evergreen on

Code Deployment: The self-hosted way

Priyatham — Sun, 12 Apr 2026 00:00:00 +0000

Code, as-it-is takes a lot of time to write, but also to host, build and deploy. I use a different set of tools for my usage. Most of them the conventional ones are free, they came with a catch. It always needs permission to your code, it could be used to train AI or would be limited to certain domains, certain number of runs or available for a limited trial period.

A small section of my homepage of services

I don't like what has become of GitHub, with unnecessary settings and bloat, it lost its simplicity. Gitea was a good option, but Forgejo was even better (I will not get into their fued) but any will work flawlessly. I wanted to host the code I wrote, instead of keeping it somewhere else. Coolify was a really cool and wonderful software that has almost everything I needed to deploy web applications.

Port Forward for Forgejo SSH

I can't rely on HTTPS for cloning and handling the git repos. I need a ssh way of doing things. But 22 is already for my own server from my public IP. So, a new port is in order to handle all of the git requests.

My SDN needs to be able to forward all of them from the local network to the SDN through iptables. I wasn't really sure how to do but, I tried it. It worked flawlessly. Once I got it working, I was able to do it for DNS and FTP and many others which was awesome.

# forgejo ssh port: 2222
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 2222 -j DNAT --to-destination 10.10.10.116:2222
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 2222 -j DNAT --to-destination 10.10.10.116:2222

post-up iptables -t nat -A POSTROUTING -o vnt1 -p tcp --dport 2222 -d 10.10.10.116 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -o vnt1 -p tcp --dport 2222 -d 10.10.10.116 -j MASQUERADE

post-up iptables -A FORWARD -p tcp -d 10.10.10.116 --dport 2222 -j ACCEPT
post-down iptables -D FORWARD -p tcp -d 10.10.10.116 --dport 2222 -j ACCEPT

First section of post-up rules to forward incoming SSH traffic to the LXC container 116 on IP 10.10.10.116. The second one, post-down for outgoing with local networks in other interfaces and the last set of forward rules for external connection to be forward to the container.

Once that was done, I wanted to be able to deploy it where I wanted, I could build it and server using nginx, but that would be a hassle for every single typo and commit I saw myself making and correcting. Running them in different ports, giving subdomains. Which I had something like Vercel or heruko when I used as an undergrad, something similar that I could self-host. After a good look, I found Coolify to be a good way to build and deploy prototypes.

The Forgejo server config has variables that can check standard ssh port to something like 2222

How the unconventional port number is shown for cloning my git repo

Subdomains for Coolify

Thinking and designing the whole system. The straight forward approach was to have subdomains like *.priyatham.in. But wait, I have many other services (I think close to 25, All of them). Conflicts can occur. I didn't want to deal with them or think about it. So a multi-level subdomain ( I call it sub subdomain) could be the solution. *.deploy.priyatham.in would work giving it a way for me to differentiate between my regular services and test sites.

What about the UI of Coolify ? That can't be inside. So I reverse proxied it with deploy-ui.priyatham.in.

I couldn't get the name of the repo to be the sub subdomain automatically once I create the project in the UI. I have to manually go and edit it as I deploy it out.

Certbot for sub-subdomain

I had the Certbot plugins to do the renewels and creation of certificates for regular subdomains, this one needs a new one. Since I wanted a wildcard domain with deploy it should *.deploy.priyatham.in hence have to create the certs for the same. I use the porkbun plugin because that's where I have my nameservers and the domain management. But the command is (for me to copy paste later on):

~# certbot certonly \                                
--dns-porkbun-credentials .../credentials.ini \
-d "*.deploy.priyatham.in" \
-d priyatham.in

Deploy keys with Forgejo and Coolify

Deploy keys are used for exactly what they say they are. To deploy private git repos with ssh safely and properly.

Coolify has a weird of doing it (or I don't know the right way), there's a back and forth of doing it,

Create the Deploy keys
add it to authorized keys
add it to your Forgejo repo
create the project and add the git repo selecting the same deploy key.

Dialog box to create one, the action required in bold is what I missed for hours.

The place where to add the created deploy key of Forgejo side

I wasted a lot of time by forgetting to add authorized_keys to the server that runs my deployed application. It never gave me a clear warning after creating it, so it disabled the keys with no response.

Auto builds and Webhooks

Wouldn't be cool if I don't have to manually deploy every change ? Webhooks are just for that. They follow similar steps. Creating the webhook with a secret. Adding it into Forgejo webhook, there's no clear webhook integration for coolify so I just used the forgejo one, with the targer url, secret and branch filters.

