Enterno.io How-to Guides
Step-by-step guides: check SSL, DNS, ports, monitor uptime, fix errors. Each guide — 3-7 steps, no fluff, real examples and commands.
HTTP & APIs 32
How to Add Semantic Search to a Site
Key idea: Semantic search enhances Ctrl+F / keyword search: (1) Embed all content (articles, products) at index time — OpenAI text-embedding-3-small $0.02/1M, (2) Store in Qdrant/p…
Read →How to Set Up PostgreSQL Backups
Key idea: PostgreSQL backup — 3 levels: logical (pg_dump, portable), physical (pg_basebackup, fast restore), continuous WAL archiving (point-in-time recovery). For prod: daily pg_b…
Read →How to Build an AI Agent with MCP
Key idea: MCP (Model Context Protocol) from Anthropic — standard for exposing tools to LLM agents. Server implements tools → Client (Claude Desktop, Zed, custom) connects → LLM inv…
Read →How to Build a RAG Chatbot
Key idea: RAG chatbot in 30 minutes: (1) Chunk documents into 500-1000 tokens, (2) Embed via OpenAI text-embedding-3-small ($0.02/1M), (3) Store in Qdrant (Rust open-source), (4) U…
Read →How to Cache LLM API Calls
Key idea: Reduce LLM cost 10x via caching: (1) Exact match — hash prompt → Redis, if hit return without LLM call (free, instant), (2) Semantic cache — embed prompt → similar query …
Read →How to Configure logrotate
Key idea: logrotate — the standard Linux tool for managing log files. Rotates (renames), compresses, deletes old logs on a schedule. Installed in most distributions by default. Con…
Read →How to Debug nginx Errors
Key idea: nginx errors — most often config syntax (nginx -t catches), permissions (error.log), upstream issues (502/504). Debug steps: tail error.log, curl test from different angl…
Read →How to Deploy LLM on Serverless
Key idea: Serverless GPU 2026 made LLM hosting accessible: (1) Modal.com ($0.0005/s A10G) — Python-native, cold start 2-5s, (2) RunPod Serverless ($0.0003/s) — cheaper, template-ba…
Read →How to Evaluate LLM Quality
Key idea: LLM eval 2026: (1) Automatic metrics — Ragas (answer_relevancy, faithfulness), BLEU / ROUGE for translation, Pass@K for code, (2) LLM-as-judge — GPT-5 evaluates another L…
Read →How to Fine-tune LLM
Key idea: Fine-tuning 2026: (1) Prepare 100-10k examples in JSONL, (2) Pick platform — OpenAI (gpt-4o-mini FT $3/1M), Together.ai Llama 3 70B LoRA ($5-20), or self-host via Axolotl…
Read →How to Fix Slow PostgreSQL Queries
Key idea: Slow Postgres queries are the most common bottleneck in web apps. Diagnostic tools: pg_stat_statements (top by total time), EXPLAIN ANALYZE (query plan), auto_explain (lo…
Read →How to Migrate to Kubernetes
Key idea: Migration to Kubernetes — 6-step process: 1) Containerize app (Dockerfile), 2) Choose K8s provider (managed EKS/GKE/AKS or self-hosted), 3) Write manifests (Deployment + …
Read →API uptime monitoring
Key idea: API uptime ≠ landing-page uptime. Check a health endpoint (not /), expect 200 OK + json {"status":"ok"}, 10 s timeout, 60 s interval (no rarer — you will miss 5-min incid…
Read →Monitoring LLM API latency
Key idea: LLM APIs swing from 200 ms to 30 s depending on context length, model, and provider. Measure P95 + time-to-first-token separately (for streaming). HTTP monitor every 60 s…
Read →How to Measure SLI/SLO
Key idea: SLI (Service Level Indicator) — what you measure: latency p99 < 200ms, error rate < 0.1%, availability > 99.9%. SLO (Service Level Objective) — target on the SLI. Error B…
Read →How to Configure Cache Headers for Your Site
Key idea: Cache-Control is an HTTP header controlling browser and CDN caching. For immutable assets (JS/CSS/images with hash) — public, max-age=31536000, immutable (1 year). For HT…
Read →How to Connect a CDN to Your Site
Key idea: CDN (Content Delivery Network) — geographically distributed servers serving static content from the node closest to the user. For a standard site setup takes 30 min: regi…
Read →How to Set Up CI/CD in GitHub Actions
