Internal Documentation

Infrastructure Hub

Centralized snippets for daily server operations.

About This Space

This page acts as an immutable fallback for system administration. Designed to be a single static HTML file with zero external dependencies, ensuring it loads instantly even in restricted network environments.

Stack Preference

Most notes here apply to Debian 12+ and Ubuntu 24.04 LTS environments. Emphasizing default native tools (systemd, ufw, journalctl, rsync) to minimize dependency footprint.

Cheat Sheet

File Management

Search, compress, sync, and manage permissions.

Searching & Filtering

Locate config files, ignoring permission denied errors:

find /etc -name "*.conf" 2>/dev/null

Find text inside files recursively:

grep -rnw '/var/www/' -e "database_url"

Rsync Backup

Sync a local directory to a remote server securely:

rsync -avzP --delete /local/dir/ user@server:/remote/dir/

Archiving (Tar)

Pack an entire directory into a compressed tarball:

tar -czvf backup-2026.tar.gz /var/www/html

Extract to specific directory:

tar -xzvf archive.tar.gz -C /target/path

Ownership & Chmod

Standardizing web directory permissions:

chown -R www-data:www-data /var/www
find /var/www -type d -exec chmod 755 {} \;
find /var/www -type f -exec chmod 644 {} \;
Cheat Sheet

Processes & Logs

Monitoring resources, cron jobs, and querying journals.

Journalctl (Logs)

Tailing logs for a specific service in real-time:

journalctl -u nginx.service -f --no-pager

Show logs from the current boot, filtered by errors:

journalctl -b -p err

Systemctl (Daemons)

Reload daemon after changing unit files:

systemctl daemon-reload
systemctl enable --now docker

Resource Monitoring

View human-readable disk space and memory:

df -hT
free -mh
htop # if installed, better than top

Cron Jobs

Edit crontab for current user (`crontab -e` format):

# Min Hour Day Month Weekday Command
0 3 * * * /path/to/backup.sh > /dev/null 2>&1
Cheat Sheet

Network & UFW

Firewall rules, port routing, and socket tracking.

UFW Hardening

The standard drop-everything-except-web approach:

ufw default deny incoming
ufw default allow outgoing
ufw allow 22/tcp
ufw allow 80,443/tcp
ufw enable

Active Sockets

View which daemons are currently listening:

ss -tulpn | grep LISTEN

DNS & Curl

Check DNS resolution and headers:

dig +short google.com
curl -I https://example.com
Containers

Docker & Compose

Container lifecycle and environment cleanup.

Lifecycle

Get a bash shell inside a running container:

docker exec -it <container_name> /bin/bash

View container logs:

docker logs -f --tail 100 <container_id>

Docker Compose

Start stack detached and rebuild if necessary:

docker-compose up -d --build

Stop and remove networks/volumes:

docker-compose down -v

Cleanup (Prune)

Nuke all unused containers, networks, and dangling images:

docker system prune -a --volumes -f
Web

Nginx & SSL

Reverse proxy configurations and certbot.

Reverse Proxy Block

Standard snippet to pass traffic to a local app (Node/Python):

location / {
    proxy_pass http://127.0.0.1:3000;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
}

Certbot (Let's Encrypt)

Issue a new SSL certificate automatically for Nginx:

certbot --nginx -d example.com -d www.example.com

Test auto-renewal process:

certbot renew --dry-run
Data

Databases

PostgreSQL, MySQL, and Redis cheat codes.

PostgreSQL

Dump a database to a file:

pg_dump -U username dbname > backup.sql

Restore from a dump:

psql -U username -d dbname < backup.sql

MySQL / MariaDB

Export database with routines and triggers:

mysqldump -u root -p --routines dbname > db.sql

Redis

Clear all keys in all Redis databases (danger):

redis-cli FLUSHALL
Code

Git Versioning

Fixing mistakes and managing branches.

Undoing Mistakes

Discard all local changes and match the remote exactly:

git fetch origin
git reset --hard origin/main

Undo the last commit but keep the changes in staging:

git reset --soft HEAD~1

History & Cleanup

Beautiful, colorful Git log tree:

git log --oneline --graph --all

Remove local branches that were deleted on remote:

git fetch -p
Security

Security & SSH

Key management and intrusion prevention.

Ed25519 Keys

Generate a modern, highly secure SSH keypair:

ssh-keygen -t ed25519 -a 100 -C "admin@node"
ssh-copy-id -i ~/.ssh/id_ed25519.pub user@ip

sshd_config Defaults

Mandatory security rules for /etc/ssh/sshd_config:

PermitRootLogin no
PasswordAuthentication no
X11Forwarding no
MaxAuthTries 3

Fail2Ban

Check the status of the SSH jail (banned IPs):

fail2ban-client status sshd

Unban an IP manually:

fail2ban-client set sshd unbanip 192.168.1.1