No worries, hope it helps, let me know if you have questions =)
CoreLabJoe
- 1 Post
- 12 Comments
- CoreLabJoe@piefed.catoSelfhosted@lemmy.world•How much do you secure a home server that's only accessible with VPN?English1·1 day ago
- CoreLabJoe@piefed.caOPtoSelfhosted@lemmy.world•How to Setup Authelia in Docker with SWAG Reverse Proxy (2026)English2·1 day ago
Well hello there!
Yes, the one and only Core Lab Joe, in the digital flesh (packets, tcp-stream!). Thanks for reading and I’m glad it helped you!
I’m picky when writing tech guides and generally will only write (and recommend!) what I run, and what I have experience with, so that would not be traefik.
My entire system/setup is all dockerized as well. I run 50+ dockers, and anything publicly exposed goes through my SWAG instance. It doesn’t matter what reverse proxy you use, or even if the apps are containers or not really, it’s all networking.
That said I’ve got a good Traefik resource for you, FoxxMD Blog and his migrating from SWAG to Traefik post!
One of the things I need to tackle fully myself, understand, break, troubleshoot and then fix is OIDC for myself, so I can write a good guide on it. A lot of apps do natively do it now, but from what I understand for those that do not, you can use Authelia and the like to slap that authentication into (over top) of it.
- CoreLabJoe@piefed.caOPtoSelfhosted@lemmy.world•How to Setup Authelia in Docker with SWAG Reverse Proxy (2026)English2·2 days ago
Never heard of Rayfish but just googled, it’s a mesh VPN so probably wouldn’t want to push that through a reverse proxy to authelia, it would just slow it down…
I personally use wireguard as my VPN, not tailscale or headscale or any of that but I do understand some people need something that can get around CGNAT or other issues.
- CoreLabJoe@piefed.caOPtoSelfhosted@lemmy.world•How to Setup Authelia in Docker with SWAG Reverse Proxy (2026)English2·3 days ago
No I had no issues flipping it over to keydb. I was on redis originally so I stopped the containers, took a backup and simply changed the image I was using for my backend to keydb end it was like a drop in replacement! Didn’t even need to do a dB upgrade or anything complex.
- CoreLabJoe@piefed.catoSelfhosted@lemmy.world•Help configuring OPNsense VLANs? Tutorials I find seem to quickly become outdated.English1·3 days ago
What you could try is an inverse sense of match rule, which by default, allows access to the internet but not to other VLANs. This is what I do and is the standard I think that should be the default!
If you read the LAN rules at the link there, it basically has you setup RFC1918 IP space as an alias, and then setup an inverse option the logic is:
Anything that is NOT Private IP space - ALLOW!
So outbound from that vlan/network/subnet to internet --> Allowed!
Then you make separate rules to actually allow whichever VLAN access to the other, that you want.

- CoreLabJoe@piefed.caOPtoSelfhosted@lemmy.world•How to Setup Authelia in Docker with SWAG Reverse Proxy (2026)English3·3 days ago
Thank you for taking a peek!
Let me know if there’s something you’re looking for. The search function isn’t to bad but sometimes the posts can get buried a bit ;)
Oh hello there fellow Canadian blogger! I’m just down the road from you in between Toronto and Montreal (right in the middle actually!)…
I run a tech blog as well, but different focus than yours mostly on c omplete self-hosting, infrastructure and cybersecurity, and media servers.
**We should make some backlinks at some point! **
PS> This site is built off Ghost CMS.
- CoreLabJoe@piefed.catoSelfhosted@lemmy.world•Help configuring OPNsense VLANs? Tutorials I find seem to quickly become outdated.English3·3 days ago
This may help as well, and bridges the gap for some with all the changes from v25.x to v26.x.
Core Lab OPNsense upgrade guide
Your rule looks correct at first glance, but I’ll take a peek further. You do need a DHCP pool setup PER VLAN though, so there’s that as well.
- CoreLabJoe@piefed.catoSelfhosted@lemmy.world•Is they're an easy way to make my Jellyfin accessible outside of my home network for free?English1·3 days ago
I use SWAG reverse proxy for this, with Cloudflare for DNS.
- CoreLabJoe@piefed.catoSelfhosted@lemmy.world•How much do you secure a home server that's only accessible with VPN?English5·3 days ago
Anything that I publicly expose, I have protected with multiple layers up and down my entire stack…
- CoreLabJoe@piefed.catoSelfhosted@lemmy.world•Help configuring OPNsense VLANs? Tutorials I find seem to quickly become outdated.English4·3 days ago
I’m late to the party, but feel my guides can help. I am biased towards them because I wrote them! ;)
It’s up to date for v26.x with OPN, that said these guides (3 part series) do need a bit of an overhaul but it does cover VLANs, LAGG/Trunks, DNSmasque and DHCP for each VLAN, with pictures etc…
It can be done, just carefully. You can definitely accidentally block yourself out if you set a firewall rule up incorrectly, or in higher precedence of order for example. OPNsense (like almost every firewall known) processes rules in a “top down” order. So you put your blocks at the bottom!!!
Reverse proxy won’t lock you out, essentially that’s just slapping HTTPS on a webserver/service like Jellyfin, so you can access it without requiring a VPN.
Here’s a reverse proxy explainer, pt 2 is the actual setup!