Run Cloudflare Tunnel in Docker to expose homelab services through Cloudflare’s edge. No open firewall ports, automatic HTTPS, and per-service ingress rules via a single cloudflared container.
Secure your Docker socket with a proxy that grants granular API permissions to Portainer, Watchtower, Traefik, and Dozzle — without exposing root-level access.
Step-by-step guide to adding DC02 as a secondary Windows Server 2025 domain controller: preparation, AD DS promotion, DNS, Global Catalog, replication checks, SYSVOL validation, and client failover testing.
Step-by-step Windows Server 2025 domain controller deployment: static IP, AD DS installation, DNS configuration, domain promotion, OU/user setup, client join testing, and post-install verification.
Practical Docker Compose patterns for reliable homelab deployments. Healthchecks, conditional dependencies, profiles for optional services, secrets management, extension fields, and restart policies with real compose files.
You set up UFW. You configured default deny incoming, opened only ports 22 and 443. You checked ufw status verbose — everything looks right. Then you spin up a Postgres container publishing port 5432, and suddenly port 5432 is open to the whole internet. Your UFW rules didn’t stop it. This isn’t a bug. Docker modifies iptables directly in ways that bypass user-level firewall tools like UFW. Every docker run -p creates a raw iptables DNAT rule that sits above UFW’s INPUT chain. The result: containers are exposed regardless of your UFW policy. ...