This three-part guide shows three simple steps to increase server security.

There is no security without proper log monitoring, but nobody has time to check all logs all the time. Graylog automates that.

What many do not know is that SystemD offers the possibility to restrict services and very easily displays the exposure level.

OPNsense version of NGINX supports “auth_request” only very limited. 2FA apps like Authelia as authentication provider are not possible behind OPNsense’s NGINX version. Nevertheless, you do not have to do without 2FA completely.

Paperless-ngx does not support a second factor by default. However, with Authelia and a NGINX reverse proxy, this can be retrofitted.

Few know that you can also configure Nextcloud via environment variables. With this possibility you can save the storage of passwords in the Nextcloud config.php.

Two part series: Password security with Hashicorp Vault and Ansible for Docker

Those who want to test APIs usually need passwords or tokens, which almost all API test clients keep plaintext. With Hashicorp Vault as a secret manager, however, you have a way to remedy this deficiency as well.