Security

Any server with SSH exposed to the internet will see constant brute-force login attempts. fail2ban is a simple, effective way to deal with them. Installation apt update && apt install -y fail2ban Configuration Never edit /etc/fail2ban/jail.conf directly — it gets overwritten on updates. Create a local override: cat > /etc/fail2ban/jail.local << EOF [sshd] enabled = true port = 22 logpath = /var/log/auth.log maxretry = 3 bantime = 7200 findtime = 600 EOF This configuration: ...

Managing SSL certificates manually is tedious and error-prone. Here’s how I set up fully automated certificate management using acme.sh with Cloudflare DNS validation. Why acme.sh + DNS-01? No port 80 required: DNS-01 validation doesn’t need a running web server or open HTTP port Wildcard support: Can issue *.example.com certificates Cloudflare integration: API-based, fully automated Lightweight: Pure shell script, no dependencies Installation curl https://get.acme.sh | sh -s email=you@example.com source ~/.bashrc Cloudflare API Token Create a token at Cloudflare Dashboard with these permissions: ...