Infrastructure tutorials
Production-grade guides for Linux, servers, security and performance. Copy-paste commands, multi-distro support, written by engineers who run this in production.
Browse by topic
Linux
System administration, shell scripting, package management
Hosting & Servers
Web servers, reverse proxies, SSL, domains
Security
Firewalls, hardening, encryption, access control
Performance
Caching, optimization, profiling, load testing
Databases
MySQL, PostgreSQL, Redis, backups, replication
Networking
DNS, load balancing, VPN, TCP/IP, routing
DevOps
CI/CD, Docker, Kubernetes, automation
Monitoring
Logging, alerting, metrics, observability
Most viewed
Install and configure Deno for web development with systemd and reverse proxy
hostingInstall and configure Caddy web server with automatic HTTPS and reverse proxy
hostingInstall and configure Ollama for local AI models on Linux servers
devopsInstall and configure Uvicorn ASGI server with systemd and reverse proxy for FastAPI applications
hostingInstall and configure Uptime Kuma for website monitoring with SSL and email alerts
monitoringRecently published
Implement enterprise network QoS with Cisco integration using FRRouting and traffic shaping
networkingImplement Kubernetes RBAC with service accounts and role-based access control
devopsConfigure ScyllaDB cluster monitoring with Prometheus and Grafana dashboards
monitoringImplement OpenResty rate limiting and DDoS protection with advanced Lua rules
securityIntegrate ArgoCD with External Secrets Operator for secure Kubernetes secret management
devopsConfigure SSH certificate authentication with CA signing for secure server access
Set up SSH certificate-based authentication using a Certificate Authority to eliminate individual key management. Create signed user certificates that provide secure, scalable access control for multiple servers and users.
Configure SSH two-factor authentication with Google Authenticator TOTP
Add an extra layer of security to SSH logins by requiring both a password and a time-based one-time password (TOTP) generated by Google Authenticator or compatible apps.
Monitor system time drift with Prometheus and Grafana alerts
Set up comprehensive time synchronization monitoring with Prometheus node exporter metrics, Grafana dashboards, and automated alerting to prevent system clock drift issues in production environments.
Implement Tailscale OAuth integration with identity providers for enterprise authentication
Configure Tailscale with enterprise identity providers including SAML and OIDC authentication, implement access control policies, and manage users across distributed teams for secure zero-trust networking.
Configure Kubernetes cluster autoscaler with mixed instance types for cost optimization
Set up Kubernetes cluster autoscaler 1.30 with mixed instance types and spot instances to automatically scale nodes based on demand while minimizing infrastructure costs through intelligent instance selection and workload optimization.
Set up Kubernetes custom metrics autoscaling with Prometheus adapter for application-specific scaling
Configure Prometheus adapter to expose custom application metrics to Kubernetes Horizontal Pod Autoscaler for intelligent scaling based on business metrics like queue depth, response time, and user load instead of basic CPU/memory usage.
Configure ArgoCD with SonarQube quality gates for GitOps deployment validation
Set up automated quality gate validation in ArgoCD using SonarQube webhooks and pre-sync hooks to prevent deployments that fail code quality standards. This integration ensures only code that passes your quality criteria gets deployed to production.
Integrate WireGuard VPN server with LDAP authentication for enterprise user management
Configure WireGuard VPN server to authenticate users against LDAP directory services like Active Directory. Automate client certificate management and implement centralized user access control for enterprise environments.
Setup Tekton Pipelines 0.62 for Kubernetes CI/CD with security scanning integration
Configure Tekton Pipelines for cloud-native CI/CD with automated security scanning, Git webhooks, and production-ready RBAC policies. Build secure container pipelines with integrated vulnerability detection and compliance checks.
Configure AWX backup and disaster recovery procedures with automated PostgreSQL snapshots and restoration
Set up comprehensive backup and disaster recovery for AWX (Ansible Tower) with automated PostgreSQL database snapshots, configuration backups, and tested restoration procedures to ensure business continuity.
Deploy Envoy-based service mesh in Kubernetes production environment with SSL and observability
Set up a production-ready Envoy service mesh in Kubernetes with mutual TLS authentication, SSL certificate management, and comprehensive observability through Prometheus monitoring and distributed tracing.
Configure Spark Kubernetes Operator with MinIO for cloud-native analytics
Deploy Apache Spark on Kubernetes with the Spark Operator and MinIO object storage for scalable big data processing. Configure RBAC, SSL certificates, and persistent storage for production-ready analytics workloads.
Need help?
Don't want to manage this yourself?
We handle infrastructure for businesses that depend on uptime. From initial setup to ongoing operations.
Talk to an engineer