Key idea: GitHub Actions — built-in CI/CD in GitHub (free 2000 min/month for private repos, unlimited for public). Workflow = YAML file in .github/workflows/. Triggers: push, pull_…
Read →How to Set Up Cloudflare CDN
Key idea: Cloudflare — most popular free CDN + DDoS protection + SSL. Setup in 15 min: 1) Register, 2) Add site, import DNS, 3) Switch nameservers to Cloudflare at registrar, 4) Wa…
Read →How to Set Up GitOps with ArgoCD
Key idea: GitOps with ArgoCD: manifests in Git → agent in Kubernetes automatically applies → UI shows sync status. Setup in 15 min: install ArgoCD via manifests, create Application…
Read →How to Set Up OpenTelemetry
Key idea: OpenTelemetry (OTel) — CNCF standard for unified observability (traces + metrics + logs). Replaces Jaeger / Zipkin-specific + Prometheus-specific code. 2026: auto-instrum…
Read →How to Set Up Prometheus Alerting
Key idea: Prometheus alerting: (1) Define alert rules in Prometheus rules.yaml (PromQL expressions), (2) Prometheus sends firing alerts → Alertmanager, (3) Alertmanager deduplicate…
Read →How to Set Up Prometheus + Grafana
Key idea: Prometheus (metrics storage) + Grafana (visualization) — the open-source standard for monitoring. Deploy in 15 min via Docker Compose. Prometheus scrapes /metrics endpoin…
Read →How to Set Up Redis Cluster
Key idea: Redis Cluster — native horizontal scaling for Redis. Minimum: 3 masters + 3 replicas = 6 nodes (distributed across 16384 slots). Automated failover, client-side sharding,…
Read →How to Set Up a Reverse Proxy
Key idea: A reverse proxy accepts client requests and forwards them to one or several backend servers. Why: SSL termination (TLS on the proxy only), load balancing, caching, compre…
Read →How to Generate SBOM
Key idea: SBOM (Software Bill of Materials) — machine-readable inventory of all components in your artifact (image / binary / source). Required for US federal contractors (EO 14028…
Read →Structured Logging
Key idea: Structured logging — logs in machine-readable format (JSON) instead of plain text. Key benefits: searchable ("error AND user.id=123"), aggregatable (count errors by endpo…
Read →How to Create a systemd Service
Key idea: systemd is the init system on every modern Linux. A service unit = .service file describing how to start/stop/restart a daemon. Replaces supervisord, pm2 (for Node), rc.d…
Read →How to Deploy a Vector Database
Key idea: Vector DB setup: (1) Pick — Qdrant (Rust open-source, fast), pgvector (Postgres extension, simple), Weaviate (hybrid search), (2) Docker deploy or managed cloud, (3) Crea…
Read →How to Stream LLM Responses
Key idea: LLM streaming is the key to good UX. Without streaming the user waits 10s for a blank screen until the full response. With streaming — first token within 300-500ms. Parad…
Read →Distributed Tracing Setup
Key idea: Distributed tracing — tracking a single request across multiple microservices. Key: trace context propagation via HTTP/gRPC headers (W3C traceparent). Each service create…
Read →How to Use Docker Compose
Key idea: Docker Compose — tool for defining + running multi-container apps via a single YAML file. Convenient for local dev (app + DB + Redis + nginx) and small production deploym…
Read →Security 18
How to Audit npm Supply Chain
Key idea: npm supply chain in 2026 — one of the top-3 attack surfaces. The 2024 xz backdoor + 2023 event-stream + 2024 shai-hulud showed: any of 1000+ transitive deps can be hijack…
Read →How to Block a Country in nginx
Key idea: Geo-blocking in nginx via ngx_http_geoip2_module + MaxMind GeoLite2 database. IP lookup → country code → allow/deny via map or if. Useful for compliance (GDPR, sanctions)…
Read →Detecting prompt injection
Key idea: Prompt injection is user input that overrides or bypasses your system prompt. Three classes: direct ("ignore instructions, do X"), indirect (malicious payload in a RAG do…
Read →How to Protect Your Site from CSRF
Key idea: CSRF (Cross-Site Request Forgery) — attack where an attacker makes a user perform an action on your site (transfer money, change password) via a cross-site request. Mitig…
