i wrote a blog post about how i locked a service down with systemd and a few util-linux tools. As it turns out, it's surprisingly easy to think about, but rather involved to implement fully.
don't rely on centralized data-collecting services for ssl test, use testssl.sh (https://github.com/drwetter/testssl.sh) instead. also supports alls kinds of protocols and ports that are not HTTP!
has anyone set up a #matrix server and has some tips on how to do that?