Low-frequency. High-signal.

47Network Blog

Engineering deep-dives, security architecture, and practical infrastructure guides from the 47Network team. We publish when we have something worth saying — not on a schedule.

📡 RSS Feed 38 posts published
38posts published
4categories
7-14min avg read time
0sponsored posts. ever.
INFRASTRUCTURE
Zero-trust, Keycloak, eBPF, self-hosting, and the practical side of running your own stack.
SECURITY
Architecture decisions, threat models, and why the details matter when your data is the product.
PRODUCT
How 47Network products are designed, the tradeoffs we made, and the thinking behind the defaults.
QA STRATEGY
Practical testing guidance from TestGate Studio — maturity models, automation, and what to fix first.
QA Strategy February 10, 2026 11 min read New

The QA maturity model: where your team is and what to fix next.

A practical five-level framework for diagnosing your QA maturity — from zero tests to full CI/CD pipeline integration. Where most teams actually sit, and the highest-impact change to make at each level.

47Network Engineering Read →
Infrastructure April 12, 2026 14 min New

PostgreSQL Replication and High Availability: Streaming, Logical, and Failover

Streaming replication setup, WAL archiving, pg_basebackup, Patroni for automatic failover, and connection pooling strategies for production PostgreSQL clusters.

47Network Engineering Read →
Infrastructure April 12, 2026 11 min New

Rate Limiting with Nginx and Redis: Protecting APIs at Scale

Nginx limit_req module, Redis-based distributed rate limiting with token bucket and sliding window algorithms, per-user limits, and burst handling for production APIs.

47Network Engineering Read →
Infrastructure April 12, 2026 12 min New

Zero-Downtime Database Migrations: Patterns That Actually Work

Column additions, index creation, renaming and dropping columns without table locks — the expand/contract pattern and the deploy sequence that makes zero-downtime migrations reliable.

47Network Engineering Read →
Security February 25, 2026 11 min

JWT and Token Authentication: A Practical Security Guide

JWT structure, RS256 vs HS256, the alg:none vulnerability, refresh token rotation, token revocation strategies, and security considerations for JWKS rotation.

47Network Engineering Read →
Infrastructure February 25, 2026 13 min

ZFS for Self-Hosted Infrastructure: Pools, Datasets, and Data Integrity

RAIDZ2 pool design, dataset hierarchy, compression, snapshots, send/receive replication, scrubs, and ECC RAM — the ZFS s

47Network Engineering Read →
Infrastructure February 25, 2026 12 min

Loki Log Aggregation with Promtail: The Grafana Stack's Missing Piece

Label design, LogQL queries, Promtail pipeline stages, correlation with Prometheus metrics, and production deployment pa

47Network Engineering Read →
Infrastructure February 25, 2026 13 min

OpenTelemetry Distributed Tracing for Microservices

Auto-instrumentation, manual spans, context propagation, exporting to Jaeger and Grafana Tempo, and the tracing setup used inside 47Network microservices.

47Network Engineering Read →
Security February 25, 2026 14 min

GDPR Compliance Engineering: A Developer's Practical Guide

Data minimisation, consent mechanisms, right-to-erasure implementation, audit logging for GDPR, and the compliance engineering patterns that make it manageable.

47Network Engineering Read →
Security February 25, 2026 12 min

Tailscale and Headscale: Zero-Config Mesh VPN for Self-Hosted Infrastructure

How Tailscale works, when to self-host the control plane with Headscale, ACLs for zero-trust network policy, and subnet routing for team access control.

47Network Engineering Read →
Security February 25, 2026 11 min

TLS Certificate Automation with Certbot and ACME

HTTP-01 vs DNS-01 challenges, wildcard certificates, Nginx TLS hardening, auto-renewal, and Prometheus expiry alerting.

47Network Engineering Read →
Infrastructure February 25, 2026 13 min

Ansible for Infrastructure Automation: Playbooks That Scale

Idempotent playbooks, roles, inventory management, Ansible Vault, and rolling update patterns for self-hosted server fleets.

47Network Engineering Read →
QA February 24, 2026 11 min

k6 Load Testing: From Zero to Production Benchmarks

Virtual user ramps, thresholds, authenticated scenarios, InfluxDB output, and the five test types every production syste

47Network Engineering Read →
QA February 24, 2026 14 min

Playwright E2E Testing: A Practical Guide for Production Test Suites

Page Object Model, auth fixtures, parallel execution, network interception, and CI sharding — the Playwright patterns be

47Network Engineering Read →
Infrastructure February 24, 2026 11 min

Grafana Dashboards That Don't Lie: From Prometheus to Panels

PromQL for the RED and USE methods, Loki log correlation, alert rules from panels, variable templating, and dashboard organisation for the Grafana observability stack.

47Network Engineering Read →
Security February 24, 2026 12 min

Passkeys and WebAuthn in 2026: Implementation Guide

WebAuthn registration and authentication flows, resident keys, cross-device passkeys, attestation, and fallback strategy for produ

47Network Engineering Read →
Infrastructure February 24, 2026 13 min

GitHub Actions CI/CD for Self-Hosted Infrastructure

Self-hosted runners, Vault secrets injection, environment protection gates, reusable workflows, and artifact-based rollbacks for zero-downtime GitHub Actions deployments.

47Network Engineering Read →
Infrastructure February 24, 2026 11 min

Redis for Application Developers: Caching, Queues, and Pub/Sub

Connection pooling, cache invalidation, BullMQ job queues, pub/sub for real-time events, sorted-set rate limiters, and Redis persistence for production reliability.

