How I Set Up Nginx as a Reverse Proxy with SSL Termination

I’ve configured Nginx as a reverse proxy dozens of times, and while the basic setup is always similar, the details — SSL termination, certificate management, header forwarding, timeout settings — are where things get interesting. This is how I approach it, with the reasoning behind each decision. What “SSL Termination at the Proxy” Means The […]

How I Set Up Nginx as a Reverse Proxy with SSL Termination Read Post »

DNS CAA Records: The Underused Security Feature That Controls Who Can Issue Certificates for Your Domain

I discovered CAA records the hard way — reading about a case where a CA mistakenly issued a certificate for a domain they weren’t supposed to. After that, I started adding CAA records to every domain I manage. It takes five minutes and it’s one of those quiet security improvements that nobody notices until something

DNS CAA Records: The Underused Security Feature That Controls Who Can Issue Certificates for Your Domain Read Post »

How to Convert SSL Certificates Between Formats Using OpenSSL

Converting SSL certificates is one of those tasks that looks straightforward until you’re knee-deep in error messages at 11 PM before a deployment. I’ve converted hundreds of certificates across different server setups, and the same situations come up repeatedly: CA sends PEM, server needs PFX. Client needs Java keystore, you only have CRT and KEY

How to Convert SSL Certificates Between Formats Using OpenSSL Read Post »

PostgreSQL Backup and Restore on Linux

Databases are special. Regular file backups don’t work well for PostgreSQL — backing up the data directory while the server is running is likely to give you a corrupt snapshot. You need PostgreSQL-aware tools. Here’s what I actually use for backing up PostgreSQL databases, from simple single-database dumps to continuous archiving. pg_dump — The Standard

PostgreSQL Backup and Restore on Linux Read Post »

Installing and Configuring SSL in Apache: Virtual Hosts, Modules, and Best Practices

Apache’s approach to SSL is fundamentally different from Nginx. Where Nginx has SSL baked in, Apache uses a module system — mod_ssl — that needs to be explicitly enabled. The configuration syntax is also more verbose. That’s not necessarily bad; Apache’s granular configuration options can be very useful. But it means more places where things

Installing and Configuring SSL in Apache: Virtual Hosts, Modules, and Best Practices Read Post »

Understanding TLS Handshake: What Happens When You Connect to HTTPS

Every time you load an HTTPS page, a TLS handshake happens in milliseconds. Most people treat it as a black box — it works or it doesn’t. But understanding what actually happens is useful when you’re debugging TLS errors, optimizing performance, or configuring cipher suites. The Purpose of the Handshake The handshake does three things:

Understanding TLS Handshake: What Happens When You Connect to HTTPS Read Post »

Scroll to Top