Skip to main content

Advanced / Technical Details

For those who want to dig under the hood, this page outlines the technical stack, security practices, and compliance details of Panther & Cub Hosting.

Server Stack

  • Infrastructure provider: Hetzner (Cloud VPS and Dedicated Servers).
  • Orchestration: Docker + Dokploy.
  • Reverse proxy: Traefik (automatic SSL, routing).
  • DNS: Cloudflare (managed DNS with DDoS protection).
  • Object storage: Cloudflare R2 (S3-compatible, zero egress fees) — included in all plans for backups, media, and app files.
  • Databases: MySQL/MariaDB, PostgreSQL, Redis (depending on app).
  • VPS storage expansion: Hetzner Volumes (when VPS disk needs to grow beyond included capacity).
  • Backups:
    • VPS snapshots for disaster recovery.
    • File/database backups stored offsite in Cloudflare R2 (included in hosting fee).

Security Practices

  • Firewall → UFW active with default deny incoming, allowing only essential ports.
  • SSH hardening → key-based authentication only, password auth disabled, PAM disabled.
  • Intrusion prevention → Fail2Ban active in aggressive mode for SSH protection.
  • Automatic SSL via Let's Encrypt.
  • Container isolation → apps run in their own Docker containers.
  • DDoS protection → Cloudflare DNS with edge-level mitigation.
  • Monitoring → basic uptime + resource tracking.

Data Location & Compliance

  • Servers located in:

    • Germany (Nuremberg, Falkenstein)
    • Finland (Helsinki)
    • USA (Ashburn, Virginia)
    • Singapore

  • Hetzner is fully GDPR compliant (EU/US regions).

  • Clients may request a specific region if needed.

Scaling & Upgrades

  • Shared / pooled servers → clients can be migrated to larger pooled nodes as needed.
  • Private VPS → can be resized vertically (upgrade to larger Hetzner CX/CPX) or migrated to bare metal.
  • Enterprise → dedicated servers can be provisioned with custom specs.

Tooling

  • CI/CD: Dokploy supports automated deploys from Git (GitHub, GitLab, Bitbucket).
  • App Management: updates and deployments handled via Dokploy + Docker CLI.
  • DNS Management: Cloudflare (if domain managed by us).
  • Database Access: Available on request via secure tunnel or web interface.
  • Monitoring stack (optional): Prometheus + Grafana (internal use).

Stack Overview

Core Technologies:

  • Docker + Dokploy for orchestration
  • Traefik for routing and automatic SSL
  • Cloudflare for DNS and object storage (R2 included in hosting fee)
  • Hetzner for compute infrastructure

Security:

  • UFW firewall + Fail2Ban intrusion prevention
  • SSH key-based authentication only
  • Container isolation
  • GDPR-compliant datacenters
Last updated on