NGINX will soon be able to use the ACME protocol to automatically get and renew SSL certificates. This seems like it has been a long time coming, as it's just now in a preview release. Apache's stable release has been able to do it for a while.
Makes configuring SSL simple by enabling a whole set of security policy directives in one command.
Apache includes policies from the Mozilla organization, including the most secure option: "modern"
2025-07-29 update: SSLPolicy is only in Apache 2.5.0 or later. It's currently not even in Debian Sid :-(
I've been trying to decide if I want to move my small dynamic websites to a VPS from Heroku or just use simple PHP and basic web hosting. My main problem with VPS is I don't want to deal with maintaining it. Simple monitoring like updown.io or Uptime Robot hooked up to email could help.
Tutorials and instructions usually recommend dd over cp for copying disc images to devices (like USB sticks). It seems that this is mostly superstition.
The main benefit is that dd lets you specify the block size used for copying, but cp automatically selects the block size at least as well as I would.
The other benefit of dd is a progress display. Piping the output of the pv command to the destination disc may be a better option.
A really nice explanation of how to use SystemD timers to replace cron.
Declarative tool for creating virtual machine images. This way you can bake all of the installed software into an image, rather than having to provision once a virtual machine boots.
This plus it's parent Terraform (open source version: OpenTofu) seem to be the best way to do infrastructure as code, at least at a certain scale.
A similar tool, for bare metal, is goldboot
Think
ansiblebut Python instead of YAML, and a lot faster.
This seems more up my alley than ansible.
For a server or two, I'm not sure if this is the way to go or something more complicated like Packer
Apache's built-in mod_md can handle automatic retrieval and renewal of Let's Encrypt certificates (or similar with ACME) without external software. Convenient!
This technique lets you boot your broken installation with a live USB disc, then use chroot to switch the running Linux over to the broken installation. You can then run package manager commands, etc.
arch-chroot is a script that does all of the steps for you and is even available on Debian.
systemd-nspawn can be used in a similar way:
systemd-nspawn --directory /tmp/target-rescue --boot -- --unit rescue.targetIt is usually used as a light weight host virtualization technique, and is new to me!
Borg seems like the best open source backup solution right now. It deduplicates chunks of data within files across multiple backups, saving a lot of space. Encryption and compression are also supported.
It only works locally or over SSH, and doesn't work on Windows. I wish it had support for parity so it could recover from a bit of storage corruption.
File copy/sync/move to and from the cloud, and even between clouds.
It works with S3 and similar, but also OneDrive, Dropbox, Google Drive, FTP, and SFTP.
Rsync for the cloud sounds useful, as well as copy and move. Two-way sync, bisync, sounds like a mess waiting to happen.