Harden Proxmox VE with datacenter firewalls, dynamic IPSets for trusted management networks, cluster-wide security, fail2ban for web UI brute-force protection, and firewall log auditing.
Learn to secure Proxmox API access using API tokens and fine-grained RBAC. Covers token creation, role-based permission separation, Terraform/Ansible integration, and audit logging — all without exposing root credentials.
Run containers without a root daemon. Migrate your homelab from Docker to Podman for true rootless operation, systemd-native container management, and drop-in docker CLI compatibility.
Practical guide to securing your container supply chain in the homelab: generate SBOMs with Syft, sign images with Cosign, scan for vulnerabilities with Grype, and enforce Docker Content Trust.
Automate Let’s Encrypt SSL/TLS certificates in your homelab using acme.sh and Docker. Includes DNS-01 wildcard certs, auto-renewal, and integration with Traefik, Nginx Proxy Manager, and Caddy.
Configure Linux auditd to watch container starts, file changes, and Proxmox host activity. Includes auditctl rules, ausearch queries, and Docker integration for comprehensive homelab security auditing.
Migrate Docker from iptables to the native nftables firewall backend. Configure docker daemon.json for nftables on Debian 13, test port publishing, and troubleshoot common migration issues.
Swap your standard Docker Hub images for Docker Hardened Images (DHI) to cut CVEs by up to 95%. Step-by-step Compose migration for Postgres, Redis, Nginx, and your full homelab stack.
Route specific Docker containers through a WireGuard VPN while keeping the rest of your stack on the local network. Full Gluetun Docker Compose setup with kill switch, qBittorrent integration, and Traefik compatibility.
Harden your Docker images with multi-stage builds, distroless base images, and runtime security options. A practical guide to reducing image size and CVEs in your homelab.