Tutorials

Docker Linux Nginx Security Networking Self-hosting Web Server Reverse Proxy VPS Debian Ubuntu Firewall Virtual Hosts BGP RPKI BIRD2 FRRouting VyOS Anycast SSH Fail2Ban n8n Docker Compose PostgreSQL Workflow Automation SSL TLS Let's Encrypt Certbot HTTPS tmux Terminal VPS Administration Claude Code AI Tools RIPE NCC UFW iptables GNU Screen Terminal Multiplexer Screen Session Webhooks Self-Hosted proxy_pass WebSocket Ollama AI Agents MCP sshd_config Ed25519 Rootless Docker Seccomp AppArmor Containers OpenClaw Hermes Agent Routing IPv6 systemd FRR TypeScript Node.js ROA Routinator AI Agent Telegram Vim Text Editor Server Administration AIOps Observability Monitoring SigNoz Grafana Langfuse Prometheus IP Transit Production Logging Disk Management OpenObserve OpenTelemetry Datadog Alternative GDPR nftables Loki Promtail LogQL Claude AI Workflows LangChain Backup MySQL S3 Rclone Cron Python Log Analysis Discord Slack Disaster Recovery Traefik Caddy WireGuard Tailscale VPN Headscale Alertmanager Self-Healing Performance Zero Downtime GitHub Actions AI Code Review Gemini CI/CD Rate Limiting DDoS Protection BIND9 DNS High Availability Privacy Vaultwarden Password Manager BGPalerter Plakar Encryption Deduplication Immich Photo Management Google Photos Alternative Replication Offsite Backup Paperless-ngx Document Management OCR Gitea Git Plausible Analytics ClickHouse Uptime Kuma Beszel Hardening Failover Multihoming BFD LLM Observability DeepEval Windows Server Veeam Migration Bare Metal Restore VirtIO P2V

Tutorial

Debian Ubuntu Hardening

Nginx Security Hardening on Ubuntu and Debian

Harden Nginx beyond its defaults with security headers, TLS 1.3, HSTS, method restrictions, and access controls. Each directive is tied to the specific attack it prevents.

11 min readRead →

Tutorial

VPS Security Linux

How to Set Up a Linux VPS Firewall with UFW and nftables

Configure a default-deny firewall on your Linux VPS using either UFW or nftables. Two paths, one goal: only the ports you choose stay open.

14 min readRead →

Tutorial

Security Debian Ubuntu

WireGuard and Tailscale VPN on a Linux VPS

Set up WireGuard from scratch or deploy Tailscale for managed VPN access on Ubuntu 24.04 and Debian 12, with DNS leak prevention, PreSharedKey hardening, and a neutral comparison including Headscale.

17 min readRead →

Tutorial

Webhooks Security Let's Encrypt

Secure n8n with Nginx Reverse Proxy, TLS, and Security Headers

Put your self-hosted n8n behind Nginx with Let's Encrypt TLS, security headers, rate limiting, firewall rules, and webhook protection. Every step includes a verification command.

13 min readRead →

Tutorial

VPS Containers AppArmor

Docker Security Hardening: Rootless Mode, Seccomp, AppArmor on a VPS

Seven hardening layers for Docker on a VPS. Each section explains the threat, shows the fix with CLI and Compose syntax, and verifies it works.

14 min readRead →

Tutorial

Self-hosting Fail2Ban Security

Self-Host Vaultwarden on a VPS with Docker Compose

Deploy a hardened Vaultwarden password manager on your VPS. Covers Docker Compose with read-only containers, fail2ban, SMTP for 2FA, backup and restore, and emergency access.

12 min readRead →

Tutorial

Fail2Ban DDoS Protection Rate Limiting

Nginx Rate Limiting and DDoS Protection

Configure Nginx rate limiting with limit_req, limit_conn, and fail2ban to protect your server from brute-force attacks and application-layer DDoS without relying on third-party services.

10 min readRead →

Tutorial

Ubuntu Debian UFW

Install and Configure Fail2Ban on a Linux VPS

Set up Fail2Ban to block brute-force attacks on SSH and Nginx. Covers UFW and nftables ban actions, custom jails, recidive escalation, and filter testing on Ubuntu 24.04 and Debian 12.

12 min readRead →

Tutorial

Monitoring Linux Firewall

Secure Your AI Agent Server: Sandboxing, Firewalls, and Monitoring

AI agents execute arbitrary actions, consume unpredictable resources, and process untrusted input by design. This guide maps each threat to a concrete Linux control.

12 min readRead →

Tutorial

OpenClaw Docker Security

Deploy OpenClaw Securely on a VPS

Install and lock down OpenClaw on a VPS with gateway authentication, TLS reverse proxy, Docker sandboxing, firewall hardening, and systemd isolation. Step-by-step with security hardening included.

14 min readRead →

Tutorial

Nginx SSL TLS

Set Up Let's Encrypt SSL/TLS for Nginx on Debian 12 and Ubuntu 24.04

Obtain and auto-renew free TLS certificates with Certbot for Nginx on Debian 12 or Ubuntu 24.04. Covers DNS setup, Certbot installation, HTTP-to-HTTPS redirect, TLS hardening, HTTP/2, HSTS, and the OCSP discontinuation.

11 min readRead →

Tutorial

Docker UFW iptables

Fix Docker Bypassing UFW: 4 Tested Solutions for Your VPS

Docker manipulates iptables directly and ignores UFW rules. Your container ports are exposed to the internet even with ufw deny active. Here are four solutions with tradeoffs, each verified by scanning from an external host.

11 min readRead →

Tutorial

SSH Security Linux

SSH Hardening on a Linux VPS: Complete sshd_config Security Guide

Lock down SSH on your Debian 12 or Ubuntu 24.04 VPS. Ed25519 key generation, sshd_config hardening, ProxyJump bastion setup, cipher hardening, and ssh-audit verification. Tested on Debian 12 and Ubuntu 24.04.

11 min readRead →