Backup and Disaster Recovery
Automate backups, test restores, and build a disaster recovery runbook for your VPS.
Security
Monitoring, Alerting, and Incident Response
Set up lightweight monitoring and alerting for a solo-developer VPS, plus a post-incident checklist.
Automated Patching and Server Maintenance
Configure automatic security patches, detect stale services with needrestart, and keep logs and Docker images from filling your disk.
Secrets, Certificates, and Credential Rotation
Manage .env files, encrypt secrets with Ansible Vault, and rotate credentials without downtime.
Kernel and Systemd Service Hardening
Tune kernel parameters with sysctl and sandbox services with systemd to reduce your VPS attack surface.
Caddy Hardening: Security Headers and Rate Limiting
Add security headers, rate limiting, and server identity removal to your Caddy configuration.
Docker Security on a Shared VPS
Why Docker bypasses your UFW rules, how to fix it, and container hardening practices that matter on a shared VPS.
UFW, fail2ban, and Banning Repeat Offenders
Configure UFW rules, build a fail2ban jail for Caddy access logs, and escalate bans for repeat offenders with the recidive jail.
SSH Hardening: Ed25519 Keys and Disabling Root Login
Lock down SSH access with ed25519 keys, disable root login, and remove unused authentication methods.
Provision an Ubuntu VPS and Create a Deploy User
Set up a DigitalOcean droplet from scratch: first SSH connection, deploy user, UFW baseline, and unattended upgrades.