warnason/infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Hetzner server setup and infrastructure-as-code for BIM twin platform
1 commit 1 branch 0 tags 29 KiB
Find a file
warnason 648d4e6b98 Initial infrastructure: Caddy reverse proxy and Forgejo git server 
- Ubuntu 24.04 base on dedicated hardware with software RAID 1
- Docker Compose stacks for Caddy and Forgejo (PostgreSQL-backed)
- Automatic TLS via Let's Encrypt
- SSH hardening, UFW firewall, fail2ban
- Setup documentation in docs/setup.md
2026-04-16 17:39:57 +02:00
docs Initial infrastructure: Caddy reverse proxy and Forgejo git server 2026-04-16 17:39:57 +02:00
README.md Initial infrastructure: Caddy reverse proxy and Forgejo git server 2026-04-16 17:39:57 +02:00

README.md

Infrastructure

Self-hosted development and deployment infrastructure for personal technical projects.

Runs a private Git forge (Forgejo), an automated reverse proxy with TLS (Caddy), and serves prototype applications under development.

Overview

  • Host: Ubuntu 24.04 LTS on dedicated hardware (Hetzner, Falkenstein)
  • Storage: Software RAID 1 for the operating system, separate disk for non-critical data
  • Orchestration: Docker Compose
  • Reverse proxy: Caddy 2, with automatic Let's Encrypt certificates
  • Git hosting: Forgejo with PostgreSQL backend
  • Firewall: UFW, restricting inbound traffic to SSH, HTTP, HTTPS, and Git-over-SSH
  • Intrusion prevention: fail2ban on SSH

Services

Service URL Purpose
Forgejo https://git.stifting.at Self-hosted Git and CI/CD
App https://bim.stifting.at Currently hosted prototype

Repository layout

.
├── caddy/                 # Reverse proxy configuration
│   ├── docker-compose.yml
│   └── Caddyfile
├── forgejo/               # Git server configuration
│   ├── docker-compose.yml
│   └── .env.example
├── docs/                  # Setup notes and runbooks
│   └── setup.md
└── README.md

Bootstrapping a new host

See docs/setup.md for the full installation procedure.

High-level steps:

  1. Provision Ubuntu 24.04 via installimage with RAID 1
  2. Harden SSH, create an admin user, enable UFW and fail2ban
  3. Install Docker and create the shared web network
  4. Deploy Caddy, then Forgejo
  5. Configure DNS records for the relevant subdomains

Security notes

  • SSH uses key-only authentication; root login is disabled
  • Secrets (.env, passwords) are never committed; templates are provided as .env.example
  • Unattended security upgrades are enabled
  • TLS certificates are issued and renewed automatically via ACME

License

MIT