๐ŸŒ

Expertise

Full-Stack Web Solutions

From an empty domain and a blank VPS to something people can actually visit

Where this actually started

I didn't start with frameworks or a course that walked me through it step by step. I started with an empty VPS, a domain I'd just bought, and no real idea what "pointing a domain at a server" meant in practice. The gap between owning a domain and having a working site turned out to be filled with a lot of small, unglamorous decisions โ€” DNS records, SSL certificates, mail configuration โ€” that no single tutorial covers end to end.

What follows isn't a highlight reel. It's closer to the actual order things happened in, including the parts that didn't work the first time.

VPS โ†’ Live
Bare server to production
DNS ยท SSL ยท Mail
The parts tutorials skip

The starting problem

"I have a domain and a server. Now what?"

๐ŸŒ

A domain isn't a website

Buying a domain just reserves a name โ€” it doesn't connect to anything until DNS records tell the internet where to send visitors. That distinction sounds obvious written down, but it's genuinely confusing the first time you're staring at a DNS panel with A, CNAME, MX, and TXT rows and no idea which one does what.

๐Ÿ–ฅ๏ธ

A VPS is just Linux, nothing more

No control panel, no pre-installed anything. It's a blank machine with root access โ€” which is powerful, but also means every mistake is yours to fix, including the ones that lock you out of SSH.

๐Ÿ”’

"Secure by default" isn't real

SSL, firewall rules, and mail authentication (SPF/DKIM/DMARC) all have to be set up deliberately. Skip one and the failure shows up somewhere unexpected โ€” usually as email landing in spam, or a browser flagging the site as untrusted.

DNS: the part everyone underestimates

What each record type is actually for

An A record points a domain straight at a server's IP address. A CNAME points a subdomain at another domain name instead of an IP โ€” useful for things like www pointing at the root domain. An MX record tells other mail servers where to deliver email for your domain, which is a completely separate system from your website's hosting.

Then there's the trio that trips up almost everyone doing this for the first time: SPF, DKIM, and DMARC โ€” all TXT records, all related to proving your outgoing email isn't forged. Get these wrong and your own emails get marked as spam by the very providers you're emailing.

SPF
Who's allowed to send as you
DKIM + DMARC
Signs and enforces trust

A typical stack, piece by piece

How the layers actually connect

โ˜๏ธ

Cloudflare in front

Handles DNS, proxies traffic, terminates SSL at the edge, and caches static assets โ€” meaning the origin server does less work and is less directly exposed.

๐Ÿงฐ

CyberPanel on the VPS

A control panel over Apache/OpenLiteSpeed, MySQL, and Let's Encrypt โ€” genuinely useful, but I always went in wanting to understand what it was doing underneath, not just clicking buttons.

๐Ÿ—„๏ธ

MySQL for anything dynamic

Whether it's WordPress's own tables or a custom PHP app, the database is usually the part that needs the most care around backups โ€” it's the one piece that isn't trivially reproducible from source files alone.

๐Ÿ“ฆ

Static sites on GitHub Pages

For portfolio/marketing-style sites with no server-side logic, GitHub Pages behind Cloudflare removes the VPS entirely โ€” free hosting, automatic deploys on push, and Cloudflare still handles DNS and caching.

Deploying a static site โ€” the actual steps

1

Push to GitHub

Repo builds automatically via GitHub Pages on every push to the main branch โ€” no manual upload step.

2

Point DNS at GitHub Pages

A records for the apex domain, plus a CNAME file in the repo root containing the custom domain โ€” miss this file and the custom domain silently stops resolving on the next rebuild.

3

Proxy through Cloudflare

SSL mode set to Full (Strict), not Flexible โ€” Flexible mode with GitHub Pages can cause redirect loops that are confusing to debug because both ends technically "work."

4

Verify indexing

Canonical tags, sitemap, and Search Console submission โ€” a site can be live and correctly hosted while still being invisible to Google if these are wrong.

Mistakes I've actually made

๐Ÿ”

Flexible SSL + GitHub Pages

Caused an infinite redirect loop โ€” Cloudflare talking HTTP to an origin that itself redirects HTTP to HTTPS. Switching to Full (Strict) fixed it immediately once I understood why it was happening.

๐Ÿ“ง

Missing SPF record

Outgoing mail from a custom domain landed in spam for weeks before I traced it back to a missing SPF TXT record โ€” an easy fix once identified, a confusing one until then.

๐Ÿ—ƒ๏ธ

Assuming files were the whole backup

Backing up a WordPress site's files without the MySQL database is not a backup โ€” it's half of one. Learned this before it cost data, but only barely.

Lessons learned & what's next

๐Ÿงญ

Understand the layer below the panel

CyberPanel is genuinely useful, but knowing what it's doing to Apache/Nginx config underneath means I can actually fix things when the panel's UI doesn't cover the situation.

๐Ÿ›ก๏ธ

Treat email auth as part of deployment, not an afterthought

SPF/DKIM/DMARC now go in on day one of any new domain, not after the first delivery problem shows up.

๐Ÿš€

Next: automated backup verification

Backups that are never test-restored are an assumption, not a guarantee โ€” that's the next piece I want to build properly, not just configure and trust.

A few common questions

Do you use a VPS for every project?

No โ€” static portfolio/marketing sites go on GitHub Pages behind Cloudflare, since there's no server-side logic to justify a VPS. Anything needing a database, custom backend, or WordPress goes on a VPS with CyberPanel.

Why Cloudflare in front of everything?

DNS management, edge SSL termination, and caching, largely for free at the tiers I need. It also means the origin server's real IP isn't the first point of contact for every request.

What's the most common deployment mistake you see?

Treating SSL mode ("Flexible" vs "Full/Strict") as a checkbox instead of something tied to how the origin server actually behaves โ€” it's the single most common cause of confusing redirect loops.

Need something deployed properly, not just "up"?

Domain, hosting, SSL, email โ€” I can take it from empty to production.

Get In Touch