Scott Haight
Architecture

Built, secured, and self-hosted

This site isn't a hosted website builder. It's a small, real environment — proof of how I think.

Context

Why show this?

Cloudflare at the edge, a secured perimeter, VLAN segmentation, and an Ubuntu VM on VMware vSphere running Nginx. A small environment, but it reflects how I approach any environment: reliable, observable, and repeatable.

Good infrastructure design doesn't change based on scale. The same principles that govern a 200-site global network apply here — least privilege, segmentation, visibility, and recovery planning.

Diagram

High-level flow

Simplified by design — enough to demonstrate the architecture without exposing sensitive specifics.

Internet Global traffic Cloudflare DNS & SSL Edge / WAF Firewall Perimeter Catalyst Switch VLAN segmentation VMware vSphere Hypervisor / compute Ubuntu VM Nginx / web server
Security & Discipline

Practices I apply everywhere

  • Patch discipline. Hardening isn't a one-time event — it's ongoing maintenance.
  • Restricted management access. Reduced public attack surface through least-privilege design.
  • Monitoring and logging. Visibility into abnormal behavior before it becomes an incident.
  • Backups and snapshots. Quick recovery without drama when things go wrong.
  • Simple design preference. Easy to operate is a feature, not a compromise.
Stack

Technology in use

Cloudflare
DNS, SSL termination, WAF, edge caching
VMware vSphere
Hypervisor and compute virtualization
Ubuntu Server
Linux OS — 24.04 LTS
Nginx
Web server and reverse proxy
Cisco Catalyst
VLAN segmentation and switching
Perimeter Firewall
Hardened ingress/egress control