Servicios Rogeliowar

Wazuh SIEM with Docker: complete deployment with SSL and compliance rules

Fri, 22 May 2026 00:00:00 +0000

What is ENS and Why It Matters
#

The National Security Framework (ENS) is the mandatory cybersecurity regulatory framework for Spanish Public Administrations and private companies that provide services to them. It is regulated by the Royal Decree 311/2022 and establishes the principles, requirements, and security measures that must be applied to information systems that handle public data or services.

Connect your mobile to SSH from anywhere with WireGuard and Termius

Tue, 19 May 2026 00:00:00 +0000

The Problem
#

I needed to access my home server via SSH from my mobile phone without exposing it directly to the internet. The obvious options were bad: opening port 22 to the world is suicidal, and trusting third-party apps with root access didn’t convince me. The solution that worked: WireGuard + Termius.

Why This Combination
#

WireGuard is lightweight, fast, and consumes little battery on mobile devices. Termius is a polished SSH client that handles private keys well. Together, you have secure access without complications.

How to Clean Up Exposed Credentials in Git with git-filter-repo and Rotate Tokens

Tue, 19 May 2026 00:00:00 +0000

The Real Problem
#

I recently realized I had pushed a .env file with API credentials to a private repository. Even though it was private, that’s no excuse. A compromised access, a repository that becomes public, or simply a security audit would have exposed my tokens. I learned that I can’t rely on deleting files in subsequent commits—Git keeps all the history.

Migrate Grafana and Listmonk to centralized PostgreSQL in Docker

Tue, 19 May 2026 00:00:00 +0000

The initial problem
#

I had Grafana and Listmonk running in Docker containers, each with its own embedded PostgreSQL instance. This worked, but it was inefficient: two database engines consuming resources and no centralized way to do backups. I decided to consolidate everything into a single shared PostgreSQL instance.

Preparation: setting up central PostgreSQL
#

The first step was to create the PostgreSQL server that would be the central point. I did this with a dedicated docker-compose:

Restic: encrypted backups with deduplication for your Linux server

Mon, 11 May 2026 00:00:00 +0000

I already had backups with rsync and cron, but rsync copies files, not snapshots. If you accidentally delete a file and the backup syncs before you notice, you lose it. Restic solves that and adds something rsync will never provide: AES-256 encryption, deduplication, and snapshots with navigable history.

What makes Restic different
#

Feature	rsync	Restic
AES-256 encryption	No	Yes
Deduplication	No	Yes (block-level)
Navigable snapshots	No	Yes
Multiple backends	No	SFTP, S3, Backblaze, rclone…
Integrity checking	No	`restic check`
Retention policy	Manual	`restic forget --prune`

Deduplication is especially useful for database backups and configuration directories that change little: a Restic repository with 6 months of daily backups usually takes up much less space than 180 full copies.

VPN with Wireguard in Docker: Secure access to internal services without exposing ports

Wed, 06 May 2026 00:00:00 +0000

Why you need this
#

A few months ago I faced a common problem: I wanted to access my internal services (Jellyfin, Home Assistant, etc.) from outside my home, but I didn’t want to expose them directly on the internet. Opening ports is an unnecessary risk. The solution was to set up a VPN with Wireguard in Docker. It was the best decision I made for my home infrastructure.

Monitoring Docker containers with Prometheus and Grafana: automatic alerts at home

Tue, 05 May 2026 00:00:00 +0000

The Problem
#

After spending months running containers on my home server, I got tired of discovering issues when things were already broken. A container consuming all the memory. A volume full with no warning. I needed real visibility into what was happening in my infrastructure.

I decided to implement a monitoring stack with Prometheus and Grafana. Here I document exactly how I did it.

