Authentik vs Authelia: SSO for Your Self-Hosted Stack
Updated:
Authelia is a bouncer. Authentik is the whole security desk. Pick the right self-hosted SSO for your home lab — with working configs, gotchas, and a migration path.
Tag: networking
All the articles with the tag "networking".
ZFS Send/Receive Over WireGuard for Off-Site Replication
Pipe ZFS incremental snapshots through WireGuard to a friend's NAS or a remote VPS. Encrypted in transit and at rest — no rsync.net bill or vendor lock-in.
Headscale: Self-Host Your Own Tailscale Control Plane
Headscale gives you all the magic of Tailscale's zero-config WireGuard mesh — without trusting a SaaS control plane. Deploy it end-to-end with Docker Compose, ACLs, MagicDNS, and exit nodes.
OpenCanary: Honeypots for Your Home Lab
A honeypot sits quietly on your network pretending to be something valuable. When someone touches it, you know you have an intruder. OpenCanary makes this dead simple.
Pi-hole vs AdGuard Home: Block Ads for Your Whole Network
Browser ad blockers miss half the ads. DNS blocking kills them everywhere — TV, phone, game console, everything. Pi-hole vs AdGuard Home: here's which one to run.
nftables: Modern Linux Firewalling
iptables is being phased out. nftables is faster, cleaner, and already the default on modern Linux. Here's how to actually use it without wanting to quit.
Suricata vs Snort: Network Intrusion Detection That Actually Works
Snort invented network intrusion detection. Suricata multi-threaded its way past it. Here's how to set up real IDS/IPS on your home lab and actually understand what it's telling you.
Sysctl Tuning: The Linux Kernel Settings Nobody Told You About
Linux ships with conservative kernel defaults meant for general use. These sysctl settings tune your server for networking, memory, and file I/O — with explanations, not just values to paste.
Cloudflare Tunnels: The Zero-Port-Forward Guide to Exposing Your Services
No port forwarding, no DDNS drama. Cloudflare Tunnels advanced config: multiple services, Access policies, origin TLS, and what Cloudflare can actually see.
Fail2ban vs CrowdSec: Blocking the Bots Actually Smartly
Fail2ban bans IPs that attack you. CrowdSec bans them before they attack you, using community threat intelligence. Here's how to set up both and why you might want both.
Tailscale Deep Dive: Mesh Networking That Actually Works
Tailscale takes WireGuard's speed and wraps it in a control plane that handles key exchange, routing, and ACLs automatically. Here's everything beyond 'tailscale up'.
WireGuard vs OpenVPN 2026: It's Not Even Close
OpenVPN is the battle-tested workhorse. WireGuard is everything VPNs should have been from the start. In 2026, here's which one you should actually use.