Guides for self-hosted infrastructure.
Opinionated walkthroughs for Debian 13 servers on Hetzner and DigitalOcean: security hardening, binary and Docker deployments, monitoring, and more.
Deploy a compiled binary on DigitalOcean Debian 13 (Trixie) with systemd
Go, Rust, or Zig binaries supervised by systemd on DigitalOcean.
Deploy a compiled binary on Hetzner Debian 13 (Trixie) with systemd
Go, Rust, or Zig binaries supervised by systemd on Hetzner.
Deploy a Docker container on DigitalOcean Debian 13 (Trixie) with systemd
Run Docker containers as systemd services on DigitalOcean.
Deploy a Docker container on Hetzner Debian 13 (Trixie) with systemd
Run Docker containers as systemd services on Hetzner.
Harden SSH on a DigitalOcean Debian 13 (Trixie) VPS
Lock down SSH on DigitalOcean Debian 13 (Trixie): admin user, key-only auth, AllowUsers, ufw, cloud firewall, and fail2ban.
Harden SSH on a Hetzner Debian 13 (Trixie) VPS
Lock down SSH on Hetzner Debian 13 (Trixie): admin user, key-only auth, AllowUsers, ufw, cloud firewall, and fail2ban.
Install Docker on DigitalOcean Debian 13 (Trixie)
Upstream-repo Docker install on DigitalOcean Debian 13 (Trixie) with a production daemon.json, log rotation, live-restore, and ufw-docker notes.
Install Docker on Hetzner Debian 13 (Trixie)
Upstream-repo Docker install on Hetzner Debian 13 (Trixie) with a production daemon.json, log rotation, live-restore, and ufw-docker notes.
Set up ufw and the DigitalOcean Cloud Firewall on DigitalOcean Debian 13 (Trixie)
Layered default-deny firewall for DigitalOcean Debian 13 (Trixie): ufw at the host, DigitalOcean Cloud Firewall at the edge, rate-limiting, and the Docker gotcha.
Set up ufw and the Hetzner Cloud Firewall on Hetzner Debian 13 (Trixie)
Layered default-deny firewall for Hetzner Debian 13 (Trixie): ufw at the host, Hetzner Cloud Firewall at the edge, rate-limiting, and the Docker gotcha.