06/03/2026

Hardened Roundcube Docker: The Webmail Container That Trusts Nobody

Our hardened Roundcube Docker image runs as nobody, can chown nothing, and treats every request as hostile. Here is the full unprivileged + WAF security model — and why default webmail containers are a liability.

Read more →
06/02/2026

ViMbAdmin: The Postfix + Dovecot Mailbox Admin Panel (Modernised for PHP 8.5)

Your mailbox table deserves better than raw SQL at 02:00. ViMbAdmin — modernised for PHP 8.5 — manages Postfix + Dovecot virtual domains, mailboxes and aliases via web UI or JSON-RPC API, with TOTP, brute-force protection and a hardened Docker image.

Read more →
05/24/2026

Docker Hardening for Self-Hosters: Rootless, Read-Only, Cap-Drop, Distroless (2026 Guide)

Default Docker is barely a container at all — root, mutable, all caps, shared kernel. This is the ten-flag hardening checklist that turns it into something a real attacker has to work to break: rootless, read-only, cap-drop, no-new-privileges, distroless, secrets, segmentation, scanning. With a worked NGINX + PHP-FPM compose example.

Read more →
05/20/2026

Self-Hosted Vaultwarden: Docker Setup, Clients & Full Guide

Run your own password manager with self-hosted Vaultwarden — a tiny Docker image, full Bitwarden client compatibility, and total control over your encrypted vault.

Read more →