Read →How to Enable HSTS on nginx and Apache
TL;DR: To enable HSTS: add the header Strict-Transport-Security: max-age=31536000; includeSubDomains; preload in nginx (add_header) or Apache (Header set). For hstspreload.org incl…
Read →How to Harden an SSH Server
Key idea: SSH brute-force is the #1 attack on Linux servers. Basic hardening in 30 min blocks 99% of attacks: disable password auth (keys only), change the port from 22, AllowUsers…
Read →How to Prevent Prompt Injection
Key idea: Prompt injection — OWASP #1 for LLM. 100% fix does not exist. Defence in depth: (1) Structured output (JSON schema) — LLM bound to format, (2) Tool allowlist + confirm UI…
Read →How to Rotate Production Secrets
Key idea: Secret rotation in 2026: (1) Enumerate all secrets (DB passwords, API keys, JWT, OAuth client secrets), (2) Central store — AWS Secrets Manager ($0.40/secret/mo), HashiCo…
Read →How to Secure AI API Keys
Key idea: AI API keys leak in 2026: (1) in client-side JS (main issue), (2) in GitHub public repos (secret scanning catches $20k+ monthly), (3) logs + error messages. Defence: (A) …
Read →How to Secure API Keys
Key idea: API key leaks are the #1 breach cause in 2026. Core rules: 1) Never commit keys to Git (use .env + .gitignore), 2) Rotate regularly (quarterly + on incident), 3) Scoped k…
Read →LLM security monitoring
Key idea: LLM security monitoring is 4 parallel signals: (1) blocked_count from the pre-filter, (2) output_safety_score from an LLM judge, (3) per-user rate (runaway protection), (…
Read →How to Configure Fail2Ban for Server Defence
Key idea: Fail2Ban is an open-source IDS blocking IPs after N failed attempts. Linux-server security standard. Protects: SSH brute-force, web-app login bruteforce, CMS scanning. Se…
Read →Kubernetes Ingress
Key idea: Ingress — a K8s resource describing HTTP(S) routing: which host/path goes to which Service. Requires an Ingress Controller (ingress-nginx, Traefik, HAProxy Ingress). cert…
Read →Nginx rate limiting: zones, burst, 429
Key idea: Two directives: limit_req_zone defines the pool (key + memory + rate), limit_req activates it in a location. A 10 MB zone holds ~160k unique IPs in RAM. Add burst for sho…
Read →How to Set Up an OAuth 2.0 Provider
Key idea: OAuth 2.0 provider setup enables "Login with Google/GitHub/VK" in your app. For web: Authorization Code flow. For SPA/mobile: Authorization Code + PKCE (RFC 7636). Proces…
Read →How to Set Up Snyk Scanning
Key idea: Snyk — market leader (2016) for dependency + container + IaC security scanning. Free tier: 100 tests/mo. 2026 competitors: GitHub Dependabot (free, native), Semgrep (open…
Read →How to Set Up HashiCorp Vault
Key idea: HashiCorp Vault — industry-standard secret manager. Stores: API keys, DB passwords, TLS certs, SSH keys. Features: dynamic secrets (creates credentials on-demand), leasin…
Read →How to Sign Docker Images
Key idea: Cosign — open-source tool (Sigstore project) for cryptographic signing of container images. Supply chain security essential in 2026. Keyless mode — uses OIDC (GitHub Acti…
Read →SSL / TLS 11
How to Check a Site's SSL Certificate Online
TL;DR: To check a site's SSL certificate: open the Enterno.io SSL checker, enter a domain (example.com), click "Check". In 1-2 seconds you get a full picture — expiry, issuer, chai…
Read →How to Debug a TLS Handshake
Key idea: TLS handshake failures are among the hardest debug categories. Tools: openssl s_client for shell, Wireshark with TLS decryption for deep analysis, curl -v for application…
Read →How to Enable HTTP/2 on Your Site
Key idea: HTTP/2 is a binary multiplexed protocol that speeds up 10-30% of sites with no code changes. Requirements: HTTPS (mandatory), nginx ≥ 1.9.5, Apache ≥ 2.4.17 with mod_http…
Read →How to Fix SSL Errors in Chrome/Firefox/Safari
TL;DR: To fix browser SSL errors: (1) check the certificate via SSL checker — see the exact cause; (2) reissue via certbot/Let's Encrypt; (3) configure fullchain + TLS 1.2/1.3 on t…
