About

I'm enim. I run my own infrastructure — a single Hetzner VPS in Helsinki, a second box in Frankfurt, a Contabo somewhere quieter — and I write about how to do it without getting pwned.

This blog exists because nine out of ten "self-hosting" tutorials online stop at docker run. They never tell you what to do at 3 a.m. when your reverse proxy is leaking the admin panel to the open internet, or why a hardened SSH config matters less than people think compared to a properly scoped iptables ruleset.

So I write the version I needed.

What you get here

One practical tutorial each week. No "10 things you should know" listicles. Either a step-by-step you can copy-paste, a teardown of something I broke in production, or a CTF write-up that teaches the offensive side of what I'm defending against.

The current topic mix:

• VPS hardening — SSH, firewall, kernel sysctls, unattended-upgrades, fail2ban that actually works
• Self-hosting — Vaultwarden, WireGuard, Gitea, Uptime Kuma, Nginx Proxy Manager. The ones I run, not the ones I read about.
• Docker security — capabilities, user namespaces, secrets, image provenance
• CVE spotlights — when something I run gets a CVE, I write the patch + the lesson
• CTF write-ups — mostly HackTheBox, occasional TryHackMe. The offensive perspective.

Bilingual English + Arabic from Month 4.

What I run

• Hetzner CPX22 in Helsinki — Ghost blog (you're on it), Uptime Kuma, three FastAPI side-tools at tools.byte-guard.net, cve.byte-guard.net, paste.byte-guard.net
• Contabo VPS — n8n automation pipeline, off-site syncthing relay
• Nginx Proxy Manager for SSL, Docker Compose for everything, SQLite when I can get away with it, Postgres when I can't

Full stack writeup: Building ByteGuard. I update it when things change.

What I don't do

• Ship tutorials I haven't run end-to-end on my own machine
• Take sponsorships from companies whose products I haven't paid for personally
• Pretend a tool is enterprise-ready when I just spun it up yesterday
• Use AI to write the body of a post (drafts, outlines, code review — yes; final prose — no)

Affiliate disclosure

If a post links to a VPS provider, hosting service, or privacy product, it may be an affiliate link. Same price for you, small commission to me if you sign up. I only list providers I personally run workloads on. The full disclosure is at /disclosure/.

Get the newsletter

The fastest way to get the next tutorial: drop your email below. You'll get the Server Hardening Checklist (47 steps, 1-page PDF) immediately, then one practical tutorial each week. No spam, unsubscribe with one click.

Reach me

• Mastodon: @[email protected] — fastest reply
• X: @byte_guard_blog
• GitHub: byteguard-blog
• Email: [email protected] (PGP key on the contact page)

If you need a one-off hardening review or Docker setup for your own infra, see /hire/.