← All projects

PROJECT ACTIVE

securebytes.net

Active Jun 2, 2026 · 6 min read

Personal engineering platform built with Astro and deployed globally through Cloudflare Pages. Zero server infrastructure. Enterprise-grade security out of the box.

securebytes.net architecture diagram
0
servers managed
30s
push to live
300+
edge locations
$0
monthly cost

Why Astro

Astro ships zero JavaScript by default. Every page is static HTML generated at build time sub-100ms load times globally, no caching tricks required. The content collections system handles routing automatically. Adding a new project or field note means creating one .md file. Nothing else.

The schema validates frontmatter at build time so broken content never ships. No database, no CMS login, no runtime dependencies just files in a repo that Cloudflare turns into a globally distributed site.

The Deploy Pipeline

The entire CI/CD pipeline is a single command:

CI/CD pipeline diagram

Cloudflare Pages watches the repository via webhook. On every push to main it pulls the latest code, runs npm run build, and deploys the output to 300+ edge locations worldwide. The full process takes roughly 30 seconds from push to live. No SSH. No deployment scripts. No infrastructure to maintain.

Security Through Cloudflare

Every request passes through Cloudflare before it reaches the origin which in this case means there is no exposed origin to attack. The security stack is enterprise-grade and costs nothing.

DDoS Protection

Cloudflare absorbs volumetric attacks at the network layer automatically. The free tier handles attacks up to hundreds of Gbps on by default, zero configuration required.

Web Application Firewall

The managed WAF ruleset inspects every HTTP request for SQLi, XSS, path traversal, and malicious bot patterns. Rules are updated continuously by Cloudflare's threat intelligence team based on traffic across millions of sites.

Bot Management

Cloudflare scores every visitor for bot likelihood using behavioral analysis, IP reputation, and browser fingerprinting. Scrapers, credential stuffers, and vulnerability scanners are blocked before they generate a single server log entry.

TLS 1.3 Everywhere

All traffic is encrypted with TLS 1.3. Older protocols (TLS 1.0, 1.1) are blocked. Certificates are provisioned and renewed automatically zero manual cert management.

Zero Origin Exposure

Because the site is fully static on Cloudflare Pages, there is no origin server IP to expose, no SSH port to scan, and no application server to exploit. The attack surface is effectively zero.

HTTP Security Headers applied at the edge

HSTS Strict-Transport-Security forces HTTPS permanently, prevents protocol downgrade attacks.
X-Content-Type Prevents MIME-type sniffing attacks on served assets.
X-Frame-Options Blocks clickjacking by preventing the site from being embedded in iframes.
Referrer-Policy Controls referrer data leakage when navigating away from the site.

When Static Isn't Enough

This setup works because securebytes.net is content-only no authenticated sessions, no persistent state, no real-time data. Some projects require WebSockets, databases, background jobs, and API integrations. Those need real backend infrastructure containers, process managers, reverse proxies. The decision isn't about preference. It's about what the workload actually requires. Static-first where possible. Real infrastructure where necessary.

Stack

Astro 4 Cloudflare Pages Cloudflare WAF TLS 1.3 GitHub CI/CD
← Previous
Tailscale Zero-Trust Access
Next →
SecureBytes NOC Stack