Infrastructure tutorials
Production-grade guides for Linux, servers, security and performance. Copy-paste commands, multi-distro support, written by engineers who run this in production.
Browse by topic
Linux
System administration, shell scripting, package management
Hosting & Servers
Web servers, reverse proxies, SSL, domains
Security
Firewalls, hardening, encryption, access control
Performance
Caching, optimization, profiling, load testing
Databases
MySQL, PostgreSQL, Redis, backups, replication
Networking
DNS, load balancing, VPN, TCP/IP, routing
DevOps
CI/CD, Docker, Kubernetes, automation
Monitoring
Logging, alerting, metrics, observability
Most viewed
Install and configure Deno for web development with systemd and reverse proxy
hostingInstall and configure Caddy web server with automatic HTTPS and reverse proxy
hostingInstall and configure Ollama for local AI models on Linux servers
devopsInstall and configure TimescaleDB with PostgreSQL for high-performance time-series data
databasesInstall and configure Uvicorn ASGI server with systemd and reverse proxy for FastAPI applications
hostingRecently published
Configure Consul Connect service mesh monitoring with distributed tracing
monitoringConfigure Kubernetes RBAC with service accounts and cluster roles for secure access control
devopsImplement Deno microservices architecture with service discovery and load balancing
devopsImplement Kubernetes security scanning with Falco and OPA Gatekeeper for runtime protection
securityConfigure OpenTelemetry custom metrics for application monitoring with Prometheus and Grafana
monitoringConfigure Cilium BGP peering with MetalLB integration for Kubernetes load balancing
Set up Cilium CNI with BGP routing capabilities and integrate with MetalLB speaker components for bare-metal Kubernetes load balancing. This configuration enables external traffic routing and service discovery in on-premises environments.
Configure advanced iptables firewall rules with logging, port knocking, and DDoS protection
Build a production-grade iptables firewall with connection tracking, rate limiting, and port knocking. Includes automated DDoS protection, detailed logging, and security hardening for enterprise environments.
Configure WireGuard site-to-site VPN connections with advanced routing and security
Set up secure network-to-network VPN tunnels using WireGuard with advanced routing, firewall rules, and monitoring for connecting multiple office locations or data centers.
Set up SSH bastion host with jump server configuration for secure network access
Configure an SSH bastion host to secure access to private networks, implementing jump server functionality with key-based authentication and access controls for enhanced security.
Configure intrusion detection with OSSEC and Wazuh for real-time security monitoring
Set up comprehensive host-based intrusion detection with OSSEC HIDS and Wazuh manager for real-time security monitoring, file integrity checking, and automated threat response across your infrastructure.
Configure NGINX rate limiting and advanced security rules for DDoS protection
Configure NGINX with comprehensive rate limiting, connection throttling, and advanced security headers to protect your web applications from DDoS attacks and malicious traffic. Learn to implement zone-based rate limiting, geographic blocking, and real-time monitoring for production environments.
Monitor PostgreSQL performance with Prometheus and Grafana dashboards
Set up comprehensive PostgreSQL monitoring using Prometheus PostgreSQL exporter and Grafana dashboards. Configure performance metrics collection, visualization, and alerting for database optimization and troubleshooting.
Set up iptables high availability clustering with keepalived for automatic failover
Configure a highly available firewall cluster using iptables and keepalived with VRRP for automatic failover. Set up rule synchronization between nodes and implement monitoring for production-grade firewall redundancy.
Implement MinIO security hardening with IAM policies and audit logging
Secure your MinIO object storage with comprehensive IAM policies, role-based access control, and audit logging for compliance monitoring. This tutorial covers user management, policy creation, and security validation for production environments.
Set up Open vSwitch 3.3 for advanced virtual machine networking with VLAN and bridge configuration
Configure Open vSwitch 3.3 to create isolated virtual networks for VMs with VLAN tagging, bridge management, and advanced traffic control. Essential for virtualization environments requiring network segmentation and high-performance VM networking.
Configure Linux user and group management with sudo access control
Learn to create and manage Linux users and groups with proper sudo access control, security hardening, and monitoring. This comprehensive guide covers account creation, group membership management, sudo configuration, and security best practices for production environments.
Set up NGINX web application firewall with ModSecurity 3 and OWASP Core Rule Set
Configure a production-grade web application firewall using NGINX with ModSecurity 3 and OWASP Core Rule Set. Includes logging, monitoring, and fail2ban integration for comprehensive threat protection.
Need help?
Don't want to manage this yourself?
We handle infrastructure for businesses that depend on uptime. From initial setup to ongoing operations.
Talk to an engineer