online — writing technical things

Security Ops & Infrastructure Engineering

Documenting the real world — NGINX misconfigs, Docker log floods, midnight incident responses, and everything in between.

Read the blog →About me
bash — damon@sec-lab

Featured Posts

all posts →
Featured·10 min read

NGINX Upstream Keepalive Explained: Why Missing It Causes 502 Errors

Missing keepalive in your NGINX upstream block silently kills connections under load. Here's exactly what keepalive does, how TCP connection reuse works, and the production-ready config that stops 502s before they start.

#nginx#infrastructure#production#networking#troubleshooting

November 28, 2024

Featured·11 min read

NGINX 502 Bad Gateway Under Load: Causes, Debugging, and Fixes

NGINX returning 502 Bad Gateway only under high load? This guide covers every root cause — ephemeral port exhaustion, missing keepalive, proxy timeouts, worker limits — with step-by-step debugging commands and production-ready config fixes.

#nginx#debugging#production#troubleshooting#infrastructure

November 14, 2024

Featured·4 min read

Docker Ate My Disk: Fixing Log Rotation Before It Kills Production

How a single verbose container filled a 500GB disk in 72 hours, and the exact daemon.json config that stops it from ever happening again.

#docker#logs#infrastructure#troubleshooting

October 3, 2024

Featured·3 min read

NGINX SSL Hardening: From C Grade to A+ on SSL Labs

A step-by-step walkthrough of the NGINX TLS configuration changes that take you from a mediocre SSL rating to a perfect score — without breaking compatibility.

#nginx#ssl#security#infrastructure

September 20, 2024

Recent Posts

view all →
December 5, 2024·12 min read

Linux TIME_WAIT Explained: Why It Causes Connection Failures and How to Fix It

Linux TIME_WAIT exhausts ephemeral ports and causes ECONNREFUSED under load — even when your app is healthy. Learn what TIME_WAIT is, how to detect port exhaustion with ss and netstat, and the exact sysctl fixes that resolve it.

#linux#networking#troubleshooting#infrastructure#debugging
November 28, 2024·10 min read

NGINX Upstream Keepalive Explained: Why Missing It Causes 502 Errors

Missing keepalive in your NGINX upstream block silently kills connections under load. Here's exactly what keepalive does, how TCP connection reuse works, and the production-ready config that stops 502s before they start.

#nginx#infrastructure#production#networking#troubleshooting
November 14, 2024·11 min read

NGINX 502 Bad Gateway Under Load: Causes, Debugging, and Fixes

NGINX returning 502 Bad Gateway only under high load? This guide covers every root cause — ephemeral port exhaustion, missing keepalive, proxy timeouts, worker limits — with step-by-step debugging commands and production-ready config fixes.

#nginx#debugging#production#troubleshooting#infrastructure
October 3, 2024·4 min read

Docker Ate My Disk: Fixing Log Rotation Before It Kills Production

How a single verbose container filled a 500GB disk in 72 hours, and the exact daemon.json config that stops it from ever happening again.

#docker#logs#infrastructure#troubleshooting
September 20, 2024·3 min read

NGINX SSL Hardening: From C Grade to A+ on SSL Labs

A step-by-step walkthrough of the NGINX TLS configuration changes that take you from a mediocre SSL rating to a perfect score — without breaking compatibility.

#nginx#ssl#security#infrastructure
August 11, 2024·4 min read

Reading Logs Like a Detective: A Field Guide to Incident Triage

The exact commands and mental models I use to go from 'something is wrong' to 'I know exactly what happened' in under 15 minutes.

#logs#debugging#incident#troubleshooting#security-ops

Browse by Topic

#nginx#docker#security#logs#linux#troubleshooting#debugging#monitoring#ssl#firewall