Production-grade multi-server infrastructure achieving 99.99% uptime with 52% cost reduction vs Azure
A production-grade infrastructure built from scratch, hosting my portfolio website, services, and development environment across multiple servers. After experimenting with Azure, AWS, and Google Cloud, I designed a hybrid setup combining DigitalOcean VPS instances and a repurposed home server to achieve optimal performance, cost-efficiency, and full control over my stack. The infrastructure now includes a dedicated staging server for testing updates before production deployment.
develop branchMirrors production environment for testing before deployment
Repurposed ASUS VivoBook running Ubuntu Linux
Configured Nginx to efficiently route traffic using Unix socket communication with Gunicorn, serving static files directly, and managing SSL/TLS certificates automatically via Let's Encrypt.
server {
listen 80;
server_name chua333.net www.chua333.net;
location / {
include proxy_params;
proxy_pass ████████████████████████████.sock;
}
location /static {
alias ████████████████████████████;
}
listen 443 ssl;
ssl_certificate ████████████████████████████.pem;
ssl_certificate_key █████████████████████████████.pem;
}Implemented comprehensive monitoring using Prometheus and Grafana to track system health and performance metrics in real-time with automated Discord alerts.
Tracks CPU usage, RAM consumption, storage capacity, and network traffic
Monitors database performance including average CPU and memory usage
Discord webhook notifications for high CPU usage (>80%), low disk space (>85%), and website downtime
Configured Cloudflare Tunnel on the home server to enable secure SSH access without exposing ports.
The tunnel routes connections like ssh.chua333.net directly to the home server through
Cloudflare's network.
Implemented a robust multi-layered backup and deployment workflow to ensure data safety and streamlined updates across both production and development environments.
Cron jobs on production and development servers automatically backup application files and configurations to local directories
Windows 11 development machine uses Task Scheduler to automatically download production backups from VPS
Backups are automatically uploaded from Windows 11 machine to the home server with dual storage: always-connected external HDD and air-gapped external SSD (only connected during backup)
Each backup job reports to healthchecks.io, triggering Discord webhook alerts on success or failure for proactive monitoring
Daily automated backup verification and periodic restore tests ensure zero errors and data integrity across all backup tiers
3 copies (VPS, Win11, Home Server) • 2 media types (SSD, HDD) • 1 off-site (VPS cloud) • 1 offline (air-gapped SSD) • 0 errors (verified daily)
Development server (dev.chua333.net) auto-deploys from develop branch, production (chua333.net) deploys from main after verification
Started by experimenting with Azure due to its popularity in the cloud space. Also evaluated AWS and Google Cloud, but found AWS overly complex for my needs and Google Cloud didn't align with my preferences.
Repurposed an old ASUS VivoBook laptop, installed Ubuntu Linux, and began hosting services locally. This gave me hands-on experience with Linux server administration and full control over my infrastructure.
Migrated to a hybrid setup combining DigitalOcean VPS for public-facing services and home server for development and database workloads. This strategic move achieved 99.99% uptime while reducing costs by 52% compared to Azure.
Implemented a complete DevOps workflow with Git-based version control and automated staging deployment.
The development server (VPS #3) runs at dev.chua333.net, automatically pulling from the
develop branch for live testing. Once verified, changes are merged to main and
deployed to production. This git-flow strategy ensures thorough testing before production deployment,
minimizing downtime and catching issues early.
Added a comprehensive enterprise-grade backup strategy following the 3-2-1-1-0 rule: VPS cron jobs create local backups (Tier 1), Windows 11 Task Scheduler downloads them (Tier 2), then uploads to home server with dual storage—always-connected HDD and air-gapped SSD (Tier 3). Daily verification and periodic restore tests ensure zero errors. All monitored via healthchecks.io with Discord notifications for complete data safety across cloud, local, and offline infrastructure.
Challenge: Securing the infrastructure without exposing sensitive information, protecting against DDoS attacks, securing the database, and preventing bot spam.
Solution: Deep-dived into the OSI layers and network protocols, implemented Cloudflare's protection layer, configured firewall rules, used rate limiting, and set up monitoring to detect unusual patterns. Spent countless hours on forums and Stack Overflow learning security best practices.
Challenge: How to push updates without taking the site offline.
Solution: Optimized the application to serve mostly dynamic content that loads quickly. Updates now cause only a few seconds of downtime during the Gunicorn restart process.
Challenge: Cloud costs were adding up quickly with traditional providers.
Solution: Hybrid approach using DigitalOcean's competitive pricing for VPS and leveraging existing hardware for the home server reduced monthly costs by 52% compared to Azure while maintaining reliability. Read the full cost breakdown →
What surprised me most was discovering how much I'm capable of building and how passionate developers invest in their skills every single day. The journey has been incredibly fulfilling — coming home tired but satisfied, excited about what I learned and built. It's far more rewarding than my previous routine of just gaming all day.
I learned to manage my own hardware, troubleshoot production issues at 2 AM, read through documentation for hours, and build something I'm genuinely proud of. This project taught me that infrastructure isn't just about code — it's about understanding systems, networks, security, and having the persistence to figure things out when nothing works.