INFRASTRUCTURE · PERSONAL WEB

The Technical Architecture
of a Personal Website

A small set of clearly bounded services can create infrastructure that is maintainable, recoverable and ready to grow when real demand arrives.

2026.06.217 min readEngineering practice

DESIGN PRINCIPLE

Control complexity before planning for scale

Most personal websites should not begin with Kubernetes. A clearer starting point is one host with distinct layers: the edge handles HTTPS and routing, containers run the application, persistent storage protects data, and automation manages deployment and recovery.

ARCHITECTURE

Four layers, one dependable path

Traffic enters through a controlled edge and reaches the application; data remains outside disposable containers, while operational controls span the full path.

01DNS · CDN · PROXY

Access

DNS, caching, HTTPS, routing and basic access rules. Cloudflare sits in front of the origin; it does not replace origin security.

02DOCKER COMPOSE

Application

Frontend, backend API and jobs run separately with pinned versions, consistent environments and clear failure boundaries.

03VOLUME · DATABASE

Data

Databases, uploads and essential configuration persist outside containers; choose SQLite or PostgreSQL/MySQL for the actual workload.

04CI/CD · OBSERVABILITY

Operations

Tests, builds, health checks, logs, monitoring, backups and rollback protect every release.

DEPLOYMENT · IN PRACTICE

Website practice: enforcing layers at network boundaries

Compared with a classic three-tier design, this deployment keeps the layers but redraws their boundaries with Cloudflare Tunnel, Docker networks and an operations loop.

✓01

Simplified access

Cloudflare Tunnel replaces a public-facing Nginx endpoint and public IP, adding an encrypted tunnel, TLS and edge DDoS protection.

✓02

Split application

Frontend and Backend run separately on a shared Docker edge network; only the controlled entry point is exposed.

✓03

Isolated data

Homestead uses oracle-site_default while NextClaw stays on an independent dev network, fully separating the databases.

✓04

Mature operations

systemd, cron, backup scripts and a recovery handbook form the core operations loop.

DELIVERY PIPELINE

The smallest complete deployment loop

A release is complete only when it is verified and reversible.

01COMMITCommit
02TESTTest and build
03IMAGEVersioned image
04DEPLOYUpdate services
05VERIFYHealth check
06ROLLBACKRollback on failure

RESILIENCE

A backup ends with a successful restore

Create consistent database backups on a schedule and copy them to separate storage or an object store. Encrypt them and retain several versions. Most importantly, rehearse restoration: an untested backup is only a hope.

START SMALL · SCALE WITH EVIDENCE

Recommended starting point

Docker Compose + Caddy or Traefik + application containers + persistent volumes + automated backups. Run this reliably first, then add caching, multiple nodes or orchestration in response to measured bottlenecks.