CuevasLab Shop & CMS from scratch.

A portfolio. A hidden CV. A starting point.

Simple idea first: buy a domain, build a landing page and a password-protected CV. Simple enough to barely mention — and exactly what was needed to prove the workflow worked.

Mini-games as a methodological test.

Once the base was live, the question changed: can I apply what I know about structured product development to AI-assisted coding? The homepage mini-games weren't just fun — they were the first real test of what would later become The Copilot Loop.

March 8th. An email changed the scope.

"For 24 hours, building in Lovable is completely free, in collaboration with Anthropic." What more could I ask for? I spent that day designing what MY complete e-commerce would look like, built entirely my way.

Three independent, deployable services

Commerce backend, headless CMS, and storefront as three separate services, each with its own pipeline.

Multilingual UI with a pragmatic strategy

i18n in 6 languages with a strategy that survives the framework's constraints.

Reproducible infrastructure on cheap hardware

Everything runs on a VPS costing less than €5/month. Documented for installation from scratch.

Client browser

Accesses the Next.js storefront served by Vercel — edge-delivered, fast, globally cached.

Vercel · Next.js

Server components fetching from Medusa and Strapi APIs. Content cached with Next.js tags.

Strapi CMS

Headless CMS managing homepage content in 6 locales. Schemas defined as code. REST API on port 1337.

Nginx gateway

TLS termination and reverse proxy. Routes shop-backoffice.* to Medusa and cms.* to Strapi.

Medusa.js v2

Commerce engine with product catalog, checkout, and admin. Custom seed scripts for the demo catalog.

PostgreSQL · Redis

Shared persistence for Medusa and Strapi. Separate databases, same Docker network.

Why CMS and commerce are separate services

Medusa handles transactional data — products, orders, checkout. Strapi handles editorial content — hero text, category descriptions, announcements. Keeping them separate means each can be updated, restarted, or scaled without affecting the other.

Why self-hosted instead of managed SaaS

Hetzner CX23 costs less than €5/month and gives full stack control. The infrastructure overhead is worth it to demonstrate operational ownership — the ability to configure Nginx, manage SSL, and debug Docker networking.

Vercel for the storefront, not for the backend

Next.js on Vercel gets edge delivery, automatic preview deployments, and zero server maintenance. The commerce backend and CMS need persistent storage and admin UIs — those belong on the VPS.

Editor publishes in Strapi Admin

cms.cuevaslab.es/admin — localized fields for each of the 6 supported languages.

Strapi REST API serves localized content

strapiGetLocalized() fetches with locale param, fallback to EN if locale doesn't exist.

Next.js server components cache with tags

Each fetch includes next: { tags: ["hero"] }. Responses are cached at the server layer.

Cache invalidation via revalidate endpoint

POST /api/revalidate?secret=... with model UID triggers revalidateTag() for that content type only.

Cookie-based i18n instead of next-intl

Medusa's storefront uses middleware to inject the country code into the URL. next-intl also runs as middleware. Two middleware functions in Next.js conflict — only one can intercept the request. Cookie-based i18n with getLang() sidesteps the conflict entirely.

Strapi schemas in code, not in the admin UI

Strapi v5 production mode disables the Content-Type Builder. You can't create or modify content types from the UI after deployment. Schemas live as JSON files in src/api/[name]/content-types/[name]/schema.json. This is better: versioned and reproducible schemas.

Nginx with lazy DNS resolver for Docker services

Nginx resolves upstream hostnames at startup. When Strapi's container starts after Nginx (which happens in Docker Compose), Nginx fails with "host not found in upstream" and enters a crash loop. Fix: use Docker's internal DNS server (127.0.0.11) with proxy_pass in a variable so resolution happens at request time, not boot time.

Medusa.js v2 — The decision that changed everything

The question was: Shopify, WooCommerce, Magento, or something headless. Shopify is SaaS — no real control over the stack. WooCommerce is tied to PHP and WordPress, a world I know well but wanted to leave. Magento is a giant for a one-person project. Medusa.js v2 offered what I needed: headless, open source, Node.js, API-first, and a fast-growing community. And free.

Hetzner vs Azure — The reality of cost

I evaluated Azure first — it's what we use at work. But for a personal project with Docker Compose, PostgreSQL and Redis, Azure came out to over €40/month just for compute and storage. Hetzner CX23: less than €5/month for a VPS with 4GB RAM, 40GB SSD, and traffic included. Full stack control for a tenth of the price. The decision was obvious.

