Notes on code, Linux servers, and infrastructure automation. A place to document
what I learn building and maintaining small-scale systems.
A walkthrough of my approach to quickly securing fresh VPS instances: SSH key-only auth,
fail2ban, unattended upgrades, and a minimal iptables baseline — all from a single script.
When your Go server starts dropping connections under load, the problem isn't always in the code. Here's how kernel socket buffers, SOMAXCONN, and file descriptor limits interact — and what to tune.
I ran both protocols between two datacenters for a month. Latency, throughput, reconnection times, and NAT traversal — here are the numbers and my takeaways for small-team deployments.
Caddy's graceful reload combined with systemd socket activation gives you true zero-downtime deploys without containers. Here's the setup I use for personal projects.
Every time I spin up a new Debian 12 box I go through the same 15-minute routine. Finally wrote it down: apt sources, user setup, firewall, NTP, and the weird resolv.conf quirks.
dig, drill, dog, and kdig — each has a niche. Plus a few one-liners for tracking down stale cache, CNAME chains, and that one nameserver that keeps returning SERVFAIL.
A lightweight alternative to commercial uptime monitors. Runs in Docker, supports push notifications, and handles HTTP/TCP/DNS checks out of the box. Setup notes and Docker Compose included.