2025-09-03
Swap is virtual memory on disk that saves your VPS from crashing when RAM runs out. On low-cost servers, it’s an indispensable tool to avoid failures during short-term memory usage spikes. Setup is simple: create a file, enable it, and add it to autoload. But remember — it’s insurance, not a replacement for RAM.
Introduction
Modern VPSs are usually provisioned with enough RAM but often without swap (swap file or partition). This is a deliberate choice by providers who want you to quickly upgrade to a more expensive plan.
2025-09-01
AWS Cognito and Microsoft Entra ID: Authentication as Part of the Ecosystem
Introduction
If Auth0 is the “hired expert” for authentication, then AWS Cognito and Microsoft Entra ID are the “system engineers” from tech giants. These services don’t just solve login — they are deeply integrated into their ecosystems and work best when you’re already using the cloud that created them.
AWS Cognito: Authentication for AWS-Native Applications
The Big Promise: AWS claims that Cognito is the “gateway” for your users into AWS. It’s designed to seamlessly integrate with other AWS services, such as Lambda for business logic or API Gateway for building APIs.
2025-08-31
Auth0: Authentication as a Service, or “Just Pay”
Introduction
So far, we’ve discussed solutions that give you full control but demand effort. Auth0 offers a different path: outsourcing authentication entirely. “We’ll handle it for you,” says Auth0 — “just connect to our API.” It’s the perfect choice for those who don’t want to moonlight as DevOps engineers.
The Big Promise
The core message of Auth0 is simplicity. The service promises that you can add user login in minutes without writing a single line of backend code. Its key advantages:
2025-08-30
FreeIPA: The Untamed Titan of Enterprise Identity
Introduction
While Keycloak and FusionAuth focus on the web, FreeIPA operates on a different level. It’s not just an authentication server. It’s an integrated solution for identity management and security policies in UNIX/Linux environments. It’s not designed for quick web app integration but for building centralized access control at an enterprise scale. If your infrastructure consists of many Linux servers, this tool is your ally.
2025-08-29
FusionAuth: Challenging the Giants with an API Focus
Introduction
While Keycloak may feel like a heavyweight titan built for the enterprise world, FusionAuth enters the arena with a much more developer-friendly agenda. This service positions itself as a solution built by developers for developers. It promises to be simple, fast, and most importantly, manageable through a clean, well-structured API. Sounds like a relief after wrestling with complex documentation.
The Big Promise
The core message of FusionAuth is “less configuration, more code.” It promises to save you from wrestling with dozens of XML files and bulky UIs. Instead, you should be able to integrate authentication in just a few hours using only API calls. Its arsenal includes:
2025-08-28
Keycloak: Open Source and Big Ambitions
Introduction
In a world where more and more services outsource user management, Keycloak offers a different path. This project is not just a set of login APIs. It is a full-fledged, self-sufficient authentication server that promises to relieve you from headaches with user management, protocols, and security. At the same time, it remains open source. Sounds like utopia, but let’s take a closer look.
2025-08-27
The Problem with Certificates at Scale
In previous articles, we discussed that OpenVPN uses certificates for authentication. This method is reliable but has significant drawbacks:
- Inconvenience for users: Each user must manually receive and install their own certificate.
- Complex management: When an employee leaves, their certificate must be revoked, which requires extra steps.
- Lack of centralization: Each service that requires access has its own authorization system.
The solution to this problem is using a centralized identity provider such as Keycloak.
2025-08-26
VPN: Not Just an “On” Button
For many users, a VPN is simply an “On” button. However, when it comes to building your own secure tunnel, it’s important to understand its architecture. OpenVPN is based on two key ideas: the client-server model and Public Key Infrastructure (PKI).
The Client-Server Model
The concept is simple:
- Server — the entry point into your secure network. It constantly “listens” for incoming requests and is ready to accept connections.
- Client — your device (laptop, phone) that initiates the connection to the server.
Once the server and client “agree,” a secure tunnel is created between them, and all traffic passes through it.
2025-08-25
OpenVPN: A Time-Tested Standard
Introduction
In a world where the speed and simplicity of WireGuard have become the new standard, OpenVPN remains one of the most reliable and flexible VPN protocols. It works both on traditional computers and on networking equipment, providing cross-platform compatibility and a high level of security. However, to understand how to use it, it is important to distinguish between the protocol itself and its client applications.
2025-08-23
When Control Matters Most
Services like Tailscale and NetBird are convenient, but they rely on a third-party control server responsible for authentication, key distribution, and route exchange. For those who, for security or privacy reasons, don’t want to entrust this function to anyone, there are two paths: Headscale and “pure” WireGuard.
Headscale: Your Own Tailscale
Headscale is a fully open-source implementation of Tailscale’s control server. It allows you to deploy your own Tailscale alternative on a VPS or server while still using the official Tailscale clients.