Skip to main content

Posts

Linux Home Server Security Guide: Secure Your Homelab Without Enterprise Nonsense

If you run anything at home that is always on — a Linux box, an old workstation, a mini PC, a laptop quietly serving files — you are running a server. And a server that is reachable, unpatched and forgotten is a problem waiting to happen. This is the hub page for everything on this blog about building and securing a Linux home server . Instead of one giant 10,000-word wall of text, it is organised as a path: start at the top, follow the links into the detailed guides, and come back here when you want the next step. Whether you are hardening a cheap homelab box or turning a retired enterprise machine into a homelab monster, this is the map. New here? You may also want the short Start Here page and a little context about this blog . 1. Pick the hardware (cheap or ridiculous, both work) A home server does not need to be expensive. It can be an old desktop, a thin client, or a retired workstation found for the price of a coffee. For the budget route, see how an old desktop beco...
Post a Comment
Read more
Recent posts

HP Z840 Workstation as a Homelab Monster: 96GB RAM, Xeon E5 v4, NVMe and Quiet Upgrades

Sometimes the best home server is not a tiny low-power box. Sometimes it is a massive workstation that used to live in a professional environment, has more expansion than most modern desktops, and can now be found for reasonable money on the used market. That is how I ended up using an HP Z840 Workstation as my new main workstation and homelab machine. This is not a small server. It is not a Raspberry Pi. It is not a silent mini PC. It is a proper dual-socket workstation platform with ECC DDR4 memory, lots of PCIe expansion, multiple storage options, serious cooling, and enough capacity to run programming workloads, Linux experiments, VirtualBox VMs and home lab services without feeling cramped. My unit originally came with an Intel Xeon E5-2650 v3 . I replaced it with an Intel Xeon E5-2640 v4 that cost me around 3€ including shipping . That is the kind of ridiculous used enterprise hardware upgrade that makes homelab life interesting. The result is a big, expandable, quiet...
Post a Comment
Read more

Backing Up Docker Containers: The Homelab Disaster You Can Avoid

Nobody thinks about Docker backups when everything is working. The dashboard loads. The media server streams. The reverse proxy behaves. The database container has a cute little green “healthy” status. Life is good. Then one day you run an update, delete the wrong volume, lose a disk, break a Compose file, or discover that the “temporary” container from six months ago was actually storing something important. That is when Docker stops feeling magical and starts feeling like archaeology. This post is a practical guide to backing up Docker containers on a Linux home server . Not enterprise disaster recovery. Not Kubernetes. Not a 40-page policy document. Just a realistic backup plan for a homelab running Docker Compose, bind mounts, named volumes and a few services that became more important than expected. The main idea is simple: You do not really back up containers. You back up the things needed to recreate them, plus the data they would destroy your weekend by losing. ...
Post a Comment
Read more

Fail2ban for Beginners: Protect SSH on a Linux Home Server

SSH is usually the front door of a Linux home server. And if that door is reachable from the network, something will eventually knock on it. Sometimes it is you. Sometimes it is a script from the other side of the planet trying admin , root , test , ubuntu , oracle , minecraft , and whatever else is in its boring little dictionary. This is where Fail2ban is useful. Fail2ban watches logs for repeated failed login attempts and temporarily bans the source IP address using firewall rules. It is not magic, and it is not a replacement for proper SSH hardening, but it is a very useful extra layer for a Linux home server. This post is a beginner-friendly guide to Fail2ban for SSH on a Linux home server . The goal is not to build an enterprise security platform. The goal is to reduce brute-force noise, protect SSH, and avoid locking yourself out of your own machine. If you are building a secure Linux box, also see my Linux Home Server Security Checklist and my guide to UFW Firew...
Post a Comment
Read more

Lynis Hardening Checklist: What to Fix First on a Linux Home Server

Running Lynis on a Linux home server is easy. Knowing what to fix first is the useful part. You run one command, wait a little, and suddenly your server has a hardening score, warnings, suggestions, and a long list of things you probably ignored for too long. That is exactly why Lynis is useful. It is also why you should not treat the report like a checklist that must be fixed blindly in one evening. This post is a practical Lynis hardening checklist for Linux home servers . It is written for small homelabs, old desktops, mini PCs, laptops used as servers, cheap VPS boxes and Docker hosts running useful services at home. The goal is not to get a perfect Lynis score. The goal is to understand what matters, fix the high-value issues first, and avoid breaking a working server in the name of “security”. Lynis is an open-source security auditing and hardening tool for Linux, Unix and macOS systems. It scans the machine and gives suggestions to improve security. A good Linu...
Post a Comment
Read more

Docker Security for Homelab Beginners: Stop Exposing Random Containers

Docker is one of the best and worst things that can happen to a homelab. Best, because it makes self-hosting ridiculously easy. Worst, because it also makes it ridiculously easy to expose random containers, run things as privileged, mount dangerous volumes, forget updates, and pretend that “it is inside a container” means “it is safe”. It does not. Containers are useful. Containers are convenient. Containers are not magic security boxes. This post is a practical Docker security guide for homelab beginners . Not enterprise Kubernetes theory. Not compliance paperwork. Just the things I would check on a Linux home server running Docker, especially if that server is always on and slowly collecting services like a digital junk drawer. The goal is simple: Stop exposing random containers and understand what your Docker host is actually doing.
Post a Comment
Read more

UFW Firewall Rules for Home Servers: Simple Rules That Actually Make Sense

UFW is one of those tools that looks almost too simple. You type a few commands, allow SSH, deny incoming traffic, enable the firewall, and suddenly your Linux home server feels more serious. But then the real questions start: Should I allow a port from everywhere or only from my LAN? Should Docker services be exposed? Should outgoing traffic be blocked? How do I avoid locking myself out of SSH? What rules actually make sense for a home server? This post is a practical guide to UFW firewall rules for home servers . Not enterprise firewall theory. Not copy-paste paranoia. Just useful rules for a Linux box running at home, probably doing too many things, and hopefully not exposing random ports to the whole internet. UFW means Uncomplicated Firewall . Ubuntu describes it as the default firewall configuration tool, designed to make host-based firewall management easier. By default, UFW is usually disabled until you enable it. That last part matters. Installing...
Post a Comment
Read more