Linux Server Software

Linux server software forms the functional layer of modern infrastructures—it connects systems, users, and applications across different deployment scenarios.
I plan, install, and operate classic Linux-based server services such as web server & reverse proxy setups, mail, file, and authentication servers.
All systems are documented, hardened, and managed automatically—regardless of whether they run on bare metal, in VMs, or in containers.
I consistently use open standards and open-source software such as Apache, NGINX, Mailcow, and Samba to create a complete, traceable, and license-free server landscape.

Web Server & Reverse Proxy

Comeli dragon holds a net in his hands and stands for the operation and security of Linux-based web servers and reverse proxies.

I operate web and proxy servers that combine high performance and security. This includes classic hosting setups as well as reverse proxies for complex multi-domain or container environments.

Apache2 and NGINX as web and proxy servers
Virtual hosts, reverse proxy routing, and load balancing
TLS certificate management (Let’s Encrypt, ACME, internal PKI)
ModSecurity, Fail2Ban, and geo-blocking for hardening
Integration into CI/CD and automated reloads via Ansible

Mail- & Groupware-Systems

Comeli dragon with letters and messages represents the operation of mail and groupware systems such as Mailcow and collaboration services.

I set up complete mail and communication systems based on open components – including anti-spam, anti-virus, and TLS encryption.

Mailcow mail server (Postfix, Dovecot, Rspamd, ClamAV, SOGo)
SPF, DKIM, DMARC, and MTA-STS
Automated account and alias management (LDAP/SSSD)
TLS/SSL encryption, certificate rotation
Integration into backup, logging, and monitoring systems

File, authentication, and directory services

Comeli dragon stands next to directory folders and symbolizes central authentication and directory services such as LDAP and Samba Active Directory.

I implement central authentication and file services that securely connect Linux and Windows environments.

Samba Active Directory (domain controllers, ACLs, group policies)
NFS and CIFS for Linux/Windows file sharing
Integration with central authentication (LDAP, Kerberos)
Replication, roaming profiles, shadow copies
Automated user/group provisioning via Ansible

Remote Access & Management Services

Comeli dragon is working on a laptop and represents secure remote access and management services for Linux servers and systems.

I set up remote environments for access, management, and training—secure, browser-based, and independent of VPN clients.

Apache Guacamole for browser-based remote desktop access
Integration of SSH, RDP, and VNC access
Access control via LDAP/SSSD and VPN gateways
Snapshot and reset functionality for training systems
Integration into multi-tenant environments

Security &
Automation

Comeli dragon with a magnifying glass stands for security monitoring, system hardening, and automated configuration management of server services.

All server services are hardened, monitored, and managed automatically. I use Ansible to keep configurations reproducible and implement security policies consistently.

SELinux/AppArmor profiles and security audits
Ansible-based configuration management
OpenSCAP compliance checks and patch automation
Monitoring via Prometheus Exporter, Alertmanager, and Grafana
Versioned server setups and automated documentation

Integration & Self-Hosting

Comeli dragon is holding several houses in its hands and represents the integration of classic server services into self-hosting and open-source platforms.

I combine classic server services with self-hosting platforms to operate complete, independent infrastructures. This creates a consistent open-source architecture from web to email and authentication.

Integration of OpenCloud, Bookstack, OpenProject
Common authentication via LDAP/Kerberos
Uniform logging and monitoring
Self-hosting and training operations in isolated environments
API and webhook integration for automation

Trainings

You can find specific trainings and current topics in the Comelio GmbH training catalog.
Available in-house at your company, as a webinar, or as an open training—designed to meet different requirements.

View trainings

Frequently asked questions about Linux Server Software

In this FAQ, you will find the topics that come up most frequently in consultations and training sessions. Each answer is kept brief and refers to further content where necessary. Can’t find your question? Feel free to contact me.

Comeli dragon leans against a “FAQ” sign and answers questions about Linux server software.

Which one should I use, Apache or NGINX?

NGINX is event-driven, economical, and powerful as a reverse proxy for static assets and container backends. Apache is ideal when complex rewrites, auth modules, or legacy setups are required. In practice, we run PHP/apps via FPM/Upstream behind both, standardize TLS/ACME, security headers, and WAF rules – this keeps the edge lean, reproducible, and CI-compatible.

Reverse proxy or load balancer – what’s the difference?

The reverse proxy terminates TLS, sets policies/headers, and protects via WAF (e.g., ModSecurity); it routes specifically to services. A load balancer distributes traffic to multiple backends using health checks and algorithms (round-robin, least-conn, sticky sessions). We often combine both: NGINX as edge + HAProxy/NGINX-LB behind it, highly available via VRRP/Keepalived – including blue-green/canary paths for zero-downtime deployments.

How do I secure and operate standard servers sustainably?

With lean images, SSH keys/2FA, firewall/WAF, Fail2ban, and consistent TLS/PKI maintenance. Hardening follows OpenSCAP/CIS, patches run automatically, configuration as code (Ansible) including secrets handling. Centralized logs/metrics (Prometheus/Alertmanager/Grafana), clear runbooks, and regular restore tests ensure that operations, audits, and incidents remain measurably under control.