Marc JESTIN's Blog

Preventing sleep and suspension on a Debian server

Sat, 09 May 2026 00:00:00 +0000

Hello,

A server must be available 24 hours a day and obviously should not go to sleep, especially if we don’t have the tools to “wake it up.”

By default, or following the installation of certain packages, a Debian distribution may retain power-saving settings. The result: our machine “falls asleep” after a period of inactivity, and we can no longer access it remotely. ¹

This is particularly true for systems installed in a Desktop version (i.e., with a desktop manager like GNOME or others).

Using ACLs for Advanced File and Directory Permissions in Debian

Sat, 09 May 2026 00:00:00 +0000

Hello,

We often find ourselves working in directories where multiple users “clash” with one another.

A common example is when we need to clear caches generated by web server components. We then run into ownership and permission issues.

Usually, we rely on “bad good solutions”, such as:

Adding our user to a group it doesn’t truly belong to.
Creating custom sudo rules (which often end up being too broad, creating a significant security loophole).

Managing ACLs in Debian allows us to handle this very simply.

How to disable sudo in Debian

Fri, 08 May 2026 00:00:00 +0000

Hello,

Security Best Practices
#

A secure machine is one where just anyone cannot do just anything.

A secure machine requires logging into an account with elevated privileges to perform administrative tasks.

This can be the root account itself or other specific accounts, but it should not be just any user account, even if it belongs to the owner of the machine.

How to remove sudo privileges from a user in Debian

Fri, 08 May 2026 00:00:00 +0000

Hello,

Security Best Practices
#

A secure machine is one where just anyone cannot do just anything.

A secure machine requires logging into an account with elevated privileges to perform administrative tasks.

This can be the root account itself or other specific accounts, but it should not be just any user account, even if it belongs to the owner of the machine.

Let's Encrypt caught in the Friday night maintenance syndrome

Fri, 08 May 2026 00:00:00 +0000

Hello,

While I was getting ready to deploy a new service to visualize my traffic statistics, I briefly thought I had broken my NPM (Nginx Proxy Manager) configuration. Indeed, I was getting some rather vague errors and, when checking the ad hoc folder, I couldn’t see any new directory for the key and certificate I was trying to obtain.

It was only after checking the Docker container logs that I realized the problem wasn’t on my end.

Free at last

Tue, 05 May 2026 00:00:00 +0000

Hello,

I can now officially announce it: I have crossed the Rubicon of self-hosting—the act of hosting one’s own server(s) and/or Internet service(s) at home for ALL my Internet tools.

For several years, I had been experimenting and testing various solutions to host services on dedicated servers or directly at home. Some of my customers have used some of them.

I would regularly reopen the file as the anniversary date of my hosting contract approached for the email and web servers.

Veni, vidi, abii

Tue, 05 May 2026 00:00:00 +0000

Hello,

Yesterday and last night, I installed a glitch-soc Mastodon instance on my server.

It wasn’t exactly a walk in the park, but I eventually got it done.

I took the opportunity to learn and to uncover a few flaws, if not bugs, in Dokploy.

Learning and Know-how
#

I only deployed this tool to learn how to do it.

De Profundis

Mon, 04 May 2026 00:00:00 +0000

Hello,

Orion and I once again crossed paths with that lady and her dog, which clearly suffers from a behavioral disorder.

I fear the dog isn’t the only one exhibiting behavioral issues…

Initial Aggressions
#

This dog has already charged Orion in aggressive mode several times.

The first time it happened, Orion and I were playing peacefully, as we usually do during our walks on a path between the fields. I was throwing the ball and Orion was fetching it. This dog came out of nowhere from behind us, running at full speed. It headed straight for Orion and attacked him for the first time.

Webhooks & CI/CD: When Dokploy and Gitea refuse to talk to each other

Mon, 04 May 2026 00:00:00 +0000

Hello,

I struggled a bit to get my workflow running for automating updates to this blog when I push to the main branch of my repository on my Gitea server.

The Challenge: Automating Deployment
#

The goal was simple: use Gitea Actions so that every git push automatically triggers a container update for my site on my Dokploy instance.

My First Post

Sun, 03 May 2026 00:00:00 +0000

Hello and welcome to this new blog.

I chose to use the Hugo content management engine and static site generator, paired with Caddy.

Everything is deployed within a Docker infrastructure managed by Dokploy. In this setup, Caddy is used solely for the rapid rendering of static pages.

The server’s reverse proxy is Traefik.

I still haven’t managed to get my gitea actions running correctly for automatic updates upon commit, but that should be fixed soon. 😉

Marc JESTIN's Blog

Preventing sleep and suspension on a Debian server

Using ACLs for Advanced File and Directory Permissions in Debian

How to disable sudo in Debian

Security Best Practices #

How to remove sudo privileges from a user in Debian

Security Best Practices #

Let's Encrypt caught in the Friday night maintenance syndrome

Free at last

Veni, vidi, abii

Learning and Know-how #

De Profundis

Initial Aggressions #

Webhooks & CI/CD: When Dokploy and Gitea refuse to talk to each other

The Challenge: Automating Deployment #

My First Post

Security Best Practices
#

Security Best Practices
#

Learning and Know-how
#

Initial Aggressions
#

The Challenge: Automating Deployment
#