Server Administration

Linux Server Administration

Server environments built and managed at scale. We cover infrastructure design, CI/CD, pipeline security hardening, and keeping everything monitored.

─ □ ×

Global Infrastructure Orchestration

LIVE

Infrastructure Health

Kubernetes

6 Active Clusters

Healthy

CI/CD Pipeline

GitLab Workflow + Ansible

Deploying

Edge Network

Cloudflare + 3 Regions

Online

Service Uptime

API Gateway

tail -f /var/log/production-deploy.log

STREAMING

[2025-05-10 14:32:01] === Holtzweb Infra Pipeline v3.2.1 ===

[14:32:02]INFOLoading Ansible inventory: multi-cloud/production.yml

[14:32:02]INFOConnecting to Vault cluster: vault.internal:8200

[14:32:03]SUCCESSVault token renewed — TTL 24h

[14:32:04]TASK[k8s/pre-flight] Verifying cluster connectivity

[14:32:04]INFOkubectl: us-east-1 (EKS) — API server reachable

[14:32:05]INFOkubectl: eu-west-1 (EKS) — API server reachable

[14:32:05]INFOkubectl: ap-southeast-1 (GKE) — API server reachable

[14:32:06]TASK[ansible] deploy-gateway.yml — Hosts: 14

[14:32:07]INFOPulling image: registry.io/api-gateway:v3.8.1

[14:32:08]OKLayer cache hit — no pull required (2.3 GB)

[14:32:08]TASK[k8s] Applying ConfigMaps → namespace: production

[14:32:09]OKconfigmap/app-config patched (us-east-1)

[14:32:09]OKconfigmap/nginx-ingress patched (eu-west-1)

[14:32:10]TASK[k8s] Rolling restart: deployment/api-gateway (us-east-1)

[14:32:11]INFOPod api-gateway-7d8f-xk2p9 → Terminating

[14:32:13]OKPod api-gateway-9c3a-mn7r1 → Running (1/1 Ready)

[14:32:15]OKPod api-gateway-9c3a-pq4t8 → Running (1/1 Ready)

[14:32:16]PASSHealth check: /healthz → HTTP 200 (us-east-1, 38ms)

[14:32:17]TASK[terraform] Plan: cloudflare-waf.tf — evaluating rules

[14:32:18]OKNo changes detected in Cloudflare WAF rules

[14:32:19]TASK[ansible] Syncing Redis replicas: us-east-1 → eu-west-1

[14:32:20]INFOReplication lag check: primary → replica

[14:32:21]OKLag: 2ms — within SLA threshold

[14:32:22]TASK[k8s] HPA scaling: workers 8 → 12 replicas (eu-west-1)

[14:32:24]OKReplica set stabilized — 12/12 pods ready

[14:32:25]TASK[k8s] Applying ingress rules (ap-southeast-1)

[14:32:26]OKingress/api-ingress configured — 3 routes active

[14:32:27]PASSEdge latency: ap-southeast-1 → CDN → 41ms

[14:32:28]TASK[ansible] TLS certificate audit — all endpoints

[14:32:29]INFOapi.holtzweb.io — expires in 45 days, no rotation needed

[14:32:30]TASK[terraform] Drift detection: multi-cloud networking stack

[14:32:31]OKInfrastructure matches desired state — 0 diffs

[14:32:32]INFOCloudflare cache purge: /api/v3/* — 3 zones cleared

[14:32:33]TASKRunning smoke tests across all regions

[14:32:34]PASSPOST /api/auth → 200 OK (us-east-1, 47ms)

[14:32:35]PASSGET /api/status → 200 OK (eu-west-1, 52ms)

[14:32:36]PASSGET /api/health → 200 OK (ap-southeast-1, 61ms)

[14:32:37]SUCCESSAll regions healthy — deployment complete

[14:32:47] === Deployment finished in 46s ===

[2025-05-10 14:32:01] === Holtzweb Infra Pipeline v3.2.1 ===

[14:32:02]INFOLoading Ansible inventory: multi-cloud/production.yml

[14:32:02]INFOConnecting to Vault cluster: vault.internal:8200

[14:32:03]SUCCESSVault token renewed — TTL 24h

[14:32:04]TASK[k8s/pre-flight] Verifying cluster connectivity

[14:32:04]INFOkubectl: us-east-1 (EKS) — API server reachable

[14:32:05]INFOkubectl: eu-west-1 (EKS) — API server reachable

[14:32:05]INFOkubectl: ap-southeast-1 (GKE) — API server reachable

[14:32:06]TASK[ansible] deploy-gateway.yml — Hosts: 14

[14:32:07]INFOPulling image: registry.io/api-gateway:v3.8.1

[14:32:08]OKLayer cache hit — no pull required (2.3 GB)

