Infrastructure & Operations
Powering the Website
A concise overview of the self-hosted technologies and pipelines bringing the Bounded Studios website and infrastructure to life.
Explore Categories
Middlewares & APIs
Custom Contact API
Internally built middleware safely handling real-time captcha verifications, dynamic email validation, and CRM routing.
Custom Download API
Proprietary endpoints built to securely manage both free and paid digital product distribution.
Custom License API
In-house dynamic endpoint responsible for generating and validating digital license agreements.
Custom Health API
Internally developed system endpoint utilized for continuous uptime monitoring and infrastructure readiness checks.
CI/CD Pipeline
GitHub Actions
Automated path-based triggers for builds on push, ensuring minimal unneeded workload.
Docker Hub
Automated registry pushes for container distribution and semantic version management.
Containerization
Docker & Docker Compose
Multi-stage builds, non-root configurations, and named volumes for persistent, secure environments.
Linux Server Security
Isolated Service Accounts
Services deployed via customized non-root users lacking interactive login shells, accessible exclusively via strict admin sudo escalation.
Disabled Root Login
Direct root access over SSH is permanently disabled, heavily mitigating unauthorized privilege escalation.
SSH Key Authentication
Password-based network logins are strictly prohibited in favor of robust, cryptographic SSH key pairs.
Strict Access Controls
Rigid permission models uniformly applied to all sensitive configuration files and application directories to aggressively minimize risk vectors.
Fail2Ban
Automated intrusion prevention daemon dynamically blocking adversarial IP addresses exhibiting malicious behavior or iterative login failures.
Networking & Security
Cloudflare CDN
Global edge caching for accelerated content delivery and reduced origin server load.
Traefik v3
Reverse proxy with dynamic routing mapping containers instantly on deployment.
Cloudflare & Let's Encrypt
DNS management and automated wildcard certificate generation via DNS-01 ACME challenge.
WireGuard VPN
Securing administrative interfaces and monitoring dashboards from the public internet.
Cloudflare Zero Trust
Securing dashboards that need to be exposed to the internet.
Observability
Prometheus
Time-series database actively scraping and storing metrics from across all our infrastructure.
Grafana
Visual analytics and interactive dashboarding powered directly by our metrics and log data.
node_exporter
Hardware and OS metrics exporter tracking the fundamental health of the underlying host machines.
cAdvisor
Container-level resource monitoring keeping strict track of individual Docker container performance.
Loki
Highly scalable log aggregation system that efficiently indexes high volumes of application logs.
Promtail
Lightweight agent capturing host and container logs and streaming them seamlessly into Loki.
Data Management
Cloudflare R2
S3-compatible object storage utilized for the fast and secure delivery of digital downloads.
Restic
Automated backup engine ensuring data integrity with client-side AES-256 encryption before transfer.
Backblaze B2
Cost-effective blob storage forming the reliable, zero-trust backend for our off-site backups.
PostgreSQL
High-performance relational database powering our headless Medusa commerce engine and core application data.
MariaDB
Robust and reliable relational database storage powering the transactions of our automated service stacks.
Redis
High-speed in-memory data store crucial for caching, session management, and task queues.
Backend Services
Medusa
Headless commerce backend driving our storefront operations, cart management, and checkout flows.
Cloudflare Turnstile
Privacy-focused, frictionless bot protection securing our forms and API endpoints from automated abuse.
n8n
Self-hosted workload automation providing secure webhook endpoints for external system interactions.
Mautic
Self-hosted marketing operations resolving form submissions directly from our front-end securely.
Analytics & Tracking
Google Tag Manager
Centralized tag management orchestrating our marketing integrations seamlessly ensuring accurate measurement without compromising user privacy and consent.
Google Analytics & Facebook Pixel
Strictly opt-in integration tracking user interactions and marketing attribution.
linkedin.com/in/viktor-aleksiev93
GitHub
github.com/BoundedOfficial
[email protected]
Download Resume (PDF)
Latest DevOps-focused CV
Get in touch
Send a secure message directly from this page. All submissions route through our hardened API.