A single-file Python Flask application that turns a directory of images into a responsive thumbnail grid with a lightbox. No database, no CMS, no build step — point it at a folder and go. Thumbnails generate once with Pillow and cache to disk. Built on the same systemd, Gunicorn, and Nginx reverse-proxy pattern covered in the Flask guide.
Nginx doesn't care what's on the other end of proxy_pass. A real Flask app — log monitoring, systemd service management, and permission debugging — demonstrates the pattern that works for any backend language.
Serve a WordPress site from a home server through a lightweight VPS proxy — static assets mirrored to the VPS disk, dynamic requests proxied over Tailscale, and every database query running at local NVMe latency. A playground project that turned out well enough to document.
Every Cloudflare toggle you should turn off, and the origin hardening that must be in place first. Full (Strict) SSL, no content modification, no header injection — a configuration where your VPS owns every security decision and Cloudflare provides the network.
Convert images to WebP on disk with cwebp, let nginx serve the right format based on the browser's Accept header, and leave WordPress completely out of it. No plugins, no exec(), no database changes.
Set up fail2ban for SSH and Nginx with AbuseIPDB reporting, incremental bans, and daily blacklist imports from AbuseIPDB, Bitwire, and Spamhaus — a layered defense that catches bots before they reach your application.