AUTH LOGIN manual in Python with smtplib: special characters and error 535

Mon, 04 May 2026 00:00:00 +0000

The Problem
#

A few days ago I tried to automate sending emails from my home server. Nothing complicated: a Python script with smtplib to send notifications. The problem came when I configured a password with special characters: MiPasw0rd$Ñ.

import smtplib

server = smtplib.SMTP('mail.example.com', 587)
server.starttls()
server.login('usuario@example.com', 'MiPasw0rd$Ñ') # Error 535

Result: SMTPAuthenticationError: (535, b'5.7.8 Authentication credentials invalid')

The strange thing is that the password was correct. I could access it manually without problems. Error 535 suggested authentication failures, but the real problem was in the encoding.

Automatic backups with rsync and cron for home Docker

Mon, 04 May 2026 00:00:00 +0000

The Problem
#

Recently I lost a hard drive without warning. It wasn’t catastrophic because I had backups, but it made me aware that many hobbyists with home servers have no data protection strategy at all. If your Docker server crashes tomorrow, how long would it take you to recover it?

In this article I share how I automated backups of my Docker infrastructure using rsync and cron. It’s simple, efficient, and it works.

Environment variables with special characters in Docker Compose: the dollar sign problem and how to recreate containers

Mon, 04 May 2026 00:00:00 +0000

The Real Problem
#

I’ve been running services on my home server with Docker Compose for months. Recently I tried setting a password with special characters in my .env file. The password was something like Pass$word123!@. When starting the containers, the variable arrived empty or malformed. After investigating, I discovered that Docker Compose was interpreting the $ as a reference to another variable.

Incremental synchronization from SMB with smbprotocol on Linux: NTLM authentication and log control

Mon, 04 May 2026 00:00:00 +0000

The Problem
#

Recently I needed to sync an SMB share from a NAS with my Linux server. The obvious solution would be smbclient or mount -t cifs, but I wanted:

Incremental synchronization (only new or modified files)
Detect files deleted from the share
Control NTLM authentication directly from code
Silence the obscene amount of logs that smbprotocol spits out

The Python smbprotocol library solved all of this, but there’s no documentation on how to do it properly. Here’s my solution.

Smart Excel Import in Python: Flexible Column Detection and Heterogeneous Data Cleaning

Mon, 04 May 2026 00:00:00 +0000

I’ve been working with Excel spreadsheets that arrive from different departments. Each one uses different column names, the data is dirty (phone numbers with notes, tax IDs mixed with text), and codes have inconsistent formats. Here I document the solution I built.

The real problem
#

I was receiving Excel files where:

Columns called “NIF” in one, “CIF” in another, “Identification” in the third
Phone numbers like “123-456-7890 (ext 5)”, “9876543210 - unavailable”
Tax IDs with dashes, spaces and varied letters
Product codes with inconsistent prefixes

I couldn’t expect everyone to format the same way. I needed a system that was flexible.

Systemd timers: the modern cron alternative you needed

Mon, 04 May 2026 00:00:00 +0000

Why I Left Cron
#

I’ve been using cron on my servers for years. It’s simple, reliable, and it works. But recently I discovered systemd timers and I’m not going back. The main reason: integrated logs in journald, no .log files scattered around the system, and better control over what happens when the server starts or reboots.

In my specific case, I had a backup that wouldn’t run if the server was off at the scheduled time. With cron, it simply got lost. With systemd timers and Persistent=true, the task runs as soon as the server boots up.

The hidden cost of --reload in uvicorn: what actually consumes CPU in production

Mon, 04 May 2026 00:00:00 +0000

The Problem Nobody Sees
#

Two months ago I deployed a FastAPI API to production and the server was behaving strangely. CPU stable at 40-50% for no apparent reason. I thought it was a memory leak, that it was the logs, that it was the database. It was --reload.

It turns out that copy-pasting the development command directly into the Docker container is more common than it should be. And yes, uvicorn with --reload works. The server responds. Requests go fast. But there’s a cost you don’t see until you have 10K requests daily.

Hardening Linux servers: practical guide

Fri, 01 May 2026 00:00:00 +0000

Server Security Hardening: Essential Steps
#

Having a server exposed to the Internet without minimal security configuration is leaving the door wide open. In this article, I’ve compiled the steps I apply on my own servers to reduce the attack surface without complicating day-to-day management.

