Showing posts with label hardening. Show all posts
Showing posts with label hardening. Show all posts

Monday, 18 May 2026

Docker Security for Homelab Beginners: Stop Exposing Random Containers

Docker is one of the best and worst things that can happen to a homelab.

Best, because it makes self-hosting ridiculously easy.

Worst, because it also makes it ridiculously easy to expose random containers, run things as privileged, mount dangerous volumes, forget updates, and pretend that “it is inside a container” means “it is safe”.

It does not.

Containers are useful. Containers are convenient. Containers are not magic security boxes.

This post is a practical Docker security guide for homelab beginners. Not enterprise Kubernetes theory. Not compliance paperwork. Just the things I would check on a Linux home server running Docker, especially if that server is always on and slowly collecting services like a digital junk drawer.

The goal is simple:

Stop exposing random containers and understand what your Docker host is actually doing.
Read more »
Posted by at No comments:
Labels: , , , , , , ,

UFW Firewall Rules for Home Servers: Simple Rules That Actually Make Sense

UFW is one of those tools that looks almost too simple.

You type a few commands, allow SSH, deny incoming traffic, enable the firewall, and suddenly your Linux home server feels more serious.

But then the real questions start:

  • Should I allow a port from everywhere or only from my LAN?
  • Should Docker services be exposed?
  • Should outgoing traffic be blocked?
  • How do I avoid locking myself out of SSH?
  • What rules actually make sense for a home server?

This post is a practical guide to UFW firewall rules for home servers. Not enterprise firewall theory. Not copy-paste paranoia. Just useful rules for a Linux box running at home, probably doing too many things, and hopefully not exposing random ports to the whole internet.

UFW means Uncomplicated Firewall. Ubuntu describes it as the default firewall configuration tool, designed to make host-based firewall management easier. By default, UFW is usually disabled until you enable it.

That last part matters.

Installing Linux does not automatically mean your host firewall is active.


Read more »
Posted by at No comments:
Labels: , , , , , , , ,

Linux Home Server Security Checklist: Hardening a Cheap Homelab Without Going Crazy

Cheap home servers are great.

You take an old Dell, Lenovo, ThinkCentre, NUC, laptop, Raspberry Pi or whatever was cheap enough not to hurt the wallet, throw Linux on it, add Docker, maybe some file sharing, maybe a media server, maybe a few scripts, and suddenly it becomes “production”.

Production in quotes, of course.

Because at home, production usually means:

  • if it dies, someone complains;
  • if the disk fills, something stops working;
  • if SSH gets exposed by mistake, the internet starts knocking;
  • if updates are forgotten for six months, the box becomes a tiny museum of old packages.

So this is my practical Linux home server security checklist. Not enterprise paranoia. Not “install 47 tools and build a SOC in the kitchen”. Just sensible hardening for a cheap homelab machine that is always on and probably doing more than it should.

The goal is simple: make the server boring.

Boring is good. Boring means patched, firewalled, backed up, logged, and not silently accepting nonsense from the network.

Read more »
Posted by at No comments:
Labels: , , , , , , ,
Subscribe to: Posts (Atom)