Robert
Jansen
 (marTech
&&dev)

DevOps

Servers & Workflows

Server and Proxy Experience

  • Linux
  • Docker
  • Openresty/Nginx
  • Lua

  • Hetzner
  • Scaleway
  • Cloudflare
  • 1Password
  • GitHub
  • GitLab
  • Zsh
  • LetsEncrypt
  • Bunny
  • Vercel
  • Google Cloud
«∙·—÷—·∞•◀==={&&}===▶•∞·—÷—·∙»

Current Setup

This website is served through the setup described below.

  • Ubuntu — Full config, users/groups, iptables, lynis checks, daemons, hardening, appArmor, rsyslog, etc.
  • Docker — Custom layered images, rootless & rootful, networking configurations and drivers, integrated logging.
  • CLI — many Zsh customizations and cli toolings for enhanced workflow and dotfiles for wide access, both on mac and linux.
  • Cloud — API based creation, provisioning (cloud-init) and destruction, including floating IP, IP management and private container registry.
·¤·∞•«⟨≡&&≡⟩»•∞·¤·

Configuration, Envs and Recovery

  • Infra as Code — Custom shell scripts, fully destructable and recreatable. Ran by cloud-init, with fetches from Git and private docker registry. VM Disk copies as additional backup. SSL, mail and DNS integrated.
  • Multi environment — One script launchable for both local Multipass and docker, or remote dev/staging/production servers, including base applications like OpenResty, Docker, Crowdsec, Restic, migration scripts, and more.
  • Backups — Restic & ResticProfile for volumes, ssl certs, and active databases. Incremental, encrypted, local and offsite storage with success & failure alerting.
·~•◁[≈&&≈]▷•~·

Security and Connectivity

  • Crowdsec WAF — on ubuntu host, logs, docker-logs, ssh, openresty with AppSec and any public touchpoint.
  • Remote VM VsCode development server — a full featured near duplicate of staging/production.
  • DNS as Code — DNSControl with custom API to nameserver provider and geo-routing support.
  • SSL Acme — Integrated using Lua in OpenResty with custom API to nameserver provider.
  • Secret management — 1Password service accounts for all sensitive variables, env separation, all secrets in memory where possible, no hard-coded secrets anywhere.
  • Mail — Mail APIs and host configs for alerts and docker apps, setup according to best practices, responsible mail practices and domain/ip reputation management.
·―<=[&&]>=―·

OpenResty Reverse Proxy and Gateway

  • Ubuntu & nginx with full http3/quic support, UDP tuning and minimal ssl handshake time
  • Worker and request-phase management for optimal Lua runtime, shared memory, and request level caching.
  • Multi-layer Caching
  • Proxy pass and proxy-caching with consideration with geo/locale/user-properties.
  • Auto domain provisioning based on Gomplated server templates
  • Auto SSL and wildcard provisioning based on ACME dns.
  • CSP, CORS and custom header management
  • Brotli and gzip compression
  • nJs availability to have JS available at the edge alongside Lua.
«∙·—÷—·∞•◀==={&&}===▶•∞·—÷—·∙»

Custom OpenResty Lua features

  • Full OIDC Access Control, integrated with Authentik
  • User sessions, both with own signals and oidc, with Redis storage
  • CrowdSec WAF and AppSec
  • Full GEO detection support
  • Full IANA timezone support
  • Full custom ICU multilanguage country, languages, dates, time and relative time parsing
  • International Character-sets, normalization, conversion and security.
  • International URL structures, rewrites and parsing
  • User and system language & country detection and selection, with separate compliance locales support.
  • Multilanguage root domain page, SEO friendly, loading in user detected best matched language.
·•*(&&)*•·