SSH: the first line of defense
#

The SSH service is the most attacked entry point on any Linux server. These are the most important settings in /etc/ssh/sshd_config:

AI Agent with Claude Haiku to Generate Blog Articles from the Terminal

Thu, 30 Apr 2026 00:00:00 +0000

Why Automate Content Generation
#

Writing technical articles takes time. Between server configuration, troubleshooting, and documentation, I find little time to write. So I decided to create an AI agent to help me structure and generate drafts from the terminal.

Claude Haiku is perfect for this: it’s fast, cheap, and works well for text generation tasks. It doesn’t require powerful GPUs. I simply run a script and have an article ready to edit.

CI/CD with local GitLab Runner to automatically deploy a Hugo blog

Thu, 30 Apr 2026 00:00:00 +0000

Introduction
#

Tired of manually deploying my Hugo blog every time I publish an article. I decided to set up a local CI/CD pipeline with GitLab Runner. The result: automatic, reliable, and without depending on external services.

Prerequisites
#

You need:

A server with Docker installed
A repository on GitLab (can be self-hosted or gitlab.com)
Hugo installed locally for testing
SSH access configured on your server

Installing GitLab Runner
#

First, install GitLab Runner on your server. I did it on Docker because I already had the daemon running.

Complete monitoring with Prometheus, Grafana and Loki: metrics, logs and Docker containers

Thu, 30 Apr 2026 00:00:00 +0000

A server without monitoring is a blind server. You don’t know when the disk fills up, which container is consuming too much RAM, or how many 404 requests your web is generating. This article documents how I configured the complete stack: Prometheus + Node Exporter + Grafana + Loki + Promtail.

The architecture
#

[Servidor doméstico]
 ├── node-exporter → métricas del sistema (CPU, RAM, disco, red)
 ├── docker-stats- → métricas de contenedores (textfile collector)
 │ collector
 ├── prometheus → recolecta y almacena métricas
 ├── loki → agrega y almacena logs
 ├── promtail → envía logs de Nginx y syslog a Loki
 └── grafana → dashboards de todo lo anterior

All services run in Docker, coordinated by the same docker-compose.yml.

Configure Traefik v2.11 as a reverse proxy with Docker and automatic HTTPS with Let's Encrypt

Thu, 30 Apr 2026 00:00:00 +0000

Introduction
#

After months of using nginx manually, I decided to switch to Traefik. The reason is simple: managing SSL certificates for each new service is tedious. Traefik automates all of that with integrated Let’s Encrypt. Here’s my actual configuration.

Why Traefik
#

With Traefik you don’t need to reload nginx every time you add a container. It automatically detects Docker services, generates SSL certificates on demand, and redirects traffic. All declarative.

CSS that doesn't fail: common styling mistakes on web pages and how to avoid them

Thu, 30 Apr 2026 00:00:00 +0000

CSS seems simple until something doesn’t work as you expect. You spend hours staring at the browser inspector, change one property, then another, and the problem persists. This article collects the most frequent errors I’ve encountered building this blog, with direct solutions.

The background that disappears when scrolling
#

The problem: The page looks good in the visible area, but when you scroll down a white or unexpected background appears.

Emergency replica: how to have your home server backed up on a VPS

Thu, 30 Apr 2026 00:00:00 +0000

Having a server at home has an obvious weak point: if the power goes out, the router fails, or the disk dies, your website disappears. The solution is to have a replica in the cloud ready to activate in minutes.

The architecture
#

[servidor-casa] → rsync cada 6h → [VPS réplica]
 servicios activos réplica en espera
 TTL DNS: 5 min Uptime Kuma vigilando

The home server pushes content to the VPS every 6 hours. If the server goes down, I change the DNS and in 5 minutes the VPS serves the site.

Fail2ban to protect SSH and Nginx: practical configuration on Ubuntu

Thu, 30 Apr 2026 00:00:00 +0000

The Problem: Brute Force Attacks
#

After exposing my Ubuntu server to the internet, I spent a night reviewing logs. SSH received failed login attempts every second. Nginx also had suspicious requests to common routes. I needed something to block these attempts automatically. Fail2ban was my solution.