47Network Engineering Read →
Infrastructure February 24, 2026 10 min

Backup Strategy for Self-Hosted Infrastructure: Restic + Object Storage

Encrypted deduplicated Restic backups to S3-compatible storage, retention policies, integrity verification, and automated restore testing for production pipelines.

47Network Engineering Read →
Infrastructure February 24, 2026 12 min

Nginx as a Reverse Proxy: TLS, Rate Limiting, and Upstream Health

TLS termination with OCSP stapling, three rate-limiting zones for auth and API endpoints, upstream health checks, JSON logging, and modern TLS proxy configuration.

47Network Engineering Read →
Security February 24, 2026 11 min

SSH hardening: from defaults to production-ready.

Key-only auth, modern algorithm configuration, fail2ban, user and network restrictions, a complete sshd_config, and when to graduate from static keys to Teleport.

47Network Engineering Read →
Infrastructure February 24, 2026 10 min

PostgreSQL for developers who just want it to work.

Connection pooling with PgBouncer, partial and covering indexes, reading EXPLAIN ANALYZE output, VACUUM tuning for high-churn tables, and the postgresql.conf knobs that actually matter.

47Network Engineering Read →
Infrastructure February 24, 2026 10 min

WireGuard site-to-site VPN: setup, routing, and key management.

WireGuard is simpler and faster than OpenVPN or IPsec. Full site-to-site config, subnet routing, key rotation, and split-horizon DNS.

47Network Engineering Read →
Infrastructure February 24, 2026 11 min

Email deliverability: SPF, DKIM, and DMARC actually explained.

SPF authenticates sending IPs, DKIM signs message content, DMARC ties them together — and none of them work properly if you deploy them in the wrong order.

47Network Engineering Read →
Infrastructure February 24, 2026 9 min

Writing a Makefile that doesn't make you cry.

Phony targets, automatic variables, pattern rules, and a self-documenting help target. The Make conventions that turn a cryptic Makefile into something new team members can use in five minutes.

47Network Engineering Read →
Infrastructure February 24, 2026 11 min

Prometheus alerting that doesn't cry wolf.

The most common Prometheus failure is alert fatigue from false positives. For loops, multi-window burn rate, and SLO-based alerting that fires when something is actually wrong.

47Network Engineering Read →
Infrastructure February 24, 2026 11 min

Proxmox VE for production: from homelab to real infrastructure.

Storage configuration, HA clustering, Proxmox Backup Server, IPMI fencing, and the network mistakes that take down nodes at 3am.

47Network Engineering Read →
Security February 24, 2026 10 min New

Argon2id vs bcrypt vs scrypt: choosing a password hashing algorithm.

Why Argon2id won the Password Hashing Competition, how to benchmark and tune its parameters correctly, and when staying on bcrypt is still acceptable.

47Network Engineering Read →
Security February 24, 2026 12 min New

Building a Tamper-Proof Audit Trail: Append-Only Logs for Compliance.

Cryptographic chaining, write-once storage, external anchoring, and append-only PostgreSQL enforcement — the architecture of audit logs that withstand forensic scrutiny.

47Network Engineering Read →
Infrastructure February 23, 2026 13 min

HashiCorp Vault for application secrets: getting off environment variables.

The specific failure modes of env-var secrets, Vault's dynamic credentials model, AppRole auth, the Agent Injector for Kubernetes, and the six things that break during migration.

47Network Engineering Read →
Infrastructure 2026-02-23 11 min New

Docker Compose vs Kubernetes for self-hosted infrastructure.

When Compose is the right answer and when Kubernetes earns its complexity budget — based on team size, operational capacity, and what failure actually costs you.

47Network Engineering Read →
Infrastructure February 21, 2026 14 min New

Setting up Keycloak SSO for a small team: a practical guide.

Realm setup, OIDC client config, MFA with TOTP, production hardening, and the gotchas nobody warns you about — for teams of 5 to 100. Based on real Studio deployments.

47Network Engineering Read →
Product February 17, 2026 12 min

Designing Sven Agent: why auditability beats capability.

The tamper-proof audit trail, deterministic skill orchestration, OpenClaw protocol, and self-hosting constraints that shape Sven Agent's architecture.

47Network Engineering Read →
Security February 3, 2026 13 min

eBPF and XDP for perimeter security: how 47Sentry works.

Kernel-level network filtering with eBPF and XDP — no firewall appliance required. How Traffic Sentinel, NetMapper, and DNS resilience work under the hood.

47Network Engineering Read →
Security February 10, 2026 7 min

Zero-trust is not just for enterprises: a practical guide for SMEs.

Most zero-trust literature assumes a 500-person security team and a six-figure tooling budget. Here's how we implement production-grade zero-trust for 20-person organisations.

47Network Engineering Read →
Infrastructure January 21, 2026 10 min

Building a multi-tenant SMS platform: architecture of 47Comms.

How 47Comms handles multi-tenant SMS routing, consent management, carrier failover, and PBX bridging — without vendor lock-in or shared infrastructure.

47Network Engineering Read →
Infrastructure January 28, 2026 9 min

Self-hosting Matrix in 2026: what changed, what's easier, what's still hard.

Matrix has matured significantly. Dendrite is production-ready for small deployments. Element X is genuinely good. An honest assessment of the current self-hosting experience.

47Network Engineering Read →
Product January 14, 2026 11 min

How PassVault achieves zero-knowledge: architecture deep-dive.

PassVault stores nothing it could use to read your passwords. The exact cryptographic construction: how keys are derived, how vault items are encrypted, and why our servers are useless to an attacker.

47Network Engineering Read →