2017
STL baccalaureate — physics & lab sciences
Any
Gnahiet
“I build quiet tools and servers you forget about — because they just hold.”
Web & mobile developer · full-stackÉpinay-sur-Seine, Francestatus=available
work
PROJECT
01
▸ SELF-HOSTED SERVER · DEBIAN
Megalaudon
Hardened Debian server for personal hosting: isolated Docker (userns-remap), Caddy HTTPS reverse proxy, Tailscale private VPN, Cloudflare Tunnel for public exposure, Vaultwarden, monitoring and automated rsync backups.
DebianDockerCaddyTailscaleCloudflare
year = "2026"
status = "completed"
stack = 5
PROJECT
02
▸ PORTFOLIO · ASTRO
anygnahiet.dev
This site. A bilingual static portfolio built with Astro and React islands, self-hosted on Megalaudon behind Caddy and Cloudflare Tunnel.
AstroTypeScriptReact
year = "2026"
status = "in-progress"
stack = 3
craft
JavaScript
· thunder ·
TypeScript
· metal ·
Java
· fire ·
HTML / CSS
· form ·
SQL
· water ·
Linux
· stone ·
Network
· wind ·
▸
Infrastructure & DevOps
Linux (Debian)DockerCaddyTailscaleCloudflare TunnelVaultwardenrsyncGit / GitHub
▸
Front-end
ReactReact NativeHTML / CSSJavaScriptTypeScriptPenpot
▸
Back-end
JavaSpring BootHibernateAPI RESTMySQL
the fortress
“Megalaudon: a hardened Debian server, at home. Isolated Docker, Caddy out front, Tailscale for private access and Cloudflare Tunnel to expose only what’s needed. Everything backed up, monitored, and quiet.”
0
Services
0d
Uptime
A+
SSL Labs
A+
Observatory
Public traffic
InternetPublic visitors
Cloudflare TunnelNo public IP exposed
Private admin traffic
AdministratorLaptop / mobile
TailscaleVPN mesh (WireGuard)
Debian server (Megalaudon)Hardened host: userns-remap, cap_drop, no-new-privileges
CaddyHTTPS reverse proxy
← SSH adminIsolated Docker networkContainers with userns-remap, filtered access
VaultwardenPassword manager
Portfolioanygnahiet.dev
Monitoringsmartmontools, Diun
Backupsrsync + SMTP
● NODE.01
Hardened host
System foundation
- · Debian · 8 GB RAM
- · 2 To + backup miroir
- · SMART : PASSED · CPU < 0.1
- · Docker · userns-remap · cap_drop
● NODE.02
Reverse proxy
HTTPS front door
- · Caddy
- · HTTPS automatique
- · En-têtes de sécurité
- · CSP · HSTS
● NODE.03
Access & exposure
Networking
- · Tailscale · VPN privé
- · Cloudflare Tunnel
- · Exposition publique minimale
● NODE.04
Services & monitoring
Operations
- · Vaultwarden · Portainer
- · Diun · socket-proxy
- · smartmontools · Alertes SMTP
- · Sauvegardes rsync · miroir
// stack rationale
Why Caddy over Nginx?
Caddy handles HTTPS automatically via ACME — no certbot, no cron. Config is readable, security headers are two-liners. Nginx would have worked, but Caddy takes 70% less config for the same outcome.
Why Tailscale over raw WireGuard?
Tailscale wraps WireGuard with zero-config key management and automatic DNS. Instead of opening an SSH port to the internet and managing keys by hand, I reach the server from anywhere with zero exposed attack surface.
Why Cloudflare Tunnel?
The tunnel creates an outbound connection from the server — no inbound ports open on the router. Public traffic passes through Cloudflare before reaching Caddy. Result: no ports directly exposed, neither SSH nor HTTP.
path
2019
Technical diploma — physics for industry & lab
2021
Cybersecurity training (OpenClassrooms)
2022
Web & mobile developer — Philiance
2023
Application designer-developer — GRETA
2024
Sales associate — Micromania
2025
Bachelor in information systems (CNAM)
2026
Megalaudon server launch · studying for LFCS