Security

Fail2ban Docker Deployment — SSH and Service Protection for Homelab

Protect your homelab from brute-force attacks with Fail2ban. Deploy on bare-metal for SSH and configure custom jails for Docker containers using Traefik and Nginx logs with email alerting.

June 3, 2026 · 8 min · 1559 words · GnTech

Docker CVE-2026-31431 — Mitigate the Copy Fail Vulnerability

A practical guide to understanding and mitigating CVE-2026-31431 ‘Copy Fail’ in Docker environments. Covers kernel patching, seccomp profile hardening, AppArmor rules, and verification steps for homelab operators.

May 30, 2026 · 8 min · 1539 words · GnTech

HAProxy Docker Load Balancer — Homelab Reverse Proxy Guide

Step-by-step guide to deploying HAProxy with Docker Compose for TCP/HTTP load balancing in your homelab — SSL termination, health checks, stats monitoring, and backend failover with real configuration files.

May 29, 2026 · 7 min · 1321 words · GnTech

nftables Linux Firewall — Practical Homelab Security with nftables

A practical nftables firewall guide for homelab servers — write IPv4 and IPv6 rule sets, handle Docker integration, rate-limit SSH access, log dropped traffic, and persist rules with systemd on Debian 12 / Ubuntu 24.04.

May 27, 2026 · 11 min · 2244 words · GnTech

MikroTik RouterOS 7 — Hardening and Best Practices Guide

Practical RouterOS 7 best practices for homelab and small-business deployments — security hardening, firewall design, VLAN segmentation, FastTrack performance tuning, DoH configuration, and backup automation with real commands.

May 26, 2026 · 16 min · 3243 words · GnTech

Docker Trivy Scanning — Automated Vulnerability Detection for Homelab Containers

A practical guide to running automated vulnerability scanning for Docker containers in your homelab — install Trivy, scan images for CVEs and secrets, set up systemd timers for weekly scans, and integrate with dashboards for actionable security reports.

May 26, 2026 · 7 min · 1419 words · GnTech

WireGuard VPN on Proxmox — LXC Setup Guide for Homelab Remote Access

Deploy a lightweight WireGuard VPN server in a Proxmox LXC container — configure persistent tunnels, NAT routing, client generation, and firewall rules for secure remote access to your entire homelab network.

May 25, 2026 · 12 min · 2419 words · GnTech

Linux systemd Service Hardening — Sandboxing, Capabilities, and Security Auditing

Harden Linux systemd services with built-in sandboxing directives — ProtectHome, ProtectSystem, CapabilityBoundingSet, NoNewPrivileges, PrivateTmp, and systemd-analyze security scoring. Includes real hardened service files for common homelab daemons.

May 24, 2026 · 9 min · 1717 words · GnTech

Caddy Reverse Proxy Docker — Automatic HTTPS and Zero-Downtime Reloads

Set up Caddy as a Docker reverse proxy for your homelab — automatic Let’s Encrypt HTTPS with zero config, reusable Caddyfile snippets, zero-downtime reloads, Cloudflare DNS-01 wildcards, HTTP/3 support, and production security hardening.

May 24, 2026 · 9 min · 1873 words · GnTech

MikroTik RouterOS 7 Firewall — Rules, FastTrack, and Connection Tracking

Configure a production-ready MikroTik RouterOS 7 firewall — understand filter, NAT, mangle, and raw tables, enable FastTrack for wire-speed forwarding, implement connection tracking state rules, and build brute force protection with dynamic address lists.

May 24, 2026 · 9 min · 1771 words · GnTech