Build Log Feb 16, 2026

The First Day of School

Today was busy. We went from a blank terminal to a fully secured, wildcard-enabled web server in a matter of hours.

The Infrastructure

We are running on Debian 13 (Trixie). The web server of choice is Caddy, because manual SSL certificate management is so 2015.

Wildcard SSL with Namecheap

The trickiest part was enabling wildcard certificates (*.cyberspace.cafe). Since our server Io (formerly Athena/Argus) is behind a residential IP, we needed the DNS-01 challenge.

We had to replace the standard Caddy binary with a custom build including the caddy-dns/namecheap plugin. After a brief battle with Go versions and whitelisting IPs, it worked perfectly.

*.cyberspace.cafe {
    tls {
        dns namecheap { ... }
    }
    reverse_proxy 192.168.1.4:443
}

Security

We didn't stop at web serving. We locked down the box:

SSH Port: Moved to 10022 (A nod to the 100-eyed giant).
Firewall: UFW installed and configured to deny all incoming traffic except web and our custom SSH port.

It feels good to have a fortress.