57f163e5d69cc1db7d836.css">
<link rel="stylesheet" href="http://localhost:1313/css/post.min.e6dddd258e64c83e05cec0cd49c05216742d42fc8ecbfbe6b67083412b609bd3.css">
<link rel="stylesheet" href="https://blog.fuhlig.de/css/post.min.e6dddd258e64c83e05cec0cd49c05216742d42fc8ecbfbe6b67083412b609bd3.css">
<link rel="stylesheet" href="http://localhost:1313/css/syntax.min.a0773cce9310cb6d8ed23e50f005448facf29a53001b57e038828daa466b25c0.css">
<link rel="stylesheet" href="https://blog.fuhlig.de/css/syntax.min.a0773cce9310cb6d8ed23e50f005448facf29a53001b57e038828daa466b25c0.css">
<link rel="stylesheet" href="http://localhost:1313/css/terminal.min.e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855.css">
<link rel="stylesheet" href="https://blog.fuhlig.de/css/terminal.min.e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855.css">
<link rel="stylesheet" href="http://localhost:1313/css/terms.min.b81791663c3790e738e571cdbf802312390d30e4b1d8dc9d814a5b5454d0ac11.css">
<link rel="stylesheet" href="https://blog.fuhlig.de/css/terms.min.b81791663c3790e738e571cdbf802312390d30e4b1d8dc9d814a5b5454d0ac11.css">
@@ -65,8 +65,8 @@ Isolation: Each service runs in its own container with defined resources
<link rel="shortcut icon" href="http://localhost:1313/favicon.png">
<link rel="apple-touch-icon" href="http://localhost:1313/apple-touch-icon.png">
<link rel="shortcut icon" href="https://blog.fuhlig.de/favicon.png">
<link rel="apple-touch-icon" href="https://blog.fuhlig.de/apple-touch-icon.png">
<meta name="twitter:card" content="summary" />
@@ -78,12 +78,12 @@ Isolation: Each service runs in its own container with defined resources
<meta property="og:title" content="What am I currently working on">
<meta property="og:description" content="Building a Self-Sustaining Infrastructure: A Two-Server Docker Setup Overview Creating a resilient, self-sustaining infrastructure doesn&rsquo;t require complex enterprise solutions. With two strategically configured servers and a well-thought-out backup strategy, you can achieve both reliability and security for your self-hosted applications.
The Architecture Docker Host Server The primary server runs all application workloads using Docker containers. This containerized approach provides:
Isolation: Each service runs in its own container with defined resources
Isolation: Each service runs in its own container with defined resources Portability: Services can be easily migrated or replicated Consistency: Docker Compose configurations ensure reproducible deployments The Docker host maintains minimal external exposure, with only essential ports opened to the internet. This reduces the attack surface while still providing necessary services.
" />
<meta property="og:url" content="http://localhost:1313/posts/whatimworkingoncurrently/" />
<meta property="og:url" content="https://blog.fuhlig.de/posts/whatimworkingoncurrently/" />
<meta property="og:site_name" content="TechnicalBlog" />
<meta property="og:image" content="http://localhost:1313/og-image.png">
<meta property="og:image" content="https://blog.fuhlig.de/og-image.png">
<meta property="og:image:width" content="1200">
<meta property="og:image:height" content="627">
@@ -129,14 +129,14 @@ Isolation: Each service runs in its own container with defined resources
<article class="post">
<h1 class="post-title">
<a href="http://localhost:1313/posts/whatimworkingoncurrently/">What am I currently working on</a>
<a href="https://blog.fuhlig.de/posts/whatimworkingoncurrently/">What am I currently working on</a>
</h1>
<div class="post-meta"><time class="post-date">2025-12-03</time></div>
<span class="post-tags">
#<a href="http://localhost:1313/tags/blog/">blog</a>&nbsp;
#<a href="https://blog.fuhlig.de/tags/blog/">blog</a>&nbsp;
</span>
@@ -146,45 +146,55 @@ Isolation: Each service runs in its own container with defined resources
<div class="post-content"><div>
<p>Building a Self-Sustaining Infrastructure: A Two-Server Docker Setup
Overview
Creating a resilient, self-sustaining infrastructure doesn&rsquo;t require complex enterprise solutions. With two strategically configured servers and a well-thought-out backup strategy, you can achieve both reliability and security for your self-hosted applications.</p>
<p>The Architecture
Docker Host Server
The primary server runs all application workloads using Docker containers. This containerized approach provides:</p>
<p>Isolation: Each service runs in its own container with defined resources</p>
<p>Portability: Services can be easily migrated or replicated</p>
<p>Consistency: Docker Compose configurations ensure reproducible deployments</p>
<h1 id="building-a-self-sustaining-infrastructure-a-two-server-docker-setup">Building a Self-Sustaining Infrastructure: A Two-Server Docker Setup<a href="#building-a-self-sustaining-infrastructure-a-two-server-docker-setup" class="hanchor" ariaLabel="Anchor">#</a> </h1>
<h2 id="overview">Overview<a href="#overview" class="hanchor" ariaLabel="Anchor">#</a> </h2>
<p>Creating a resilient, self-sustaining infrastructure doesn&rsquo;t require complex enterprise solutions. With two strategically configured servers and a well-thought-out backup strategy, you can achieve both reliability and security for your self-hosted applications.</p>
<h2 id="the-architecture">The Architecture<a href="#the-architecture" class="hanchor" ariaLabel="Anchor">#</a> </h2>
<h3 id="docker-host-server">Docker Host Server<a href="#docker-host-server" class="hanchor" ariaLabel="Anchor">#</a> </h3>
<p>The primary server runs all application workloads using Docker containers. This containerized approach provides:</p>
<ul>
<li><strong>Isolation</strong>: Each service runs in its own container with defined resources</li>
