Wireguard VPN Server in Docker
Run a WireGuard VPN server in Docker with the linuxserver image — Compose setup, peer config generation, and road warrior access to your home network.
All the articles with the tag "security".
Run a WireGuard VPN server in Docker with the linuxserver image — Compose setup, peer config generation, and road warrior access to your home network.
Containers are not VMs. Here are the real escape vectors — privileged mode, mounted sockets, kernel CVEs — and the runtime hardening that actually helps.
Cosign keyless signing uses GitHub OIDC + Fulcio + Rekor to sign container images without managing private keys. Here's how it actually works and why you want it.
age replaces GPG for file encryption with a sane CLI, SSH key reuse, and zero key management drama. Here's how they compare and exactly when each one wins.
Containers aren't security boundaries — Sysbox, gVisor, and Kata fix that. Here's which isolation runtime fits your actual threat model.
Trivy, Grype, and Docker Scout go head-to-head on speed, CVE coverage, CI integration, and cost. Pick the right scanner for your home lab or pipeline.
Akismet's licensing terms are increasingly hostile to small sites. Here are 11 spam-protection options — hosted APIs, CAPTCHA widgets, and DIY honeypots — that actually work in 2026.
Authelia is a bouncer. Authentik is the whole security desk. Pick the right self-hosted SSO for your home lab — with working configs, gotchas, and a migration path.
Ran 9 real headless tools against an echo server. Sec-Fetch alone catches almost none of them. Here's what actually leaks, WAF rules that work, and where Anubis fits in.
CrowdSec is fail2ban with community threat intel: scenario collections plus pluggable bouncers for Caddy or Traefik. Block millions of bad IPs from day one.
Distroless containers are tiny, secure, and loved by security teams — until you need to debug one at 2 AM. Here's when Google distroless actually pays off vs when it's just container hipster points.
You've been compromised. Now what? A practical incident response playbook for self-hosters who didn't think they'd need one until right now.