You're right, and that's a fair criticism. I'll use a plain translator next time. Thanks for pushing back on it.

Ciao! Fair enough. Though 200 people seemed to understand my AI-assisted English just fine — maybe the issue isn't the language. 😄

Caddy is a great choice for exactly that reason — it gets out of your way. HAProxy gives me more granular control but the config is definitely not for everyone. On the obscurity point: you're absolutely right, and I'd sign that statement. Obscurity alone is theater. Obscurity on top of solid security is a legitimate noise reducer. Watching bots drop to zero is genuinely satisfying — my public dashboard shows 6,400+ attack attempts in 17 days vs ~4,500 real humans. The bots are loud. The wildcard cert + uncommon port approach is underrated for small personal setups. The attack surface doesn't shrink, but the automated scanners move on and that's often enough. 😄

Ciao, messaggio ricevuto. La prossima volta preparerò il post appositamente per te. Se mi mandi le specifiche IEEE ti prometto che farò del mio meglio per rispettarle. Buona serata.

Ciao! Really enjoyed reading about your setup — Alpine + Podman is a great minimal choice, and the Wireguard-in-front-of-SSH approach is elegant. On HAProxy: for my use case it's not really a load balancer — it's a reverse proxy and SSL termination point running on a separate board (Orange Pi Zero 3). The main reason is architectural: it sits in front of everything, handles Certbot renewals, and routes traffic to the Raspberry Pi 4B behind NAT. If one board needs maintenance, the other keeps running. For a personal setup with low traffic, you honestly don't need it. Caddy already does what HAProxy does for me, and with less configuration. Your setup sounds cleaner for what you need. One thing I noticed we share: the bot/scraper problem is real. My public dashboard shows 6400+ attacks in 17 days vs ~4500 legitimate human visits. The uncommon port trick is underrated. 😄

confusedpuppy @lemmy.dbzer0.com to Selfhosted@lemmy.world • My entire production website runs on a Raspberry Pi 4B + Orange Pi Zero 3 — real traffic, public dashboard, zero cloud English For the past year I’ve been learning to self host minimally on a used Raspberry Pi 5. I do have a Pi 4 as well but that’s dedicated to HomeAssistant for the small handful of lights and switches it controls.

Both Pi’s run Alpine Linux with Podman containers. For my Pi 5 server it runs Caddy as my reverse proxy/SSL cert handler plus another contained for Kiwix. It’s super simple. Caddy also has a basic file server for me to host my git repositories as well as hosting my static site.

The static site is based off a script I found called BashWrite but it hasn’t been updated in a year so I decided to add some of my own changes to it here. I also fixed up some of the English grammar since the original creater wasn’t an English native speaker.

I’m still focusing on the background stuff but I’ve put a lot of effort into security and hardening. I’ve written all the maintenance (backup, keep-alive, updating) myself using POSIX portable scripts which can all be found on my codeberg page. It’s been a long process but I’m nearly there. I just have to switch from iptables to nftables and add secrets to my Caddyfile configuration to hide important keys that are currently sitting as plain text. After that I can focus on my blog/static site.

Since I’m not doing this for a business, I’ve decided to use a wildcard domain for my SSL cert plus an uncommon port as a low effort way to hide myself from bots/scraper. Also I set up Wireguard infront of my SSH connection to also hide from bots. My log activity only shows my own activity which is comforting to know, especially since I’ve seen just how active bots and scrapers are in comparison to a year ago when I was just getting started and beginning to learn things.

It’s really cool to see another minimal project like this and I think it’s refreshing to see. A lot of the times I see people with dozens on intensive services running and I feel a bit out of place with my scaled down self hosted project.

My only question about your setup is about HAproxy. How important is a load balancer for your site? I don’t think I will need one for myself since the traffic will mostly be for myself and a few people I know personally but I am still curious about how it works and how effective it is for your setup.

Body

Deal! Work hard, find truffles, get tortellini con burro e tartufo. Best salary package in the industry. 😀

He's a Lagotto Romagnolo — a breed selected for centuries specifically for truffle hunting. It's literally in his DNA. Training starts as a puppy: you hide small pieces of truffle in the garden and let him find them. Now the only way to make him truly happy is to let him run free in the woods — and you run behind him 😄 When he finds one, he expects a proper reward. I'm from Bologna, so his payment is a tortellino per truffle. Fair trade. 😁

Honored. 🙏

Ah, yeah, we don’t like Google here either. Ciao! At this rate I'll have to rewrite everything in carrier pigeons. :-)

This is BASIC — my Lagotto Romagnolo. Official lake8.dev mascot and uptime monitor. He also finds truffles. 😍

Ciao! I'm Italian 🇮🇹 — my English is very "pasta asciutta" level. I use AI to help me write without saying something cosmically wrong. Sorry for that. But me and my dog are 100% real. 🐕

Here's my "cloud infrastructure" Air conditioning — NO Sterile environment — NO Dedicated server room — NO Enterprise-grade monitoring — is BASIC (BASIC is my Lagotto Romagnolo. He checks uptime personally.)