Installation
#

sudo apt update
sudo apt install fail2ban
sudo systemctl start fail2ban
sudo systemctl enable fail2ban

Verify that it’s running:

How to index your website in Google Search Console: practical guide with sitemap and domain verification

Thu, 30 Apr 2026 00:00:00 +0000

When I put my first site in production on a home server, I made the mistake of thinking Google would discover it on its own. It didn’t. After a week with no trace in search results, I understood that I needed to be more proactive. Here’s what I learned setting up Google Search Console from scratch.

Why you need Google Search Console
#

Google Search Console is not optional. It’s your direct communication with Google about your site. It shows you indexing errors, security issues, and most importantly: it lets you tell Google exactly which pages to index and when.

How to set up your own web infrastructure at home with Docker and Traefik: from zero to automatic HTTPS

Thu, 30 Apr 2026 00:00:00 +0000

Introduction
#

A few months ago I decided to stop using expensive cloud services and set up my own infrastructure at home. The solution I found was combining Docker with Traefik. It works well and now I have several services running under HTTPS without manually touching a certificate. I’ll tell you how I did it.

What you need
#

A server with Docker installed (any Linux machine with 2GB of RAM is enough). Your own domain. A bit of patience with DNS. That’s it.

Security email notifications from the terminal with msmtp and Gmail

Thu, 30 Apr 2026 00:00:00 +0000

Why you need this
#

When you run a server at home, you need to know if something strange happens. A script that sends you an email when it detects a failed login attempt, an expiring certificate, or a nearly full disk is invaluable. The problem is that your ISP blocks port 25, so you can’t use sendmail directly. That’s where msmtp comes in.

SSH authentication by public key: disable passwords on Ubuntu Server

Thu, 30 Apr 2026 00:00:00 +0000

Why Switch to Key-Based Authentication
#

After months of maintaining a home server with open SSH access, I got tired of brute force password attacks. Switching to public key authentication was the best security decision I made. Keys are mathematically impossible to crack through brute force, while passwords are always a target.

SSH Key Generation
#

First, generate a key pair on your local machine (not on the server):

Static blog with Hugo and Blowfish theme on a home server

Thu, 30 Apr 2026 00:00:00 +0000

I’ve been wanting to document my infrastructure projects better for a while. After trying several options, I decided to set up a static blog with Hugo. The combination of Hugo + Blowfish turned out to be exactly what I needed: fast, clean, and easy to maintain.

Why Hugo and Blowfish
#

Hugo is a static site generator written in Go. It’s incredibly fast and requires no database or complicated dependencies. Blowfish is a modern, minimalist theme that’s well documented. Both work great on a home server with limited resources.

WireGuard VPN: Access your home server from anywhere

Thu, 30 Apr 2026 00:00:00 +0000

One of the classic problems with having a server at home is secure remote access. Opening SSH ports directly to the world is a bad idea — you see it in the auth logs: hundreds of attempts per day. The elegant solution is a VPN, and WireGuard is today’s best available option.

Why WireGuard?
#

Compared to OpenVPN or IPSec:

How This Blog Was Born

Wed, 29 Apr 2026 00:00:00 +0000

This blog was born from a real process.

I had a domain, a home server, and the desire to build something of my own. Instead of following a generic tutorial, I decided to document exactly what I was doing — errors included.

What you’ll find here
#

Articles about what I’m building and learning:

Linux server configuration
Service deployment with Docker
Networks, DNS, and security
Automation and infrastructure

No shortcuts, no simplifications. Real process, documented step by step.

About Me

Thu, 01 Jan 2026 00:00:00 +0000

Hi, I’m Rogelio
#

I’m a sysadmin passionate about real infrastructure: the kind that runs on actual hardware, not just in the cloud. I’ve spent years building and maintaining my own web infrastructure from home, learning along the way everything that courses don’t teach.

What you’ll find here
#

This blog is my public technical notebook. I document what I do, what I break, and how I fix it. No generic examples — everything comes from real cases.

