Loading...
Loading...
Found 37 Skills
Provision new NixOS servers on Proxmox for this nix flake project. Guides through the complete workflow: creating Proxmox LXC containers, SSH setup, Colmena configuration (init/full pattern), and application deployment with nginx proxy, PostgreSQL, and container images. Use when: (1) Creating a new server/container on Proxmox, (2) Setting up a new NixOS host with Colmena, (3) Deploying applications with nginx SSL proxy and/or PostgreSQL database, (4) Adding new container images to the repository.
Deployment & Operations Expert responsible for securely, rollbackable, and observably deploying builds that pass Reviewer and QA gates to servers (PM2 3-process cluster + Nginx reverse proxy + BT Panel). Adheres to engineering baselines including zero-downtime deployment, health checks, rollback within ≤3 minutes, and post-release smoke testing. Handles deployment orchestration, configuration management, traffic management, and monitoring & alerting. Applicable when receiving task cards from the Deploy department or needing to release to production.
API gateway patterns and implementations. Kong, AWS API Gateway, NGINX as gateway, rate limiting, request routing, authentication offloading, and request/response transformation. USE WHEN: user mentions "API gateway", "Kong", "AWS API Gateway", "NGINX gateway", "gateway pattern", "request routing", "BFF" DO NOT USE FOR: reverse proxy basics - use infrastructure skills; service mesh - use `service-mesh`; rate limiting in app - use `rate-limiting`
DigitalOcean Droplets, Linux server security, Nginx, and UFW.
Analyze application logs to identify errors, performance issues, and security anomalies. Use when debugging issues, monitoring system health, or investigating incidents. Handles various log formats including Apache, Nginx, application logs, and JSON logs.
Docker containerization patterns for Python/React projects. Use when creating or modifying Dockerfiles, optimizing image size, setting up Docker Compose for local development, or hardening container security. Covers multi-stage builds for Python (python:3.12-slim) and React (node:20-alpine -> nginx:alpine), layer optimization, .dockerignore, non-root user, security scanning with Trivy, Docker Compose for dev (backend + frontend + PostgreSQL + Redis), and image tagging strategy. Does NOT cover deployment orchestration (use deployment-pipeline).
Linux (Ubuntu/Debian) server initial setup and ongoing administration skill. Covers new server hardening, user management, package management, file permissions, resource limits, log rotation, cron scheduling, and disk management. USE WHEN: - Performing initial setup of a fresh Ubuntu/Debian server (VPS, bare metal, cloud VM) - Hardening SSH, disabling root login, configuring sudo - Configuring system-level resource limits (ulimits, sysctl) for high-concurrency workloads - Managing users, groups, file permissions, and ACLs - Setting up log rotation, journald retention, swap, and NTP - Troubleshooting disk full, FD exhaustion, locale errors, or time drift DO NOT USE FOR: - Container-level administration (use docker or kubernetes skill) - Application deployment pipelines (use deployment-strategies or ci-cd skill) - Firewall/fail2ban configuration (use firewall skill) - Nginx or service configuration (use nginx or systemd skill)
Traefik v3 cloud-native reverse proxy. Covers providers, entrypoints, routers, middlewares, services, Docker labels, TLS/ACME, dashboard, and metrics. USE WHEN: user mentions "traefik", "traefik v3", "traefik docker", "traefik labels", "traefik middleware", "traefik dashboard", "traefik tls", "traefik acme", "traefik router", "traefik entrypoint", "traefik reverse proxy", "traefik cloudflare", "traefik let's encrypt", "traefik rate limit" DO NOT USE FOR: Caddy-based setups - use `caddy` skill, Nginx load balancing - use `load-balancer` skill, Kubernetes ingress with nginx-ingress - use `kubernetes` skill, Application-level TLS inside app code
代理服务器配置
Configures SSL/TLS certificates, implements secure protocols and ciphers, and sets up security headers. Use when setting up HTTPS, SSL certificates, TLS configuration, or web security hardening.
SSL/TLS 证书
Rechazo de payloads que excedan el tamaño máximo permitido para prevenir ataques DoS