Web servers
Apache HTTPD — supported, tuned, kept current.
For the LAMP estates that are not going anywhere: MPM event tuning, mod_security WAF, mod_rewrite expertise, log shipping and a published CVE patching cadence so you stop hearing about Apache on the news.
What we manage
MPM & performance
MPM event / worker / prefork choice and tuning, KeepAlive policy, async file IO where supported, mod_pagespeed where useful.
TLS & protocol
ACME / certbot-driven cert lifecycle, OCSP stapling, HTTP/2, modern cipher suites, HSTS preload.
Virtual hosts & rewrites
Clean vhost separation, mod_rewrite expertise for legacy redirects, SNI, name-based vhosting at scale.
WAF & security
mod_security CRS tuned to your application, mod_evasive for DoS mitigation, hardened defaults (ServerTokens, ServerSignature off), CVE patching cadence.
Resource efficiency
Process / thread sizing aligned with memory budget, log rotation policy, removing dead modules to shrink memory footprint.
Logs & monitoring
Structured logs to Loki / CloudWatch, mod_status with internal-only access, alerting on 5xx rate, latency percentiles.
Compatible across every cloud we manage
Same playbook on AWS, Google Cloud, Microsoft Azure and DigitalOcean — pick the cloud, we'll run the stack.
How we engage
1. Assess
Two-week audit of your current cloud setup against the provider's Well-Architected / Architecture Framework. Concrete findings, no fluff.
2. Stabilise
We close the top security, reliability and cost gaps before going into steady-state operations.
3. Operate
24/7 monitoring, on-call, change management, monthly reviews and a roadmap for the next quarter.
DIY guides & field notes
Build it yourself — or have us do it for you
Short articles, runbooks and field notes from our engineers. Each one starts here as a snippet and continues on Medium.
May 17, 20261 min read
Migrating Apache to Nginx — the translation patterns and playbook we use
Most Apache-to-Nginx migrations get stuck on .htaccess. Here's the translation table, the gotchas, and the playbook that gets a real site cut over without surprises.
Read snippetMay 15, 20261 min read
Apache TLS hardening in 2026 — ciphers, OCSP stapling, and the cert renewal pipeline
TLS 1.3 is the default, but most Apache installs still have config from the 2018 ciphersuite wars. Here's what actually belongs in your SSL config today.
Read snippetMay 14, 20261 min readMedium
ModSecurity and the OWASP CRS — the WAF rules we actually ship on Apache
Most ModSecurity installs are either off by default or so noisy nobody reads the logs. Here's how we tune it to be useful without drowning in false positives.
Read snippetMay 13, 20261 min readMedium
Apache MPM event in 2026 — sizing the thread pool we actually run
Prefork is a museum piece. Worker is fine. Event is what you want — and most Apache installs we audit have it tuned wrong.
Read snippet
Ready to take the operational load off your team?
Book a 30-minute discovery call. We will audit your current cloud setup and show you exactly where we add value.