Read →How to Generate a CSR for Your SSL Certificate
Key idea: CSR (Certificate Signing Request) is a file with your public key and organisation data that you send to a CA to obtain an SSL certificate. Generated with openssl, require…
Read →How to Install SSL on nginx
Key idea: Installing SSL on nginx in 15 min with Let's Encrypt: certbot automatically modifies the config + enables HTTPS + adds HTTP→HTTPS redirect. For manual control — copy full…
Read →How to Migrate from HTTP to HTTPS
TL;DR: HTTP to HTTPS migration: (1) get SSL certificate via certbot (free); (2) configure nginx/Apache for HTTPS + TLS 1.2/1.3; (3) add 301 redirect from all http:// to https://; (…
Read →How to Auto-Renew a Let's Encrypt Certificate
TL;DR: Let's Encrypt auto-renewal: sudo certbot renew --dry-run — test. Then cron: 0 3 * * * certbot renew --quiet --post-hook "systemctl reload nginx". Let's Encrypt is valid 90 d…
Read →How to Rotate an SSL Certificate Zero-Downtime
Key idea: SSL rotation = replacing the cert before expiry. Correct flow: 30 days before expiry obtain a new cert, drop it next to the old one, hot-reload the web server. Clients in…
Read →How to Get a Let's Encrypt Wildcard Certificate
Key idea: A wildcard cert (*.example.com) covers all subdomains with a single certificate. Let's Encrypt issues wildcards only via the DNS-01 challenge (HTTP-01 does not work). You…
Read →How to Enable OCSP Stapling
Key idea: OCSP Stapling — the server fetches the OCSP response from the CA ahead of time and "staples" it to the TLS handshake. Without stapling, every client queries OCSP themselv…
Read →Performance 5
How to Check Website Speed (Core Web Vitals)
TL;DR: To check speed: Enterno.io PageSpeed — Google-methodology analysis returning Core Web Vitals (LCP, CLS, INP) + a 0-100 performance score for Mobile and Desktop. Free, no sig…
Read →How to Enable Brotli in nginx
Key idea: Brotli (brotli.org, Google) is a compression algorithm 15-25% better than gzip for text (HTML/CSS/JS). Client support 95%+ by 2026. Install in nginx: compile ngx_brotli m…
Read →How to Measure Web Vitals
Key idea: Core Web Vitals 2026: LCP (Largest Contentful Paint) < 2.5s, INP (Interaction to Next Paint, replaced FID March 2024) < 200ms, CLS (Cumulative Layout Shift) < 0.1. Field …
Read →How to Improve Site LCP
Key idea: LCP (Largest Contentful Paint) — when the main visible element (usually hero image or H1+paragraph) paints. "Good" threshold ≤ 2.5s. Typical LCP killers: heavy hero image…
Read →How to Reduce Time to First Byte
TL;DR: To reduce TTFB: (1) deploy a CDN (Cloudflare/Fastly) — edge caching for static assets; (2) enable server-level cache (Redis/Memcached for DB queries); (3) optimise slow SQL …
Read →Other 4
Fix Kafka Consumer Lag
Key idea: Lag — the count of unprocessed messages in a partition. Diagnose: kafka-consumer-groups.sh --describe. Four causes: (1) consumer is too slow (CPU/DB bottleneck), (2) fewe…
Read →Incident Response: from alert to postmortem
Key idea: Six steps: (1) Declare the incident and set severity (SEV-1/2/3). (2) Assign an Incident Commander — they coordinate, they don't fix. (3) Open a dedicated channel (Slack/…
Read →Tune PostgreSQL Performance
Key idea: First four levers: shared_buffers = 25 % RAM, effective_cache_size = 75 % RAM, work_mem = RAM / (max_connections × 3), maintenance_work_mem = 1-2 GB. Then enable pg_stat_…
Read →Tune Redis Memory
Key idea: Set maxmemory = 75 % of server RAM and maxmemory-policy = allkeys-lru (or volatile-lru if you rely on TTLs). Watch used_memory_rss / used_memory in INFO — a ratio > 1.5 =…
Read →Other 3
How to Check API CORS Headers
TL;DR: To check API CORS: use /en/cors Enterno.io checker — enter endpoint and origin, get all CORS headers + preflight test. Diagnoses common issues: missing Allow-Origin, wildcar…
Read →How to Configure CORS Correctly