[14:32:08]TASK[k8s] Applying ConfigMaps → namespace: production

[14:32:09]OKconfigmap/app-config patched (us-east-1)

[14:32:09]OKconfigmap/nginx-ingress patched (eu-west-1)

[14:32:10]TASK[k8s] Rolling restart: deployment/api-gateway (us-east-1)

[14:32:11]INFOPod api-gateway-7d8f-xk2p9 → Terminating

[14:32:13]OKPod api-gateway-9c3a-mn7r1 → Running (1/1 Ready)

[14:32:15]OKPod api-gateway-9c3a-pq4t8 → Running (1/1 Ready)

[14:32:16]PASSHealth check: /healthz → HTTP 200 (us-east-1, 38ms)

[14:32:17]TASK[terraform] Plan: cloudflare-waf.tf — evaluating rules

[14:32:18]OKNo changes detected in Cloudflare WAF rules

[14:32:19]TASK[ansible] Syncing Redis replicas: us-east-1 → eu-west-1

[14:32:20]INFOReplication lag check: primary → replica

[14:32:21]OKLag: 2ms — within SLA threshold

[14:32:22]TASK[k8s] HPA scaling: workers 8 → 12 replicas (eu-west-1)

[14:32:24]OKReplica set stabilized — 12/12 pods ready

[14:32:25]TASK[k8s] Applying ingress rules (ap-southeast-1)

[14:32:26]OKingress/api-ingress configured — 3 routes active

[14:32:27]PASSEdge latency: ap-southeast-1 → CDN → 41ms

[14:32:28]TASK[ansible] TLS certificate audit — all endpoints

[14:32:29]INFOapi.holtzweb.io — expires in 45 days, no rotation needed

[14:32:30]TASK[terraform] Drift detection: multi-cloud networking stack

[14:32:31]OKInfrastructure matches desired state — 0 diffs

[14:32:32]INFOCloudflare cache purge: /api/v3/* — 3 zones cleared

[14:32:33]TASKRunning smoke tests across all regions

[14:32:34]PASSPOST /api/auth → 200 OK (us-east-1, 47ms)

[14:32:35]PASSGET /api/status → 200 OK (eu-west-1, 52ms)

[14:32:36]PASSGET /api/health → 200 OK (ap-southeast-1, 61ms)

[14:32:37]SUCCESSAll regions healthy — deployment complete

[14:32:47] === Deployment finished in 46s ===

Server Provisioning

Bare metal, VPS, cloud instance, or dedicated GPU node. Whatever your environment we provide custom and well documented systems.

Security Hardening

CIS Level 2 benchmarks, rootless containers, AppArmor/SELinux profiles, WireGuard, and supply chain controls.

High Availability & Failover

Kubernetes, Swarm, Incus, HAProxy, Nginx, Postgres, all kept in sync. Ready and designed for any possible failure.

Backup & Disaster Recovery

Immutable off-site backups, tested restore runbooks, and documented RTO/RPO. We run the drills so the drill isn't your outage.

Kubernetes & Orchestration

Docker Swarm, clusters on bare metal, failover, or managed cloud kubernetes - we provide secure automated deployments for any environment.

Container & Virtualization

Secure, well managed scopes. Rootless, isolated micro-VMs, namespace and resource limited. Dev and Prod live in harmony.

Web Server Configuration

Nginx, Caddy, and Traefik with automated TLS, HTTP/3, edge caching, and zero-downtime reload. Apache is always available for legacy stacks.

Observability Stack

Prometheus, Grafana, Loki, Mimir, Tempo, and OpenTelemetry. Full metrics, logs, and traces in one pane. Alerts that provide details not noise.

GitOps & CI/CD Integration

ArgoCD, Flux, and GitHub, GitLab, or Jenkins. We write pipelines that work. Safety, with policies, rollback gates, and environment var protection built in.

Infrastructure as Code

Terraform, OpenTofu, and Ansible. Git checked, idempotent, easily reviewed, and version-controlled. Your infrastructure lives in Git, not in someone's head.

Servers that run themselves (almost)

Whether you need zero-downtime Kubernetes deployments, security policies baked into your CI/CD pipeline, or just want your infrastructure in Git, not in someone's head - we are here to help.

What Can We Do For You →