Run your own internal Certificate Authority with step-ca in Docker, issue TLS certificates via ACME, integrate with Traefik for automatic renewal, and distribute the root CA to all your devices — no more self-signed certificate warnings.
The nginx-poolslip zero-day RCE affects NGINX 1.31.0 with ASLR bypass. This guide covers version detection, risk assessment, practical mitigations for homelab setups, and a patch readiness plan.
Run Docker containers directly on MikroTik RouterOS 7 — enable container mode, configure veth bridges, pull images from Docker Hub, and deploy Pi-hole or AdGuard Home without extra hardware.
Complete guide to enabling IPv6 in Docker — from daemon configuration and address pools to Compose networks, Traefik reverse proxy, and IPv6 firewall rules for your homelab.
Complete guide to deploying Nginx with Docker Compose as a reverse proxy and caching layer. Covers multi-service proxying, static file caching, gzip compression, SSL termination, and performance tuning for homelab environments.
A practical guide to maximizing WireGuard throughput on Linux — covering kernel sysctl tuning, BBR congestion control, UDP buffer sizes, MTU/MSS clamping, NAPI polling optimization, and proper benchmarking with iperf3.
Configure DNS over HTTPS and the built-in DNS Adlist feature on MikroTik RouterOS 7 to block ads, trackers, and malware network-wide — no Pi-hole, no extra hardware, no containers needed.
Deploy Headscale with Docker Compose to run your own WireGuard mesh VPN control plane. Complete guide from setup to client registration, ACL configuration, subnet routing, and production hardening.
Complete guide to Proxmox SDN — configure centralized virtual networks with VXLAN overlays, VNets, subnets, and integrated DHCP across your multi-node cluster.
Complete guide to Traefik middleware security hardening with real-world configs — security headers, rate limiting, IP whitelisting, basic auth, redirect schemes, and chaining middlewares for an A+ security rating.