Key idea: CORS (Cross-Origin Resource Sharing) is the mechanism letting JavaScript from one origin (domain:port:scheme) request resources from another. Without CORS, browsers block…
Read →How to Fix CORS Preflight
Key idea: CORS preflight — an OPTIONS request browser sends before a non-simple request (custom headers, non-GET). If the server does not answer 200/204 with proper CORS headers, t…
Read →DNS & Domains 3
How to Check DNS Records for a Domain
TL;DR: To check DNS records: open the Enterno.io DNS checker, enter a domain, click "Check". Get every record type (A/AAAA/MX/NS/TXT/SOA/CAA) from a Russia-hosted resolver in 1-2 s…
Read →How to Check DNSSEC for a Domain
Key idea: DNSSEC (Domain Name System Security Extensions) protects DNS from spoofing. Verification = confirm the domain publishes DNSKEY and a DS record in the TLD, and the signatu…
Read →How to Set Up an SPF Record for Your Domain
Key idea: SPF (Sender Policy Framework) is a DNS TXT record listing IPs and servers allowed to send mail on behalf of your domain. Without SPF, Gmail/Yandex.Mail/Mail.ru drop mail …
Read →Other 13
How to Inspect HTTP Response Headers of a Site
TL;DR: To inspect HTTP headers: (1) Enterno.io HTTP checker — online, no signup, shows all response headers; (2) curl -I https://example.com in terminal; (3) Chrome DevTools → Netw…
Read →How to Configure Content-Security-Policy with Nonce
TL;DR: To protect from XSS, configure CSP with nonce: (1) generate nonce each request ($nonce = base64_encode(random_bytes(16))); (2) add to header script-src 'nonce-{$nonce}'; (3)…
Read →How to Configure CSP Nonce
Key idea: CSP nonce — a random value, generated per request, included in the CSP header script-src 'nonce-XXX' and as the attribute <script nonce="XXX">. Lets a specific inli…
Read →How to Check Which Ports Are Open on a Host
TL;DR: To check open ports: Enterno.io port-checker — enter host and port, get status (open/closed/filtered) in 1-2 seconds. For a full scan (top-100 ports) use the Port Scanner.
Read →How to Find and Fix 404 Errors
TL;DR: To fix 404s: (1) find broken URLs via /en/broken-links; (2) set up 301 redirects to relevant content; (3) create a custom 404 page with search and popular links; (4) monitor…
Read →How to Fix the Mixed Content Error
Key idea: Mixed Content happens when an HTTPS page loads HTTP resources (images, scripts, iframes). Chrome blocks active (scripts/iframes) fully, passive (images) triggers a warnin…
Read →How to Monitor Cron Jobs
Key idea: Cron jobs silent-fail — the most common cause of data loss. Default cron: on error, email (if SMTP set up), otherwise nothing. Right approach: heartbeat monitoring (dead-…
Read →LLM API cost alerts
Key idea: LLM spend can grow 100× in an hour from a prompt loop, infinite retries, or an attack. Two layers of defense: a hard cap at the provider (OpenAI usage limit, Anthropic sp…
Read →How to Set Up Free Website Uptime Monitoring
TL;DR: To set up uptime monitoring: sign up at Enterno.io (free, 5 monitors forever), add the site URL, pick an interval (1-5 min), connect Telegram/Slack/Email for alerts. Done — …
Read →How to Redirect www to non-www
Key idea: A single canonical domain is SEO rule #1. Pick one (usually non-www) and 301-redirect the other. Setup: nginx — separate server block for www with return 301; Apache — Re…
Read →How to Configure DKIM for Your Domain
Key idea: DKIM (DomainKeys Identified Mail) is a cryptographic signature proving a message truly originated from your domain and was not altered in transit. Without DKIM Gmail/Yand…
Read →How to Configure DMARC for Your Domain
Key idea: DMARC (Domain-based Message Authentication, Reporting & Conformance) is a policy telling recipients what to do with messages failing SPF/DKIM. Published as a _dmarc.examp…
Read →How to Configure DMARC Record
TL;DR: To set up DMARC: (1) ensure SPF and DKIM already work; (2) add TXT record _dmarc.example.com with value v=DMARC1; p=none; rua=mailto:reports@example.com; (3) after 2-4 weeks…
Read →