So let's say I only want to trigger when a commit is done to the main branch and not any other ones, I can create the filter to only include main instead of '*'.

Gitea webhook works with Forgejo, for now.

Add webhook integration with forgejo, the events and branch filters are the key.

Future

Forgejo runner is what I am looking at currently, trying to include that, but with all the other things I have to do (The never ending OIDC connections, or the 5 pending articles) I decided to try it out later.

Overpaying me after using illegal plugins

Priyatham — Thu, 29 Jan 2026 00:00:00 +0000

This is the third article about client horror stories, about funny and ironic situations I end up in, working with few clients. You can find the rest here

Non-tech company website

Any small business or not a tech startup generally doesn't have a code based website. A no code or the famous WordPress website is their go to. Which is perfect for its worth. It's simple, it does the job fantastically. But the problem comes when they try to grow want to have an online presence. That might look like:

I want more items to sell on my Websites
I want to be able to write more company blogs
I want to collect more data and get more leads
I have some new tech people and want to use them

Client and their personal website

My client had two websites, one was for a small hobby website to take classes for little kids and the other is a small startup website. They haven't updated the hobby classes website for more than 3 years and want to include info about new classes and take registration from the WordPress website. So was the other company website portfolio with WordPress. The problem was it was all self setup with pirated/jailbroken plugins for themes and Elementor.

What they failed to do, out of having little knowledge is have auto updates enabled. All the plugins got outdated, some got updated and ran into weird bugs due to new features and hacked core. Night mode and light mode twitching, calendar or database rows not showing up on the UI and such. They haven't disclosed to me about the pirated plugins and said it was more due to bad updates and versions which actually cost them a day. The theme they used from someone was excellent for their small business but not building or forgetting the license key doesn't help because updating it to the new standards and new features such as some integrations with Google Sheets.

I worked hard, scratched my head trying to place manual CSS and JS to fix the issues. They even had a hacked version of Elementor plugin which apparently is used for various widgets which was a terrible idea. It wouldn't open properly and error out to change or edit the interface, so I had to guess which CSS classes it's using for what based on inspection, introduced new sections with the same class names to keep them consistent with the rest of the page. Carousels were something I had to override. More and more of the issues were fixed but, slowly I discovered the hacked plugins and when I asked them about it, they agreed with me after 2 days.

There were 2 bugs on the UI from homepage, the logo wouldn't work with dark mode and whatever I do with CSS or play around the interface of the theme, I simply cannot solve due to customization limitations and how broken the whole business site was. Elementor had version incompatibility on WordPress which I realized after reading some forums. I asked for a day more, tried every way of doing it, the only way was to just pay for the theme. I am not a WordPress wizard but, I don't think wizards like working with pirated versions either.

A cool skull pirate before a wonky UI with gibberish

The world of WordPress is something I found really fascinating, it's huge with paid tiers and the famous ones. One thing I hate with WordPress plugins, is the constant nagging to buy a paid tier from a free tier and excessively locking features. I got to work on two more clients who used WordPress. But in all three of them, the sites internally a mess. Sometimes made a mess with PHP intentionally by the developer to have the site owners pay for modifications additions in PHP rather than site owners able to edit on their own. One of which is also the developer who gave DMCA notices

I think they believe that they got the skills and are tech-literate enough to use hacked plugins or found it cool to use them. When it all came crashing down, they asked for help. I say it's more bad than fun. Using such things will only make the website worse and put any company or business in security risk.

Finally, they realized the issue and told they are going to start paying for them and bought the plugins. Which were $75 for a license. And my consulting fees were $500 for a day of work. Took $1250 in total for the work, in fairness I did solve issues and updating their WordPress version with all the other actual free plugins and made emails work again so, not a complete waste of company money.

Buying the permanent license would have been much simpler or having me migrate to a pure HTML, CSS, JS or use a really nice open source CMS or theme that can still fit into the WordPress. Forget electricians or folks in trades, even we blame the person who wrote the software before and try to start everything from scratch. But I feel like if you are not going to change the website yourself, what's the point of having it on WordPress website yourself or what's the point of having it in WordPress 🤔. Maybe they think WordPress developers are easier to find and cheaper (I don't want my fellow WordPress developers to be taken less seriously), let me know your thoughts in comments below.

Legality may not be enforced to a small startup but, using open source software with credits and appropriate license is way better if you don't like to pay. It offers better compatibility and saves on getting consultants to solve issues that are not worth having in the first place. Growing a website to have complex integrations or interactive elements is worth paying others to develop and a good problem to have.

