While writing the code that forms this page as compliant, light-weight and future-proof as I can, I ended up keeping the following in check:
This website's source code is pretty close to the HTML being served to this browser right now. No content management system, no static site generator, just a bunch of files stored in the server's filesystem. I did end up using Server Side Includes however, to at least be able to have some code re-usability. This means that on each request, the server (nginx, with ngx_http_ssi_module) is stitching together a bunch of partial HTML files into a single document.
To achieve the minimum possible number of HTTP requests, I'm inlining all the things. The whole CSS is inside a <style> in the document header. The favicon is a base64 encoded PNG, inlined in a <link rel="icon"...> There are no tracking pixels not JavaScript..
The code lives currently in a private Gitlab.com repository and the build, packaging and deployment is done manually by me.
I got my hands on a Raspberry Pi with the Lite version of Raspberry Pi OS in it and installed Nginx with the SSI module. Pointed Nginx to a folder with my HTML files and had it listening at TCP ports 80 and 443.
I started by building and deploying the multiple moving parts (more on that below) using Docker and Docker Compose but found it to be an overkill for this setup and am currently changing the approach to immutable images using Hashicorp Packer.
I hooked the Pi into my home network with a good old ethernet cable and manually set up my ISP provided router to grant it a static private IP and port forward all incoming TCP 80+443 traffic to it. This was the most awkward part of the whole endeavour, since the router that connects my home to the internet has no APIs nor is owned by me. I could as easily just not be allowed to do this at all as I am sure many people aren't, regardless of their ability to do so.
Since I wanted to provide encrypted traffic in this awesome website, I needed a certificate from an authority modern browsers trust. I did this by installing Certbot in the Pi, a client implementation of the ACME protocol and had it running from time to time to make sure I have a valid certificate from the guys at Let's Encrypt.
My ISP provides a dedicated public IPv4 address to my home, which is again fortunate. It is not mine though, nor I have any guarantees on its stability. At any second I can get attributed a different IP so we have to get crafty here. I use Gandi as both my DNS registrar and name servers. They conveniently provide an endpoint to get my current home IP as an API to change DNS entries if necessary. This plus a cronjob get the work done.
My ISP's kindness in allowing me to have an internet reachable address listening for TCP traffic is what made this possible and is something I'm not comfortable in taking for granted. I haven't thought about the topic of freedom when it comes to internet access though, maybe some other day.
The amount of knowledge, time and resources that takes to do something like this is simply prohibitive for the vast majority of the population. Going though it just made it clearer to me that, unless something fundamental changes, centralization and full loss of individual freedom is the future of the web.