Vercel — Free... until you're not

Next.js on Vercel is a natural combination: edge delivery, preview deployments, zero config. The free tier was perfect at first. But as the storefront grew — ISR, Server Components, API routes — Functions CPU usage started approaching the limit. We're evaluating alternatives (Cloudflare Pages, self-hosted) because Vercel's bill can scale fast once you leave the free tier.

Cloudflare — DNS and protection

DNS management, proxy, CDN-level caching, and basic DDoS protection. All free. Cloudflare is one of those tools that once you configure it, you forget it's there — and that's exactly what you want from your network layer.

Strapi v5 vs Contentful vs Sanity

Contentful and Sanity are cloud-hosted — easier to set up, but with pricing that scales by API calls and locales. With 6 languages and growing content, the cost skyrockets. Strapi v5 is open source, self-hosted on the same VPS as Medusa, and gives me full control over schemas. The trade-off is that I maintain it — but that's exactly what I want to demonstrate.

Cloudinary — Optimized images

Product images are served from Cloudinary with automatic transformations: WebP/AVIF format, viewport resize, lazy loading. The free tier more than covers the demo catalog needs. And it significantly improves LCP versus serving images from the VPS.

Google Analytics + Tag Manager

GA4 for user metrics and GTM to manage all third-party scripts without touching code. Each new service (cookies, reCAPTCHA, clarity) is added via GTM, not hardcoded in HTML. This keeps the code clean and tracking centralized.

Cookie Script — GDPR consent

Cookie banner with type categorization (necessary, analytics, marketing). GDPR compliance without implementing anything custom — the script is injected via GTM and manages consent automatically.

reCAPTCHA v3 + v2 fallback

Bot protection on contact and registration forms. reCAPTCHA v3 is invisible — runs in the background and scores the risk. If the score is low, the v2 checkbox appears as fallback. The best UX possible without sacrificing security.

Google Translate — Catalog translations

Editorial content (CMS) is manually translated to 6 languages. But product descriptions in Medusa use Google Translate API as a base, reviewed afterwards by a human. Pragmatism: a decent translation is better than an empty description in 5 of the 6 languages.

Resend — Transactional emails

Order confirmations, password resets, notifications. Resend offers a clean API, good free tier, and templates with React Email. Integrated directly with Medusa via custom notification provider.

Real monthly cost

Hetzner VPS: ~€5. Domain: ~€1/month amortized. Cloudflare, Cloudinary, Vercel, Strapi, Medusa, GitHub Actions: €0 (free tier). Resend: €0 (free tier). Total: less than €6/month for a complete e-commerce stack in production with 6 languages.

Lovable as a design accelerator

March 8th wasn't just a day of free design — it was the moment the project went from "a portfolio with a basic store" to "a complete e-commerce platform with a design system, 20+ designed pages, and a clear product vision". Without Lovable, those designs would have taken weeks.

Strapi v5 content types

JSON schemas, controllers, services, and routes for the 5 content types.

Cookie-based i18n system

getLang(), t(), SUPPORTED_LANGS, countryFlag() utility.

GeoModal

Browser locale detection → country + language selection + cookie persistence.

5 GitHub Actions workflows

Path-triggered builds, push to Docker Hub, SSH deploy to VPS, Vercel deploy.

Nginx configuration

TLS routing, lazy DNS resolver, upstream definitions for Medusa and Strapi.

Stack selection and architecture decisions

Medusa vs Shopify, Strapi vs Contentful, Hetzner vs managed cloud. Service boundaries, what goes on VPS vs Vercel, cost constraints.

CMS content and product strategy

All content written, structured, and published by me in Strapi admin. What to build vs defer (Stripe, dark mode, wishlist), demo scope.

Debugging judgment

Forming hypotheses, deciding when to escalate, root cause analysis.

Lighthouse CI on every deploy, not just once

Lighthouse runs in GitHub Actions after every deployment. Thresholds are set to "warn" (not "error") because CI runners don't replicate real user conditions — they serve to detect regressions, not as absolute values. The exception is CLS, which is an error because it measures layout shifts regardless of runner speed.

Historical trends per release

Each release has its metrics stored. The deployment dashboard shows the evolution: if the Performance score dropped 5 points in v1.20, it's immediately visible. This allows detecting which change introduced a regression.

Key optimizations

Cloudinary preconnect for hero LCP. Fonts with display: swap. Images in WebP/AVIF. Lazy loading on below-the-fold. CSP with strict-dynamic for GTM. ISR on catalog pages to reduce CPU time in Vercel Functions.