If you have such good problems, do let me know maybe I can fix yours too. I hope yours doesn't end up in work horror series.

Website with a DMCA takedown

Priyatham — Wed, 31 Dec 2025 00:00:00 +0000

This is the second article of work horror stories on dealing with clients and workplaces. You can find the first one here

This article revolves around Digital Millennium Copyright Act. I am not fully sure what it entails, but you should read up some info on its position and criticisms.

Some time ago, I was on track in working with a client on their old PHP website. Someone developed it, but it wasn't fully polished. There were a few forms, a few issues with it and some text changes, I was brought on to finish the work and hand it over to an offshore SEO company in India.

Easy enough! I got a grip on the requirements, discussed it with clients, they never mentioned anything about who developed or how. It was hosted on name.com. I started one night, woke up next day to a call from the client, saying the website is down, and they got an email. Well, it wasn't my fault, I didn't do any drastic changes to break production.

That's where it all begin, they got a notice for a DMCA takedown and only the nameserver is disabled as the hosting service investigate the issue. Hosting and domain access are still present. They wanted the site up and running as soon as possible.

A grey animated person who is the angry actual dev who sent the DMCA takedown to the hosting

So, I moved the nameserver to Cloudflare free tier temporarily and pointed it to the hosting IP address. We were back on !

The client was happy but came around with a new problem. The developer who actually created the website was the one who gave the notice of DMCA saying he was owed more money but was not given the final payment. The client claims he paid them in full and asked for more money they agreed upon. I haven't heard from the actual dev, so was wary.

That was not the end of the story tho, the actual dev found out and sent the same notice to Cloudflare which forwarded it to the hosting service. The client explained that the dev was alright and professional, but as end came closer, he would go out of contact, say his girlfriend has some problems. Yada Yada…

The client asked my advice, should I pay the dev for what he is asking to get out of the trouble ? or let it be and submit proofs to name.com. What if it takes so long to resolve with name.com ? They don't have a support phone number to reach in our tier. How long is the email conversation going to take place?

I responded saying, What's the guarantee the dev is going to withdraw the notice, who's to say he won't try this again after spending all his money ? I suggested stand firm but also change the hosting to someone better slowly and one who won't bend to these takedowns or are much more resistant to these.

The client was relieved from their stress and tension. Thanked me for my advice and cut the call that night.

Next morning rolls around, and I hear back saying he paid the dev again and all of it is resolved. There shouldn't be problems anymore with this. That wasn't my advice, but anything that solves the issues for me is welcomed. The developer also replied to the original complaint that it was resolved, and the DMCA notice be suspended.

I sat down and after a few hours of debugging and changing text. The website is down. Again. Something with the IP of the hosting maybe, my login and the hosting section is empty no options, or anything. I was shocked with that sight. I called the client to try it on their end, or they received any emails. Well, there it was. With the complaint, they went ahead and cancelled the hosting and will refund the client money and only left us with the domain rights and access.

The one on the left with a shocked face is my expression as I look at the client over the phone. With the whole deployment burning down

Turns out, the actual dev DMCA takedown got escalated since it happened twice but not the reply saying it's cancelled, explaining to them via email didn't go anywhere. With the client being frustrated more than ever, we decided to move the hosting. I gave a list of hosting services that may not be that well known but won't take DMCA seriously. The client thanked me and chose BlueHost(thankfully they couldn't see my expression). Which is not the best either and will take down the whole site if a takedown was issued what can I say. (Reddit is filled with issues calling out BlueHost)

I can only advise the clients, their choices are something I can't control. I helped them set it up again, migrating the whole website and called it a final done. They wanted me to be a translator for the Indian SEO workers who couldn't speak English well. But that's a story for another time.

Getting Fired over LinkedIn account

Priyatham — Fri, 12 Sep 2025 00:00:00 +0000

This is the first article of work horror stories on dealing with clients and workplaces. Give it a read.

Why in the first place ?

Working in a startup is a different feeling. Engineering takes a back seat when revenue is not proper for the company. When they are pursuing clients and leads, they wanted me to know the process and the difficulties they are trying to automate. They were also low on leads to pursue and wanted me to reach out to some.

The CEO and the COO sent me a list of 100 contacts and to reach out to them via LinkedIn and calling them in a day and do it everyday till they told me to stop. When it came time to ask questions, I answered with wanting two things. A phone number to make the calls to their calls and I would create a new LinkedIn with the company email and to reach out to the people. Both of the asks, were fair as you will see later.

