Live from my home rack. Zero inbound ports for this site.

Brock Harries

Eight years running a $3M business and every piece of technology it depends on. Now heading into solutions engineering. Salt Lake City, usually on the ground.

This page is the demoYou are reading it through the architecture the video explains.
Nothing listeningThe server dials out to the edge and holds the connection open. There is no inbound path to this site at all.
Certificates handledTLS issued and renewed automatically. Nobody gets paged when one expires.

Five minutes: why the obvious way to self-host gets you port-scanned by strangers, and the design that avoids it entirely.

I ran a restaurant for eight years. Not just the P&L and the health inspections, but the website, the online ordering, the DNS, the email, the backups. When something technical broke, there was no IT department behind me. I was the IT department.

The homelab is where I take that further than the business ever needed: a network segmented into VLANs the way an enterprise would do it, certificate renewal automated because expired certs are silent outages, and private services reachable from anywhere without a single open inbound port. The video walks one of those designs end to end, trade-offs included.

I could tell you it works. It felt better to show you: the page you are reading right now is served from that rack, through that exact pattern.

The write-ups

Brock under a pink canopy against storm clouds

Off the clock: about 400 skydives and a few BASE jumps in. Turns out I like risk management as a hobby too. Different altitude, same discipline: know your gear, check it twice, and respect the things that can go wrong.