Alexander Wei

Writing about software, data, and more software

Setting Up OpenLDAP for Multi-Domain Email: Self-Hosted Multi-Domain Email

Logging the Correct IP using CloudFront with Apache: Securing Django on EC2

Django Admin 401 Responses: Securing Django on EC2

Django Fail2ban: Securing Django on EC2

Unraveling Culinary Secrets with a Restricted Boltzmann Machine: A Deep Dive into Ingredient Patterns

Streamlining Data Handling in PyTorch: Building an Efficient Data Pipeline

Featured Posts

a computer chip with the letter a on top of it

What Actually Happens When LangChain Runs In a Celery Task

Text similarity search results for "canned tomato" uses OpenAI embeddings

Vector Search with pgvector and Django – Celery: Scalable Django

Solve a Substitution Cipher with a Markov chain

RRQR Factorization and Spanning Boxes

New here?

Start with the Securing Django on EC2 series

Read the series
Get posts by email

Hot coffee, black. Grafana to-go. Protect Grafana without IP whitelisting.

Amazon CloudFront Is Now Free (and That Changes Everything)

What Actually Happens When LangChain Runs In a Celery Task

Vector search using Celery and LangChain where OpenAI embedding clients live inside Celery workers. Startup signals and lazy resource loading.

Vector Search with pgvector and Django – Celery: Scalable Django

A look at adding vector search to a Django service with pgVector and OpenAI embeddings, how Celery keeps embedding workloads scalable.

Securing Django on EC2

I did not plan on writing a series about hardening Django on EC2.

It actually started before I deployed anything.

I spent enough years setting up Linux servers that I developed a reflex: whenever I build a new machine, I install a firewall, lock down SSH, and turn on Fail2ban almost automatically. Ive watched Fail2ban quietly block thousands of bad SSH attempts over the years sometimes within minutes of bringing a server online.

So when I began preparing to deploy Django on EC2, I had this moment of realization: Wait why am I not treating Django the same way I treat SSH?

If Fail2ban protects your shell, why cannot it protect your admin panel? Your login pages? Your API endpoints?

And that thought plus a quick skim through some logs confirmed it. Even before opening Django to the public, I knew I wanted the same level of automatic, server-level protection that had saved me countless times on bare Linux.

This series grew from that mindset: bringing the power of traditional Linux hardening the stuff that just works into the Django world. These posts are not theory; they are the actual steps I followed to prepare my Django deployment before it ever went live.

If deploying Django on EC2 especially behind CloudFront or Apache, I think you will find these guides helpful.

Logging the Correct IP using CloudFront with Apache: Securing Django on EC2

Keeping your Apache configuration up to date with the latest AWS CloudFront IP ranges can be surprisingly important. If you're using CloudFront as a CDN or reverse proxy in front of your Apache server, you need to tell Apache which proxies are trusted.

Django Admin 401 Responses: Securing Django on EC2

Learn how to modify Django Admin to return Django Admin 401 responses on failed login attempts, enabling precise Fail2ban detection and stronger EC2 security.

Django Fail2ban: Securing Django on EC2

Learn how to integrate Django and Fail2ban on an EC2 instance using Apache2 to automatically block repeated login attempts and secure your admin panel.

Self-Hosted Multi-Domain Email

Tutorials on email servers are sparse. Everyone wants to deploy a Vercel app, but nobody is standing up Postfix servers. Even more so for configuring multiple domains on a single VM.

We need four things:

  1. Outgoing SMTP Relay (AWS SES),
  2. Incoming SMTP Server (Postfix),
  3. IMAP Server (Dovecot),
  4. Authentication Provider / LDAP Server (OpenLDAP)

Configuring Postfix with LDAP: Self-Hosted Multi-Domain Email

Moreover, we set it up as a relay using AWS SES for outgoing messages. Without SES, most servers like gmail.com will reject our messages by default.

Setting Up Dovecot with LDAP: Self-Hosted Multi-Domain Email

It was impossible to find a guide that explains how to set up Dovecot for a multi-domain email server, so I made one to remind myself.

Setting Up OpenLDAP for Multi-Domain Email: Self-Hosted Multi-Domain Email

I wanted to manage my email accounts without paying for Google Workspace. Here is how I set up OpenLDAP for multi-domain email.

Recent Posts

Categories

Tags