Topic
Networking
Everything between your laptop and the box you wish you'd remembered to label. WireGuard, Tailscale, Headscale, Cloudflare Tunnels, split-horizon DNS, IPv6 that isn't just a TODO, and the firewall rules you'll wish past-you had written down. If you've ever solved a problem by reaching for ping and then a packet capture, this is the section.
70 articles in this topic.
Featured posts
-
Authentik vs Authelia: SSO for Your Self-Hosted Stack
Authelia is a bouncer. Authentik is the whole security desk. Pick the right self-hosted SSO for your home lab — with working configs, gotchas, and a migration path.
Updated:16 min read -
ZFS Send/Receive Over WireGuard for Off-Site Replication
Pipe ZFS incremental snapshots through WireGuard to a friend's NAS or a remote VPS. Encrypted in transit and at rest — no rsync.net bill or vendor lock-in.
12 min read -
Headscale: Self-Host Your Own Tailscale Control Plane
Headscale gives you all the magic of Tailscale's zero-config WireGuard mesh — without trusting a SaaS control plane. Deploy it end-to-end with Docker Compose, ACLs, MagicDNS, and exit nodes.
10 min read -
OpenCanary: Honeypots for Your Home Lab
A honeypot sits quietly on your network pretending to be something valuable. When someone touches it, you know you have an intruder. OpenCanary makes this dead simple.
5 min read -
Pi-hole vs AdGuard Home: Block Ads for Your Whole Network
Browser ad blockers miss half the ads. DNS blocking kills them everywhere — TV, phone, game console, everything. Pi-hole vs AdGuard Home: here's which one to run.
13 min read -
nftables: Modern Linux Firewalling
iptables is being phased out. nftables is faster, cleaner, and already the default on modern Linux. Here's how to actually use it without wanting to quit.
6 min read
All Networking articles
- Authentik vs Authelia: SSO for Your Self-Hosted Stack
- ZFS Send/Receive Over WireGuard for Off-Site Replication
- Headscale: Self-Host Your Own Tailscale Control Plane
- OpenCanary: Honeypots for Your Home Lab
- Pi-hole vs AdGuard Home: Block Ads for Your Whole Network
- nftables: Modern Linux Firewalling
- Suricata vs Snort: Network Intrusion Detection That Actually Works
- Sysctl Tuning: The Linux Kernel Settings Nobody Told You About
- Cloudflare Tunnels: The Zero-Port-Forward Guide to Exposing Your Services
- Fail2ban vs CrowdSec: Blocking the Bots Actually Smartly
- Tailscale Deep Dive: Mesh Networking That Actually Works
- WireGuard vs OpenVPN 2026: It's Not Even Close
- Docker Networking Demystified
- Proxmox NAT Bridge: One IP, Many VMs
- TLS 1.3: Modern Encryption Without the Existential Dread
- IPFS: Peer-to-Peer File Storage for People Who've Seen Too Many 404s
- The Zero-Trust Home Lab
- HAProxy: Load Balancing Done Right
- Cloudflare WAF: Free Tier Firewall Rules
- Cloudflare DNS: Beyond Pointing Records
- Traefik: Docker Routing with Labels
- Nginx Proxy Manager for Normal Humans
- VLAN Basics for Home Labs: Segment Your Network Before It Segments You
- Port Knocking: Simple Obscurity for SSH Access
- The Reverse Proxy Timeout That Kills Long Uploads
- Time Is a Lie and Chrony Is Here to Fix It: NTP for Home Labs
- Why Your VPN Isn't Routing What You Think
- The Header Your Reverse Proxy Keeps Dropping
- IPv6 on Your Home Lab: You Should Care (Here's Why)
- DNS Over HTTPS and TLS: Encrypt Your DNS Before Your ISP Sells It
- tcpdump Basics: Capture Traffic Without Wireshark
- Self-Hosted Email Is Probably a Bad Idea
- TCP Keepalives: Why Connections Die and How to Fix It
- Caddy Advanced: Automatic HTTPS, Plugins, and Config That Doesn't Make You Cry
- The MTU Problem Nobody Diagnoses Correctly
- VPN Kill Switch and DNS Leak Prevention: Paranoia, Justified
- BGP in Your Home Lab: Dynamic Routing for People Who've Run Out of Static Routes
- Suricata vs Snort: Intrusion Detection for the Paranoid Home Lab Owner
- DNS Troubleshooting from the Command Line
- Tailscale Deep Dive: Mesh VPN That Just Works (and Why That's Suspicious)
- nmap for Your Own Network: What You Should Be Scanning
- curl Flags Every Developer Should Know
- UFW Advanced: Rate Limiting, Logging, and Rules That Actually Make Sense
- DDoS Mitigation: Teaching Your Server to Say No Politely (Then Impolitely)
- WireGuard Is Fast, But You're Leaving Performance on the Table
- Traefik vs Nginx Proxy Manager: Reverse Proxies for Humans
- Proxy Chains and Anonymization: What Actually Works and What's Just Theater
- Why Your TLS Certificate Isn't Trusted
- The Firewall Rule Order That's Breaking Your Setup
- Is fail2ban Actually Working? Here's How to Check
- SSHFS: Ditch SCP & Access Remote Files
- Why Your SSH Connection Keeps Dropping
- ss Is the New netstat (And It's Better)
- Docker Network Aliases: The Feature Nobody Uses
- lsof: The Tool That Shows You Everything
- Finding the PID of a Process Using a Specific Port in Linux
- The Role of Antivirus and Endpoint Detection and Response Systems
- Certificate Pinning: A Secure Connection Guide
- Docker Networking Essential Guide for All Skill Levels
- Docker Strategies for Load Balancing and Failover
- Docker Networking: Connecting to the Host from a Container
- WordPress, Docker, NGINX, and MySQL via Ansible
- How to securely deploy Cloudflare Tunnels
- Advanced UFW Techniques: Enhancing Firewall Security
- SSH Tunneling: A Secure Conduit for Your Data
- Socat: The Swiss Army Knife of Networking
- Understanding PostgreSQL Connection URIs
- Linux Home Lab Security: Planning for the Unexpected
- Wireguard VPN Server in Docker
- Access Docker socket via TCP