Topics
- Reverse proxy — routing rules, upstream health checks, safe defaults.
- TLS — certificate rotation, baseline validation, client compatibility checks.
- Containers — compose layouts, volumes, backups, restart strategies.
- Monitoring — minimal logs, status checks, and operational notes.
Operational principles
- Keep public surface area minimal.
- Prefer static content for public pages.
- Expose internal endpoints only when required.
- Backups are validated periodically.
Notes are updated irregularly and reflect real maintenance work.