FrankenPHP is a “modern application server for PHP built on top of the Caddy web server”, which in its simplest form lets you serve PHP apps without the nginx/apache config salad you may be used to. Here’s how to set it up as a service on Debian.

This post is about multiple components involved in deploying FreeBSD to a VMware environment. Since there are many moving parts this may also be interesting in general to anyone doing “infrastructure as code” and cloud deployments, the process is quite similar for Linux.

On newer versions of Debian and Ubuntu, the way repos are authenticated through public keys has changed somewhat. Here’s what I’ve found.

Wildcard certificates are really useful, especially in cases where you are using a load balancer like HAProxy that targets multiple backends serving separate subdomains.

VLC has always been a great piece of software, but one place where is really shines is on iOS/tvOS since it allows you to play pretty much any video file, and you can send that file over curl.

Not all devices are capable of handling captive portals. Problematic devices usually include older hardware with outdated browsers, such as “smart” TVs, gaming consoles and the like.

Ubuntu makes it very easy to set up full disk encryption, but it requires you to wipe the entire disk if you want the wizard to do it for you, so this is how you can set it up manually.

While Linux Unified Key Setup — LUKS — is mostly used to encrypt entire disks under Linux, it can also be used to easily create an encrypted file container. This can be used as an alternative to encrypting something like a .tar.gz file directly, and will be easier to mount and read, without having to write decrypted data to disk.

This page is a collection of useful commands or one-liners collected through the years. They are sorted in general categories, but I’ve attempted to describe them as well as I can so hopefully CTRL+F will work decently if you know what you’re looking for.

fail2ban is commonly used to take a certain action, such as automatically blocking an IP, after repeated authentication failures or other generally bad behavior against applications, as detected by regex matching against log output.