Advanced / Technical Details
For those who want to dig under the hood, this page outlines the technical stack, security practices, and compliance details of Panther & Cub Hosting.
Server Stack
- Infrastructure provider: Hetzner (Cloud VPS and Dedicated Servers).
- Orchestration: Docker + Dokploy.
- Reverse proxy: Traefik (automatic SSL, routing).
- DNS: Cloudflare (managed DNS with DDoS protection).
- Object storage: Cloudflare R2 (S3-compatible, zero egress fees) — included in all plans for backups, media, and app files.
- Databases: MySQL/MariaDB, PostgreSQL, Redis (depending on app).
- VPS storage expansion: Hetzner Volumes (when VPS disk needs to grow beyond included capacity).
- Backups:
- VPS snapshots for disaster recovery.
- File/database backups stored offsite in Cloudflare R2 (included in hosting fee).
Security Practices
- Firewall → UFW active with default deny incoming, allowing only essential ports.
- SSH hardening → key-based authentication only, password auth disabled, PAM disabled.
- Intrusion prevention → Fail2Ban active in aggressive mode for SSH protection.
- Automatic SSL via Let's Encrypt.
- Container isolation → apps run in their own Docker containers.
- DDoS protection → Cloudflare DNS with edge-level mitigation.
- Monitoring → basic uptime + resource tracking.
Data Location & Compliance
-
Servers located in:
- Germany (Nuremberg, Falkenstein)
- Finland (Helsinki)
- USA (Ashburn, Virginia)
- Singapore
-
Hetzner is fully GDPR compliant (EU/US regions).
-
Clients may request a specific region if needed.
Scaling & Upgrades
- Shared / pooled servers → clients can be migrated to larger pooled nodes as needed.
- Private VPS → can be resized vertically (upgrade to larger Hetzner CX/CPX) or migrated to bare metal.
- Enterprise → dedicated servers can be provisioned with custom specs.
Tooling
- CI/CD: Dokploy supports automated deploys from Git (GitHub, GitLab, Bitbucket).
- App Management: updates and deployments handled via Dokploy + Docker CLI.
- DNS Management: Cloudflare (if domain managed by us).
- Database Access: Available on request via secure tunnel or web interface.
- Monitoring stack (optional): Prometheus + Grafana (internal use).
Stack Overview
Core Technologies:
- Docker + Dokploy for orchestration
- Traefik for routing and automatic SSL
- Cloudflare for DNS and object storage (R2 included in hosting fee)
- Hetzner for compute infrastructure
Security:
- UFW firewall + Fail2Ban intrusion prevention
- SSH key-based authentication only
- Container isolation
- GDPR-compliant datacenters