<li><strong>Portability</strong>: Services can be easily migrated or replicated</li>
<li><strong>Consistency</strong>: Docker Compose configurations ensure reproducible deployments</li>
</ul>
<p>The Docker host maintains minimal external exposure, with only essential ports opened to the internet. This reduces the attack surface while still providing necessary services.</p>
<p>Backup Storage Server
The secondary server serves as a dedicated backup repository with substantial storage capacity. This server is:</p>
<p>Isolated from the internet: No external access is permitted</p>
<p>Secured via iptables: Firewall rules prevent unauthorized connections</p>
<p>Connected via WireGuard VPN: Encrypted tunnel ensures secure communication between servers</p>
<p>Security Through Network Segmentation
The WireGuard VPN creates a secure, encrypted tunnel between the Docker host and backup server. This architecture provides several benefits:</p>
<p>Private communication channel for backup operations</p>
<p>Zero trust model for the backup server (completely isolated from public internet)</p>
<p>Reduced risk of data exfiltration</p>
<p>Encrypted data transfer between servers</p>
<p>Automated Backup Strategy
Daily automated backups capture the critical components:</p>
<p>Database Backups
All databases are exported and stored, ensuring data consistency and point-in-time recovery capabilities.</p>
<p>Docker Volume Backups
Persistent data from Docker volumes is systematically backed up, including:</p>
<p>Application configuration files</p>
<p>User-generated content</p>
<p>Service-specific data stores</p>
<h3 id="backup-storage-server">Backup Storage Server<a href="#backup-storage-server" class="hanchor" ariaLabel="Anchor">#</a> </h3>
<p>The secondary server serves as a dedicated backup repository with substantial storage capacity. This server is:</p>
<ul>
<li><strong>Isolated from the internet</strong>: No external access is permitted</li>
<li><strong>Secured via iptables</strong>: Firewall rules prevent unauthorized connections</li>
<li><strong>Connected via WireGuard VPN</strong>: Encrypted tunnel ensures secure communication between servers</li>
</ul>
<h2 id="security-through-network-segmentation">Security Through Network Segmentation<a href="#security-through-network-segmentation" class="hanchor" ariaLabel="Anchor">#</a> </h2>
<p>The WireGuard VPN creates a secure, encrypted tunnel between the Docker host and backup server. This architecture provides several benefits:</p>
<ul>
<li>Private communication channel for backup operations</li>
<li>Zero trust model for the backup server (completely isolated from public internet)</li>
<li>Reduced risk of data exfiltration</li>
<li>Encrypted data transfer between servers</li>
</ul>
<h2 id="automated-backup-strategy">Automated Backup Strategy<a href="#automated-backup-strategy" class="hanchor" ariaLabel="Anchor">#</a> </h2>
<p>Daily automated backups capture the critical components:</p>
<h3 id="database-backups">Database Backups<a href="#database-backups" class="hanchor" ariaLabel="Anchor">#</a> </h3>
<p>All databases are exported and stored, ensuring data consistency and point-in-time recovery capabilities.</p>
<h3 id="docker-volume-backups">Docker Volume Backups<a href="#docker-volume-backups" class="hanchor" ariaLabel="Anchor">#</a> </h3>
<p>Persistent data from Docker volumes is systematically backed up, including:</p>
<ul>
<li>Application configuration files</li>
<li>User-generated content</li>
<li>Service-specific data stores</li>
</ul>
<p>This comprehensive approach ensures that the entire infrastructure can be restored from backups, making the system truly self-sustaining.</p>
<p>Benefits of This Approach
Resilience: Hardware failure on the Docker host doesn&rsquo;t result in data loss
Security: Multi-layered security with network segmentation and minimal exposure
Maintainability: Containerized services are easy to update and manage
Scalability: Additional Docker hosts can connect to the same backup server
Cost-effective: Self-hosted solution with predictable costs</p>
<p>Conclusion
This two-server architecture strikes an excellent balance between simplicity and robustness. By combining Docker containerization with a dedicated, secured backup server connected via WireGuard, you achieve enterprise-grade reliability without enterprise-level complexity. Daily automated backups provide peace of mind, while the security-first network design protects your data from external threats.</p>
<h2 id="benefits-of-this-approach">Benefits of This Approach<a href="#benefits-of-this-approach" class="hanchor" ariaLabel="Anchor">#</a> </h2>
<p><strong>Resilience</strong>: Hardware failure on the Docker host doesn&rsquo;t result in data loss<br>
<strong>Security</strong>: Multi-layered security with network segmentation and minimal exposure<br>
<strong>Maintainability</strong>: Containerized services are easy to update and manage<br>
<strong>Scalability</strong>: Additional Docker hosts can connect to the same backup server<br>
<strong>Cost-effective</strong>: Self-hosted solution with predictable costs</p>
<h2 id="conclusion">Conclusion<a href="#conclusion" class="hanchor" ariaLabel="Anchor">#</a> </h2>
<p>This two-server architecture strikes an excellent balance between simplicity and robustness. By combining Docker containerization with a dedicated, secured backup server connected via WireGuard, you achieve enterprise-grade reliability without enterprise-level complexity. Daily automated backups provide peace of mind, while the security-first network design protects your data from external threats.</p>
<hr>
<p><em>This setup demonstrates that effective infrastructure doesn&rsquo;t require massive cloud budgets—just thoughtful design and consistent execution.</em></p>
</div></div>