Servicios Rogeliowar

Wazuh SIEM with Docker: complete deployment with SSL and compliance rules

What is ENS and Why It Matters #

Connect your mobile to SSH from anywhere with WireGuard and Termius

The Problem #

Why This Combination #

How to Clean Up Exposed Credentials in Git with git-filter-repo and Rotate Tokens

The Real Problem #

Migrate Grafana and Listmonk to centralized PostgreSQL in Docker

The initial problem #

Preparation: setting up central PostgreSQL #

Restic: encrypted backups with deduplication for your Linux server

What makes Restic different #

VPN with Wireguard in Docker: Secure access to internal services without exposing ports

Why you need this #

Monitoring Docker containers with Prometheus and Grafana: automatic alerts at home

The Problem #

AUTH LOGIN manual in Python with smtplib: special characters and error 535

The Problem #

Automatic backups with rsync and cron for home Docker

The Problem #

Environment variables with special characters in Docker Compose: the dollar sign problem and how to recreate containers

The Real Problem #

Incremental synchronization from SMB with smbprotocol on Linux: NTLM authentication and log control

The Problem #

Smart Excel Import in Python: Flexible Column Detection and Heterogeneous Data Cleaning

The real problem #

Systemd timers: the modern cron alternative you needed

Why I Left Cron #

The hidden cost of --reload in uvicorn: what actually consumes CPU in production

The Problem Nobody Sees #

Hardening Linux servers: practical guide

Server Security Hardening: Essential Steps #

SSH: the first line of defense #

AI Agent with Claude Haiku to Generate Blog Articles from the Terminal

Why Automate Content Generation #

CI/CD with local GitLab Runner to automatically deploy a Hugo blog

Introduction #

Prerequisites #

Installing GitLab Runner #

Complete monitoring with Prometheus, Grafana and Loki: metrics, logs and Docker containers

The architecture #

Configure Traefik v2.11 as a reverse proxy with Docker and automatic HTTPS with Let's Encrypt

Introduction #

Why Traefik #

CSS that doesn't fail: common styling mistakes on web pages and how to avoid them

The background that disappears when scrolling #

Emergency replica: how to have your home server backed up on a VPS

The architecture #

Fail2ban to protect SSH and Nginx: practical configuration on Ubuntu

The Problem: Brute Force Attacks #

Installation #

How to index your website in Google Search Console: practical guide with sitemap and domain verification

Why you need Google Search Console #

How to set up your own web infrastructure at home with Docker and Traefik: from zero to automatic HTTPS

Introduction #

What you need #

Security email notifications from the terminal with msmtp and Gmail

Why you need this #

SSH authentication by public key: disable passwords on Ubuntu Server

Why Switch to Key-Based Authentication #

SSH Key Generation #

Static blog with Hugo and Blowfish theme on a home server

Why Hugo and Blowfish #

WireGuard VPN: Access your home server from anywhere

Why WireGuard? #

How This Blog Was Born

What you’ll find here #

About Me

Hi, I’m Rogelio #

What you’ll find here #

What is ENS and Why It Matters
#

The Problem
#

Why This Combination
#

The Real Problem
#

The initial problem
#

Preparation: setting up central PostgreSQL
#

What makes Restic different
#

Why you need this
#

The Problem
#

The Problem
#

The Problem
#

The Real Problem
#

The Problem
#

The real problem
#

Why I Left Cron
#

The Problem Nobody Sees
#

Server Security Hardening: Essential Steps
#

SSH: the first line of defense
#

Why Automate Content Generation
#

Introduction
#

Prerequisites
#

Installing GitLab Runner
#

The architecture
#

Introduction
#

Why Traefik
#

The background that disappears when scrolling
#

The architecture
#

The Problem: Brute Force Attacks
#

Installation
#

Why you need Google Search Console
#

Introduction
#

What you need
#

Why you need this
#

Why Switch to Key-Based Authentication
#

SSH Key Generation
#

Why Hugo and Blowfish
#

Why WireGuard?
#

What you’ll find here
#

Hi, I’m Rogelio
#

What you’ll find here
#