Skip to main content

Posts

Backing Up Docker Containers: The Homelab Disaster You Can Avoid

Nobody thinks about Docker backups when everything is working. The dashboard loads. The media server streams. The reverse proxy behaves. The database container has a cute little green “healthy” status. Life is good. Then one day you run an update, delete the wrong volume, lose a disk, break a Compose file, or discover that the “temporary” container from six months ago was actually storing something important. That is when Docker stops feeling magical and starts feeling like archaeology. This post is a practical guide to backing up Docker containers on a Linux home server . Not enterprise disaster recovery. Not Kubernetes. Not a 40-page policy document. Just a realistic backup plan for a homelab running Docker Compose, bind mounts, named volumes and a few services that became more important than expected. The main idea is simple: You do not really back up containers. You back up the things needed to recreate them, plus the data they would destroy your weekend by losing. ...
Post a Comment
Read more
Recent posts

Fail2ban for Beginners: Protect SSH on a Linux Home Server

SSH is usually the front door of a Linux home server. And if that door is reachable from the network, something will eventually knock on it. Sometimes it is you. Sometimes it is a script from the other side of the planet trying admin , root , test , ubuntu , oracle , minecraft , and whatever else is in its boring little dictionary. This is where Fail2ban is useful. Fail2ban watches logs for repeated failed login attempts and temporarily bans the source IP address using firewall rules. It is not magic, and it is not a replacement for proper SSH hardening, but it is a very useful extra layer for a Linux home server. This post is a beginner-friendly guide to Fail2ban for SSH on a Linux home server . The goal is not to build an enterprise security platform. The goal is to reduce brute-force noise, protect SSH, and avoid locking yourself out of your own machine. If you are building a secure Linux box, also see my Linux Home Server Security Checklist and my guide to UFW Firew...
Post a Comment
Read more

Lynis Hardening Checklist: What to Fix First on a Linux Home Server

Running Lynis on a Linux home server is easy. Knowing what to fix first is the useful part. You run one command, wait a little, and suddenly your server has a hardening score, warnings, suggestions, and a long list of things you probably ignored for too long. That is exactly why Lynis is useful. It is also why you should not treat the report like a checklist that must be fixed blindly in one evening. This post is a practical Lynis hardening checklist for Linux home servers . It is written for small homelabs, old desktops, mini PCs, laptops used as servers, cheap VPS boxes and Docker hosts running useful services at home. The goal is not to get a perfect Lynis score. The goal is to understand what matters, fix the high-value issues first, and avoid breaking a working server in the name of “security”. Lynis is an open-source security auditing and hardening tool for Linux, Unix and macOS systems. It scans the machine and gives suggestions to improve security. A good Linu...
Post a Comment
Read more

Docker Security for Homelab Beginners: Stop Exposing Random Containers

Docker is one of the best and worst things that can happen to a homelab. Best, because it makes self-hosting ridiculously easy. Worst, because it also makes it ridiculously easy to expose random containers, run things as privileged, mount dangerous volumes, forget updates, and pretend that “it is inside a container” means “it is safe”. It does not. Containers are useful. Containers are convenient. Containers are not magic security boxes. This post is a practical Docker security guide for homelab beginners . Not enterprise Kubernetes theory. Not compliance paperwork. Just the things I would check on a Linux home server running Docker, especially if that server is always on and slowly collecting services like a digital junk drawer. The goal is simple: Stop exposing random containers and understand what your Docker host is actually doing.
Post a Comment
Read more

UFW Firewall Rules for Home Servers: Simple Rules That Actually Make Sense

UFW is one of those tools that looks almost too simple. You type a few commands, allow SSH, deny incoming traffic, enable the firewall, and suddenly your Linux home server feels more serious. But then the real questions start: Should I allow a port from everywhere or only from my LAN? Should Docker services be exposed? Should outgoing traffic be blocked? How do I avoid locking myself out of SSH? What rules actually make sense for a home server? This post is a practical guide to UFW firewall rules for home servers . Not enterprise firewall theory. Not copy-paste paranoia. Just useful rules for a Linux box running at home, probably doing too many things, and hopefully not exposing random ports to the whole internet. UFW means Uncomplicated Firewall . Ubuntu describes it as the default firewall configuration tool, designed to make host-based firewall management easier. By default, UFW is usually disabled until you enable it. That last part matters. Installing...
Post a Comment
Read more

Linux Home Server Security Checklist: Hardening a Cheap Homelab Without Going Crazy

Cheap home servers are great. You take an old Dell , Lenovo, ThinkCentre, NUC, laptop, Raspberry Pi or whatever was cheap enough not to hurt the wallet, throw Linux on it, add Docker, maybe some file sharing, maybe a media server, maybe a few scripts, and suddenly it becomes “production”. Production in quotes, of course. Because at home, production usually means: if it dies, someone complains; if the disk fills, something stops working; if SSH gets exposed by mistake, the internet starts knocking; if updates are forgotten for six months, the box becomes a tiny museum of old packages. So this is my practical Linux home server security checklist . Not enterprise paranoia. Not “install 47 tools and build a SOC in the kitchen”. Just sensible hardening for a cheap homelab machine that is always on and probably doing more than it should. The goal is simple: make the server boring. Boring is good. Boring means patched, firewalled, backed up, logged, and not silentl...
Post a Comment
Read more

Strong unique passwords

Strategies for creating strong, unique passwords and properly managing them: As more and more of our daily activities and personal information are being conducted and stored online, it's crucial to have strong, unique passwords for all of your online accounts. Not only do strong passwords protect your personal information from potential hackers, but they can also prevent unauthorized access to your accounts and protect your privacy. But with so many different online accounts and passwords to remember, it can be tempting to use the same password for multiple accounts or to create passwords that are easy to remember but not very secure. This is a dangerous practice, as it puts all of your accounts at risk if one password is compromised. Here are some tips for creating strong, unique passwords and properly managing them: Use a mix of letters, numbers, and special characters in your passwords. Avoid using dictionary words or common phrases, as these can be easily guessed or cracked by ...
Post a Comment
Read more