Hoist: Label-Driven Docker Updates
Per-container control over Docker image updates with labels. Auto-update or notify via Discord, Slack, ntfy—no sidecar needed.
Tag: docker
All the articles with the tag "docker".
Distroless Images: When Minimal Goes Too Far
Distroless containers are tiny, secure, and loved by security teams — until you need to debug one at 2 AM. Here's when Google distroless actually pays off vs when it's just container hipster points.
OpenCanary: Honeypots for Your Home Lab
A honeypot sits quietly on your network pretending to be something valuable. When someone touches it, you know you have an intruder. OpenCanary makes this dead simple.
Colima vs OrbStack vs Docker Desktop on Mac
Docker Desktop got expensive and RAM-hungry. Colima is the lean alternative. OrbStack is the one everyone's actually using now. Here's the honest breakdown for Mac developers.
Container Security: Scan and Sign Your Images Like You Mean It
Pulling unscanned images onto your server is a gamble. Trivy finds the CVEs. Cosign proves the image hasn't been swapped out. Here's how to add both to your workflow.
Falco: Catch Container Attacks at Runtime
Falco watches every syscall your containers make and screams when something sketchy happens. Like someone exec'ing a shell inside your nginx container at 3am.
Loki vs ELK: Centralized Logging Without the RAM Tax
ELK does everything and wants all your memory. Loki does logging the Prometheus way — label indexes, not content — and runs on a fraction of the resources. Here's the honest comparison.
Cloudflare Tunnels: The Zero-Port-Forward Guide to Exposing Your Services
No port forwarding, no DDNS drama. Cloudflare Tunnels advanced config: multiple services, Access policies, origin TLS, and what Cloudflare can actually see.
Trivy + Cosign: Scan and Sign Your Images
You're pulling container images from strangers on the internet. Trivy scans them for CVEs. Cosign proves they haven't been tampered with. Use both.
Prometheus + Grafana: Monitoring That Doesn't Lie to You
Prometheus scrapes metrics. Grafana makes them pretty. Alertmanager wakes you up at 2 AM. Here's how to wire all three together into a monitoring stack that actually works.
Docker BuildKit: Stop Building Images the Slow Way
Cache mounts, secret mounts, parallel stages — BuildKit turns your Dockerfile from a slow linear disaster into something that actually respects your time.
Wazuh: Open Source SIEM for Your Home Lab
Wazuh gives you SIEM, HIDS, FIM, and threat detection in one stack. Here's how to deploy it in your home lab with Docker and actually use it.