Skip to content

Tag: security

All the articles with the tag "security".

Self-Hosted Email Gateways in 2026

Self-Hosted Email Gateways in 2026

Self-hosted secure email gateways compared: Proxmox Mail Gateway vs Hermes SEG vs DIY Rspamd, plus which classic appliances are now abandonware.

Assume Your App Gets Popped

Assume Your App Gets Popped

How to expose a possibly-vulnerable app to the public internet and survive it: rootless containers, a file-integrity tripwire, and zero inbound SSH on the box.

Kasm Workspaces: Browser Desktops

Kasm Workspaces: Browser Desktops

Kasm Workspaces streams disposable Linux desktops and apps to your browser. Threat model, real homelab uses, and how it compares to Guacamole.

OPA & Gatekeeper: Policy as Code

OPA & Gatekeeper: Policy as Code

Open Policy Agent and Gatekeeper enforce rules across Kubernetes — block privileged pods, require labels, restrict images. Rego basics and real homelab constraints.

cert-manager: ACME at Scale

cert-manager: ACME at Scale

cert-manager makes Let's Encrypt automatic on Kubernetes — once. Then you scale, hit DNS-01 quirks, wildcard limits, and rate-limit walls. Here's the full survival guide.

Zeek for Home Lab Forensics

Zeek for Home Lab Forensics

Zeek (formerly Bro) turns network traffic into structured logs you can actually query. The IDS that doesn't shout — it documents. Setup and use in a home lab.

ModSecurity vs Coraza WAF

ModSecurity vs Coraza WAF

ModSecurity 3 is end-of-life and Coraza is the open-source successor — Go-native, faster, and friendlier. Here's the migration story and what actually changes.

SOPS + age: Secrets in Git

SOPS + age: Secrets in Git

Stop the .env-in-1Password dance. SOPS encrypts secrets per-key, age provides modern crypto, and git stores them safely. Here's how to ship it without footguns.

WebAuthn & Passkeys for Sysadmins

WebAuthn & Passkeys for Sysadmins

Passkeys finally killed passwords for real users. Here's what WebAuthn actually is under the hood, and how to roll passkeys out on your self-hosted services.

ZFS Encryption vs LUKS

ZFS Encryption vs LUKS

Native ZFS dataset encryption vs LUKS under your pool — which layer to encrypt at, performance trade-offs, key management, and raw send/recv.

Boundary vs Teleport

Boundary vs Teleport

Zero-trust access for SSH, k8s, and databases — HashiCorp Boundary vs Teleport compared on identity, session recording, and self-host fit.