Guide: WordPress on Dockerized Apache on Hetzner Cloud How to set up a modern, fast, and inexpensive web server for WordPress. Design goal: low maintenance coupled with high flexibility. Read more
Vaultwarden Setup Guide With Automatic HTTPS This article explains how to set up Vaultwarden with automatic HTTPS certificates (via Caddy). Read more
Docker Monitoring With Prometheus, Automatic HTTPS & SSO Authentication This article explains how to set up Prometheus, Node Exporter, and cAdvisor with automatic HTTPS certificates (via Caddy) and OAuth single sign-on (via Authelia). Read more
Regex Cheat Sheet: Regular Expressions For Cleaning Up HTML This article presents a collection of regular expressions I frequently use to clean up HTML that was generated from some tools' export routines. Read more
Grafana Setup Guide With Automatic HTTPS & OAuth SSO via Authelia This article explains how to set up Grafana, Loki, and Promtail with automatic HTTPS certificates (via Caddy) and OAuth single sign-on (via Authelia). Read more
Firezone: WireGuard VPN With User Self-Service Portal & SSO This article explains how to set up Firezone with automatic HTTPS certificates (via Caddy) and OpenID Connect single sign-on (via Authelia). Read more
Unbound DNS Server Configuration & Static IPv6 Address on Proxmox This article explains how to set up the Unbound DNS server as the resolver for your home network. It also shows how to generate and assign a static IPv6 address to your Proxmox server. Read more
Portainer Setup Guide With Automatic HTTPS & OAuth SSO via Authelia This article explains how to set up Portainer with automatic HTTPS certificates (via Caddy) and OAuth single sign-on (via Authelia). Read more
Tips for DevOps Pipeline Automation & Bash Scripting DevOps CI/CD pipelines on platforms such as GitHub or Azure DevOps are basically shell scripts that run in the cloud and are triggered by events, e.g., a Git push. This article explains common mistakes with pipeline scripts and how to avoid them. Read more
restic: Encrypted Offsite Backup With Ransomware Protection for Your Homeserver This article explains how to set up restic (with the resticprofile wrapper) for automated scheduled backups of your home server. Read more
Upgrading Ubuntu 20.04 to 22.04 & PHP 7.4 to 8.1 for WordPress This post describes how I upgraded our webserver running WordPress on Apache from Ubuntu 20.04.5 LTS to 22.04.1 LTS and PHP from 7.4 to 8.1. Read more
ownCloud Infinite Scale With OpenID Connect Authentication for Home Networks This article explains how to set up ownCloud Infinity Scale with OpenID Connect authentication to Authelia or authentik. Read more
authentik: Authentication, SSO, User Management & Password Reset for Home Networks This is my second article on how to set up a modern user management and authentication system for services on your internal home network. In the previous article, I used Authelia as IdP; this article presents an alternative configuration based on authentik. Read more
Authelia & lldap: Authentication, SSO, User Management & Password Reset for Home Networks This article explains how to set up a simple but modern user management and authentication system for services on your internal home network. The solution supports important security features like two-factor authentication and single sign-on, and only requires minimal maintenance due to self-service password reset. Read more
Automatic HTTPS Certificates for Services on Internal Home Network This article explains how to set up automatic HTTPS certificates via Let’s Encrypt for services on your internal home network without opening a port on your firewall. It’s part of my series on home automation that shows how to install, configure, and run a home server with (dockerized or virtualized) services such as Home Assistant and OwnCloud. Read more
Installing Proxmox as Docker Host on Intel NUC Home Server This is my first article in what is poised to become a series on installing, configuring, and running a home server with (dockerized or virtualized) services such as Home Assistant and OwnCloud. Read more
DNS Exfiltration & Tunneling: How it Works & DNSteal Demo Setup DNS is a protocol that lends itself to abuse because it's largely unmonitored and unrestricted. This article explains how data exfiltration from a corporate network via DNS works and shows how to set up a working exfiltration demo with DNSteal. Read more
Windows Installer Errors 2503 & 2502: Called RunScript when not marked in progress & Called InstallFinalize when no install in progress This is a quick post on how to troubleshoot situations where you get error 2503 (Called RunScript when not marked in progress) followed by error 2502 (Called InstallFinalize when no […] Read more
Identifying MS Teams Application Instances & Counting App Starts Microsoft Teams is a web application that needs a browser as a runtime environment. In order to keep things simple – at the expense of disk space – the Teams […] Read more
Windows Terminal as Standard User With Dedicated Admin Account Feature-wise, Windows Terminal is a fantastic replacement for the dated console host. It presents entirely new problems, however, in a secure setup with a standard user for day-to-day operations and […] Read more
Windows 11: How To Configure Secure DNS (DoH) for All WiFi Networks This post explains how to configure DNS over HTTPS (DoH) for all WiFi networks in Windows 11 via the Settings app. Unfortunately, this is less intuitive than it should be; […] Read more
Split-Tunnel VPN & WiFi: No Internet via IPv4 Due to Interface Priority I had a weird issue on my laptop: whenever I connected to our company’s VPN, I lost local internet connectivity. As it turned out, this was caused by incorrect network […] Read more
Controlling RGB Keyboard Lighting Without Bloated Vendor Software Vendors in the gaming space often make wonderful keyboards, but their software is not always up to par. Take the Razer Huntsman Elite: its software is a whopping 422 MB […] Read more
Free Services to Send Files End-To-End Encrypted There are a number of services for sending files to someone else that are both free and secure. This post provides an overview. Read more
ShareX: Free Screen Recording Tool & Mouse Pointer Offset Fix This is a quick post to remind me of two things: 1) ShareX is the tool of choice for screen recordings on Windows. 2) On high-DPI (4K) screens there is […] Read more
Changing the Location of Total Commander Configuration Files Depending on how you installed Total Commander, the default settings location may resolve to the installation directory or the user profile. This article explains how to locate the configuration files […] Read more
Finding (Executables in) User-Writeable Directories This article presents two different detection types for insecure filesystem permissions on Windows endpoints: scanning for directories that are user-writable, and detecting processes that are started from user-writeable directories. Read more
Checking Windows Hello Key Storage: TPM or Software? Windows Hello for Business (WHfB) stores a cryptographic key on the device. The preferred storage location is a hardware TPM module. However, if a TPM is not available, the key […] Read more
How to Check the TPM Status & Enable the CPU’s fTPM/PTT The recent Windows 11 announcement has created a lot of confusion due to the requirement for a trusted platform module (TPM). This article explains why your machine almost certainly has […] Read more
Top 10 IT Security Tips for Individual Users This is a list of simple things that will protect you from nearly all the real-world IT security issues affecting individuals and SOHO users. Read more
