Infrastructure tutorials
Production-grade guides for Linux, servers, security and performance. Copy-paste commands, multi-distro support, written by engineers who run this in production.
Browse by topic
Linux
System administration, shell scripting, package management
Hosting & Servers
Web servers, reverse proxies, SSL, domains
Security
Firewalls, hardening, encryption, access control
Performance
Caching, optimization, profiling, load testing
Databases
MySQL, PostgreSQL, Redis, backups, replication
Networking
DNS, load balancing, VPN, TCP/IP, routing
DevOps
CI/CD, Docker, Kubernetes, automation
Monitoring
Logging, alerting, metrics, observability
Most viewed
Install and configure Deno for web development with systemd and reverse proxy
hostingInstall and configure Caddy web server with automatic HTTPS and reverse proxy
hostingInstall and configure Ollama for local AI models on Linux servers
devopsInstall and configure Uvicorn ASGI server with systemd and reverse proxy for FastAPI applications
hostingInstall and configure Uptime Kuma for website monitoring with SSL and email alerts
monitoringRecently published
Setup Node.js error tracking with Sentry for production monitoring and debugging
monitoringImplement Node.js application monitoring with Prometheus metrics and Grafana dashboards
monitoringImplement OSPF multi-area design with FRRouting and advanced routing policies
networkingConfigure Istio security policies with external authorization services integration
securityImplement Docker network security with custom bridge networks and container isolation
securityImplement Tailscale OAuth integration with identity providers for enterprise authentication
Configure Tailscale with enterprise identity providers including SAML and OIDC authentication, implement access control policies, and manage users across distributed teams for secure zero-trust networking.
Implement network monitoring with SNMP and BGP metrics using FRRouting and Prometheus
Set up comprehensive network monitoring with SNMP daemon, FRRouting BGP metrics, and Prometheus collection for real-time infrastructure visibility and alerting.
Configure Caddy 2 with Docker containers and automatic SSL certificates
Set up Caddy 2 as a reverse proxy using Docker with automatic Let's Encrypt SSL certificates. Deploy containerized web applications behind Caddy with zero-downtime SSL management and built-in load balancing.
Implement Caddy 2 rate limiting and DDoS protection with advanced security rules
Configure Caddy 2 web server with comprehensive rate limiting, request throttling, and DDoS protection using built-in security modules and advanced filtering rules.
Implement Linux security hardening with CIS benchmarks and automated compliance scanning
Harden your Linux systems using CIS benchmarks with automated compliance scanning and continuous monitoring. Learn to implement security controls for filesystem permissions, user authentication, network policies, and maintain ongoing compliance with industry standards.
Integrate WireGuard VPN server with LDAP authentication for enterprise user management
Configure WireGuard VPN server to authenticate users against LDAP directory services like Active Directory. Automate client certificate management and implement centralized user access control for enterprise environments.
Set up GitLab container registry mirror and proxy cache for improved performance
Configure GitLab's built-in container registry as a mirror and proxy cache to reduce Docker Hub rate limits, speed up image pulls, and improve CI/CD pipeline performance across your organization.
Configure custom Grafana plugins for specialized monitoring requirements
Build custom Grafana data source and panel plugins from scratch, then deploy them securely in production environments with proper authentication and access controls.
Implement Kubernetes network policies with Calico for microsegmentation
Configure Calico CNI to enforce network policies for pod-to-pod traffic control and namespace isolation. This tutorial covers advanced microsegmentation patterns, ingress/egress rules, and policy monitoring for production Kubernetes security.
Configure Apache Airflow DAG security and secrets management with RBAC policies and encryption
Implement comprehensive security for Apache Airflow DAGs using role-based access control, HashiCorp Vault integration, and encrypted secrets management. Configure granular permissions, audit logging, and isolation policies for production workflows.
Configure Podman secrets management with HashiCorp Vault integration
Set up secure container secrets management by integrating Podman with HashiCorp Vault. Configure dynamic secret injection, automated rotation, and production-ready monitoring for containerized applications.
Set up Prometheus and Grafana monitoring stack with Docker Compose
Deploy a complete monitoring solution using Prometheus for metrics collection and Grafana for visualization with Docker Compose. This setup provides comprehensive system monitoring, alerting capabilities, and customizable dashboards.
Need help?
Don't want to manage this yourself?
We handle infrastructure for businesses that depend on uptime. From initial setup to ongoing operations.
Talk to an engineer