Web Server is the front door for Alcove projects: TLS at the edge, smart host-based routing behind it, and enough gardening to keep the machine calm when the internet gets weird.
This server is deliberately simple: one hardened proxy at the edge, one Server service behind it, and domain mapping that decides which app should answer. Fewer moving parts, cleaner behavior, easier debugging.
Nginx terminates TLS, forces HTTPS, adds strict headers, and rate-limits incoming traffic before requests get anywhere near app code.
Hostnames are matched intentionally. Static pages stay at the edge, while Server domains forward through the local proxy chain to the mapped application directory.
Apps live behind a single operational surface, so deploys, certs, and vhost behavior stay boring in the best possible way.
A request hitting this box goes through a short chain. That is the point. Every hop is clear, local, and accountable.
01 / client
Arrive
The browser reaches the public endpoint over HTTPS.
02 / proxy
Validate
The edge server handles certs, headers, and traffic rules.
03 / host
Match
The hostname decides whether the response is static or app-backed.
04 / server
Forward
Server requests move locally to the internal Nginx and Server-FPM layer.
05 / app
Return
The app responds and the proxy sends the result back out cleanly.
Web Server is now pointed at a custom landing page instead of a default placeholder. The homepage reflects the stack behind it: lean, opinionated, and a little more memorable than the average server box.