Security

The Complete Self-Hosting Security Stack: Fail2Ban + CrowdSec + Authelia Running self-hosted services on the open internet without a security stack is like leaving your front door unlocked in a busy neighborhood. Individual tools help, but real protection comes from layering defenses so each one covers the gaps of the others. This guide builds a complete security stack using three open-source tools: Fail2Ban — reactive log-based banning for brute-force attacks CrowdSec — community-powered threat intelligence and behavioral detection Authelia — authentication portal with single sign-on and multi-factor authentication Together, they give you intrusion prevention, shared threat intelligence, and access control. All running in Docker, all free. ...

The Complete Self-Hosting Security Stack: Fail2Ban + CrowdSec + Authelia Running self-hosted services is great — until someone else discovers them. The moment you expose a port to the internet, bots start probing. Brute-force SSH attempts, credential stuffing on web apps, vulnerability scanners — it never stops. No single tool solves this. You need layers. This guide walks through building a complete security stack using three open-source tools that complement each other perfectly: ...

Linux Server Hardening Checklist for Self-Hosters You spun up a server, installed Docker, and deployed a dozen services. Everything works. But your SSH port is open to the world with password auth, you’re running everything as root, and your firewall is… what firewall? Most self-hosting guides skip security entirely. This one doesn’t. Here’s a practical, ordered checklist to harden your Linux server without breaking the services running on it. Who This Is For Anyone running a self-hosted server — whether it’s a Raspberry Pi on your desk, a mini PC in the closet, or a VPS at Hetzner. You don’t need to be a sysadmin. You just need a terminal and 30 minutes. ...

Running Authentik vs Authelia: SSO Comparison for Self-Hosters (2026) You’re tired of logging into every self-hosted service separately. You want single sign-on. You’ve narrowed it down to two options: Authentik and Authelia. Both are open-source, both work with Docker, both solve the “too many logins” problem — but they take fundamentally different approaches. Authentik is a full identity provider. Authelia is a lightweight authentication portal. Choosing between them depends on what you actually need. ...

Docker makes self-hosting easy. It also makes it easy to accidentally give an attacker root access to your entire server. Most self-hosting guides skip security entirely — here’s what they don’t tell you. 1. Never Run Containers as Root (When Possible) By default, processes inside Docker containers run as root. If an attacker escapes the container, they’re root on the host. Fix: Use the user directive: services: myapp: image: myapp:latest user: "1000:1000" Or in the Dockerfile: ...

One of the most common security mistakes in self-hosting is accidentally exposing services to the internet. That Redis instance you spun up for testing? It might be listening on 0.0.0.0 with no password. Your database? Possibly reachable by anyone. Let’s fix that. Why Exposed Ports Matter Every open port is a potential entry point. Some services — like databases and cache servers — were never designed to be exposed publicly. They often have no authentication by default. ...

If you’re running multiple self-hosted services, you’ve probably noticed the login fatigue. Nextcloud has its own login. Portainer has another. Grafana, Gitea, Jellyfin — each with separate credentials. It’s a mess. Authelia solves this by acting as a single sign-on (SSO) gateway with built-in two-factor authentication (2FA). Put it in front of your reverse proxy and every service gets enterprise-grade authentication without touching the service itself. What is Authelia? Authelia is an open-source authentication and authorization server. It works as a companion to your reverse proxy (Nginx Proxy Manager, Traefik, Caddy) and provides: ...

Automating Backups for Your Home Server: Complete Guide You’ve spent hours setting up your perfect home server with Docker containers, configuration files, and precious data. But what happens when a drive fails, ransomware strikes, or you accidentally delete something critical? Without automated backups, you’re one mistake away from losing everything. This guide will show you how to implement rock-solid automated backups for your home server using proven tools and the industry-standard 3-2-1 backup rule. ...