Production VPS hardening,
in 24 hours, for $99.

Caddy 2 auto-TLS via Let’s Encrypt. UFW INPUT default-DROP with a safe Docker bridge whitelist. iptables-persistent so the rules survive a reboot. A one-page README of exactly what changed.

Live proof: srv1592437.hstgr.cloud/health returns a JSON health blob over HTTPS with a valid Let’s Encrypt cert and HTTP/3 — the same Caddy + TLS stack you get on your box.

The offer — $99 fixed, 24-hour turnaround

What you get

  • Caddy 2 auto-TLS via Let’s Encrypt for one or more domains
  • UFW INPUT default-DROP with a safe Docker bridge whitelist
  • iptables-persistent so rules survive every reboot
  • Docker + docker-compose-plugin install if your box is missing them
  • A one-page README of exactly what changed and why

What this is not

  • Application deployment
  • Application debugging
  • Ongoing managed support

One-shot install. You keep root and full control throughout. No accounts created in your name, no backdoors, no recurring access.

When this doesn’t fit

If any of the below is true, I’ll tell you up-front and not take the job:

  • The machine is air-gapped or has no internet egress (Let’s Encrypt unreachable)
  • An attacker already has root on the target box (network-perimeter defenses can’t fix that)
  • You need application-layer security (auth, RBAC, code obfuscation, DRM)
  • You need ongoing managed service rather than a one-shot install
  • No domain available (LE issuance requires a DNS name)

How it works

  1. 1. You reach out

    Tell me your VPS provider, OS, and one domain you control. I confirm scope and feasibility in writing before any work starts.

  2. 2. I harden the box

    Caddy 2 with auto-TLS, UFW default-DROP with a Docker-safe bridge whitelist, iptables-persistent for reboot survival, Docker + compose-plugin if needed. Typical turnaround: well inside 24 hours.

  3. 3. You get a one-page README

    Every change documented — what was added, what was changed, where to find it, how to revert. You keep root access the entire time.

How to engage

This page is informational. There’s no contact form, no email signup, no tracker. If you arrived here from a Reddit comment, reply to that thread — that’s the contact channel.

No accounts created in your name, no recurring access, no data collected from this page.