This is exactly what I had in mind, but as soon as my asks hit, the CEO was listening but writing down something hard on his book and got furious, "Don't you trust the company to use your own LinkedIn?" Why do you have to use a separate LinkedIn ? Don't you want to be associated the company mission ? Are you ashamed to be doing this ? If you don't use your personal LinkedIn, you are FIRED. The COO had some cool, told the CEO to go for a walk and talked to me.

A guy shocked over a linkedin account (It's made with my self-hosted AI, the misspelled linkedin makes it even better)

I explained the COO my reasons. I don't want to be answering client calls after work hours and calling them with a personal phone number will be greeted with "Hello" not "This is xyz company". I am not experienced about loans to answer anything anyways. The LinkedIn also had reasons, The people who clicks on contact with find my personal email associated with my account not the company email, they will find my personal experience not the company's. If I wanted LinkedIn premium or gold or any of the paid tiers they offer (They apparently have different tiers for sales people on top of gold) would the company pay for my personal LinkedIn ? should I add the company credit card to my LinkedIn account ?

We have a different email for work, is having different LinkedIn done for all the other sales people ? I asked.

He was frustrated but calmly explained, it's not the case and you doing it will send bad signals to the team (Not sure what's bad here) and everyone uses their personal LinkedIn because it is more authentic, having a blank new account doesn't give a good impression to clients. No one in sales, does it he mentioned.

I replied, Well, I have never worked in sales, how am I supposed to know ?

Okay, he asked a co-worker if had access to the company phone, maybe he could call one lead, and I could listen after that he could lend it to me. The person agreed.

The CEO returned a little cooled off but still angry. The COO explained it was a misunderstanding and I just didn't know how sales worked, it's nothing about not believing in the company mission.

I went back to typing on my laptop. He kept scribbling. The tension in the room was still present throughout the time, he left. I left a big sigh after feeling way better.

I worked for a few hours and went around the couch to go for a walk, I saw the journal wide open, I peeked inside, and in big letters tightly pressed it was written "FIRE PRI" large in bold on the page.

Not that big, but it was large and looked bolded from overwriting on top of it again and again

Shocked out of my mind, how can someone be like that? I blinked twice to make sure what I saw was real and not my mind making it up. I left for the walk, very much shocked by what's written. Will they let me go at the end of the day? Part of me was concerned about my future, my visa, I just moved, The lease. I calmed myself whatever happens will happen, If it's made up already, there's nothing I can do. I won't say anything or resign. Let them fire me.

To my surprise, I asked if there's anything else to do or any meetings left for the day and promptly left after 5. Didn't get fired. I thought maybe he changed his mind.

The next day, I started the LinkedIn connects with my personal LinkedIn having no other option other than get fired, started finding people, some were easy, some I couldn't find. Send custom connection messages, they expired after 15 connections and prompting me for gold. See this is why, I wanted a company account I thought, upon asking the CEO, he told to just connect with them, forget the gold. I mindlessly connected around 50. After which it got harder to find people, some were in construction. The list only had 65, rest were duplicate and some people with multiple businesses. I finished the list but couldn't find some.

No one was assigning or asking for any help with HubSpot or any other tech related questions. Is today the day ? I was waiting to leave after 5, and the CEO wanted to discuss the list of 100 people he gave me, I told I did reach out to 65 people. Some were duplicate and some I couldn't find.

So the data is the problem ? He raised his eyebrow.

I shrugged and said for duplicates, yes. People are willing to pay hundreds of dollars for that, you think that's the problem?

I saw he was getting ready, for his reasons to terminate. After yesterday, I wasn't afraid, why bend when they are going to fire me. I can do a better job than you, he exclaimed.

How long were you doing this ? 20 years he said. It's only been 2 days how can I be at the same level as you, I said. Then maybe you shouldn't work with us. He told. Saying he pays me 5 thousand dollars but is not able to make money on the amount he is spending on me. Maybe there is something we can do here he asked me.

Okay, I won't work for you then. Oh! You want to do it ? Yes, I told. (I didn't want to work for free just to learn sales) I am tech lead, not a sales person. Moreover, it's unlawful for me to work on anything other than what I studied as part of my visa.

He wanted to me to explain where it didn't work, I told him my work is to take business problems, find and execute technical projects. Not make sales for the company, that's not part what I was trained or what I am willing to do. He didn't agree but nodded as I was fired regardless. I knew it wouldn't matter what I said nor would they change. Just wanted to say it out loud.

And that's how asking for a separate LinkedIn account got me fired.