About This Space
This page acts as an immutable fallback for system administration. Designed to be a single static HTML file with zero external dependencies, ensuring it loads instantly even in restricted network environments.
Centralized snippets for daily server operations.
This page acts as an immutable fallback for system administration. Designed to be a single static HTML file with zero external dependencies, ensuring it loads instantly even in restricted network environments.
Most notes here apply to Debian 12+ and Ubuntu 24.04 LTS environments. Emphasizing default native tools (systemd, ufw, journalctl, rsync) to minimize dependency footprint.
Search, compress, sync, and manage permissions.
Locate config files, ignoring permission denied errors:
find /etc -name "*.conf" 2>/dev/null
Find text inside files recursively:
grep -rnw '/var/www/' -e "database_url"
Sync a local directory to a remote server securely:
rsync -avzP --delete /local/dir/ user@server:/remote/dir/
Pack an entire directory into a compressed tarball:
tar -czvf backup-2026.tar.gz /var/www/html
Extract to specific directory:
tar -xzvf archive.tar.gz -C /target/path
Standardizing web directory permissions:
chown -R www-data:www-data /var/www
find /var/www -type d -exec chmod 755 {} \;
find /var/www -type f -exec chmod 644 {} \;
Monitoring resources, cron jobs, and querying journals.
Tailing logs for a specific service in real-time:
journalctl -u nginx.service -f --no-pager
Show logs from the current boot, filtered by errors:
journalctl -b -p err
Reload daemon after changing unit files:
systemctl daemon-reload
systemctl enable --now docker
View human-readable disk space and memory:
df -hT
free -mh
htop # if installed, better than top
Edit crontab for current user (`crontab -e` format):
# Min Hour Day Month Weekday Command
0 3 * * * /path/to/backup.sh > /dev/null 2>&1
Firewall rules, port routing, and socket tracking.
The standard drop-everything-except-web approach:
ufw default deny incoming
ufw default allow outgoing
ufw allow 22/tcp
ufw allow 80,443/tcp
ufw enable
View which daemons are currently listening:
ss -tulpn | grep LISTEN
Check DNS resolution and headers:
dig +short google.com
curl -I https://example.com
Container lifecycle and environment cleanup.
Get a bash shell inside a running container:
docker exec -it <container_name> /bin/bash
View container logs:
docker logs -f --tail 100 <container_id>
Start stack detached and rebuild if necessary:
docker-compose up -d --build
Stop and remove networks/volumes:
docker-compose down -v
Nuke all unused containers, networks, and dangling images:
docker system prune -a --volumes -f
Reverse proxy configurations and certbot.
Standard snippet to pass traffic to a local app (Node/Python):
location / {
proxy_pass http://127.0.0.1:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
Issue a new SSL certificate automatically for Nginx:
certbot --nginx -d example.com -d www.example.com
Test auto-renewal process:
certbot renew --dry-run
PostgreSQL, MySQL, and Redis cheat codes.
Dump a database to a file:
pg_dump -U username dbname > backup.sql
Restore from a dump:
psql -U username -d dbname < backup.sql
Export database with routines and triggers:
mysqldump -u root -p --routines dbname > db.sql
Clear all keys in all Redis databases (danger):
redis-cli FLUSHALL
Fixing mistakes and managing branches.
Discard all local changes and match the remote exactly:
git fetch origin
git reset --hard origin/main
Undo the last commit but keep the changes in staging:
git reset --soft HEAD~1
Beautiful, colorful Git log tree:
git log --oneline --graph --all
Remove local branches that were deleted on remote:
git fetch -p
Key management and intrusion prevention.
Generate a modern, highly secure SSH keypair:
ssh-keygen -t ed25519 -a 100 -C "admin@node"
ssh-copy-id -i ~/.ssh/id_ed25519.pub user@ip
Mandatory security rules for /etc/ssh/sshd_config:
PermitRootLogin no
PasswordAuthentication no
X11Forwarding no
MaxAuthTries 3
Check the status of the SSH jail (banned IPs):
fail2ban-client status sshd
Unban an IP manually:
fail2ban-client set sshd unbanip 192.168.1.1