Locking Down SSH in a DMZ: Lessons From My Hugo Deployment Setup
As part of building my self-hosted Hugo publishing workflow, I ended up with a surprisingly useful reminder: Even if your deployment looks simple, it often relies on more than one network flow. This came up when I started tightening firewall rules around my DMZ web server. The Setup (High Level) My environment looks roughly like this: A trusted workstation where I write content An internal Git server (Gitea) on the LAN A public-facing web server in a DMZ A deployment script that pulls updates and rebuilds the Hugo site The publishing workflow is: ...