LogoBotmonster Tech
AI Smart Home Self-Hosting Coding Web Dev Hardware Bootpag Image2SVG Tags

Networking

  • ◀︎
  • 1
  • 2
  • 3
  • 4
  • 5
  • ▶︎
Debian Router with nftables: CAKE SQM Reaches 15ms Latency

Debian Router with nftables: CAKE SQM Reaches 15ms Latency

Yes, a plain Debian 12 or Fedora Server install on cheap x86 hardware, or a Raspberry Pi 5, makes a better router than most consumer gear. It often beats boxes that cost twice as much. You need two network interfaces, a few config files, and about two hours. The result is a gateway with a real stateful firewall via nftables , proper DNS and DHCP from dnsmasq , and traffic shaping that works through CAKE SQM. Every config is plain text you can track in Git.

WireGuard Site-to-Site VPN: 400-500 Mbps on Raspberry Pi

WireGuard Site-to-Site VPN: 400-500 Mbps on Raspberry Pi

To connect two remote LANs over WireGuard , you configure a WireGuard peer on one gateway device at each site, set AllowedIPs to include the remote site’s subnet, enable IP forwarding on both gateways, and add routing so LAN clients send cross-site traffic through the tunnel. Once configured, every device on either LAN can reach devices on the other LAN transparently - no VPN client installation on individual machines. A single UDP port open on at least one side is all you need.

Tailscale Mesh VPN with WireGuard: 100 Devices, Zero Config

Tailscale Mesh VPN with WireGuard: 100 Devices, Zero Config

Tailscale builds a private WireGuard -based mesh VPN across all your devices with almost no setup. You install the client on each machine and sign in with your identity provider. Every device then gets a stable 100.x.y.z IP that works no matter the NAT, firewalls, or network changes. Tailscale v1.96 adds ACL tags for per-device policy, exit nodes, subnet routers, and MagicDNS for hostname lookups. For homelabbers, it is the easiest way to link a server, cloud VPS, phone, and laptop into one network.

Why Is My USB-C Charger So Slow? Understanding USB Power Delivery

Why Is My USB-C Charger So Slow? Understanding USB Power Delivery

USB Power Delivery (USB-PD) is supposed to be the universal charging standard that ends cable chaos. In practice, plugging in the wrong cable or charger gives you a device that charges at 5W instead of 100W - or refuses to charge at all. The root cause is almost always one of three things: a cable rated below what the device needs, a charger that advertises high wattage but only supports a narrow set of voltage profiles, or confusion between USB-PD and the half-dozen proprietary fast-charging protocols that coexist with it.

Production Docker with Traefik v3.6: Auto TLS, 30K RPS

Production Docker with Traefik v3.6: Auto TLS, 30K RPS

Run Traefik v3 as a Docker container to build a production-ready stack. It discovers services through Docker labels and handles Let’s Encrypt TLS certificates automatically. You won’t need separate Nginx configs because everything lives in one docker-compose.yml file. This setup gives you a self-managing reverse proxy for multi-service deployments.

Key Takeaways

  • Traefik automates service discovery using Docker labels to build routes instantly.
  • Native Let’s Encrypt support handles SSL certificates without manual Certbot configuration.
  • A built-in web dashboard provides real-time visibility into your routing health.
  • Middlewares enable easy setup of security headers, rate limiting, and compression.
  • The single-binary architecture handles over 30,000 requests per second on modest hardware.

The current stable release as of early 2026 is Traefik v3.6.x, with v3.7 in early access. All examples in this guide target the v3.x line.

Wildcard SSL Certificates with Let's Encrypt and DNS-01

Wildcard SSL Certificates with Let's Encrypt and DNS-01

A wildcard SSL cert for *.example.com from Let’s Encrypt covers every one-level subdomain. You get one through the DNS-01 challenge, or, since February 2026, through the new DNS-PERSIST-01 challenge that skips per-renewal DNS edits. One wildcard cert replaces the per-service certs you’d otherwise juggle behind your reverse proxy.

Key Takeaways

  • One wildcard cert covers every one-level subdomain under a domain, replacing dozens of per-service certs.
  • Only DNS-based challenges (DNS-01 and DNS-PERSIST-01) issue wildcards; HTTP-01 and TLS-ALPN-01 won’t work.
  • The newer DNS-PERSIST-01 challenge lets you authorize once and skip DNS edits on every renewal.
  • Certbot and acme.sh both automate the DNS challenge through provider-specific plugins or tags.
  • Systemd timers handle the 90-day renewal window cleanly, with deploy hooks to reload your reverse proxy.

Why Wildcard Certificates and When You Need Them

If you run three subdomains, single certs work fine. Each one gets its own HTTP-01 challenge, Certbot handles renewal, and life is simple. Once you pass 10 or 15 subdomains, the chore list grows. Every new service needs its own cert request, its own renewal entry, and its own way to break. A wildcard cert folds all of that into one.

  • ◀︎
  • 1
  • 2
  • 3
  • 4
  • 5
  • ▶︎

Most Popular

Gemma 4 vs Qwen 3.5 vs Llama 4: Which Open Model Should You Actually Use? (2026)

Gemma 4 vs Qwen 3.5 vs Llama 4: Which Open Model Should You Actually Use? (2026)

Gemma 4, Qwen 3.5, and Llama 4 compared on benchmarks, licensing, speed, and hardware so you can pick the right open model fast.

5 Open Source Repos That Make Claude Code Unstoppable

5 Open Source Repos That Make Claude Code Unstoppable

Five March 2026 repos extend Claude Code with autonomous ML, self-healing skills, GUI automation, multi-agent coordination, and Google Workspace access.

Cross-section of a translucent crystal brain threaded by red, gold, and teal attention ribbons resting on a doubly-stochastic matrix pedestal beside a guitar-tuning lab figure.

DeepSeek V4 Tech Report: 3 Tricks That Cut Compute 73%

DeepSeek V4 ships 1.6T parameters and 1M context using only 27% of V3.2's inference FLOPs. Inside the hybrid attention, mHC residuals, and Muon optimizer.

Cracked stone tablet engraved with a bulleted system prompt, four crossed-out goblin silhouettes repeated, a tiny goblin escaping with upvote-arrow sparks, a giant dollar-sign price tag, and figures refusing to step onto a glossier pedestal.

GPT 5.5 Reddit Reception: Goblins and the Cost Backlash

GPT-5.5 Reddit reception: viral goblin prompt leak, doubled pricing backlash, and 5.4 holdouts citing hallucination regressions in factual recall workflows.

What X and Reddit Users Are Saying about Claude Opus 4.7

What X and Reddit Users Are Saying about Claude Opus 4.7

How power users on X and Reddit reacted to Claude Opus 4.7: praise for agentic coding, token burn concerns, and teams' practical prompting habits.

Qwen3.6-35B-A3B: Alibaba's Open-Weight Coding MoE

Qwen3.6-35B-A3B: Alibaba's Open-Weight Coding MoE

Alibaba's sparse Mixture-of-Experts: 35B total parameters, 3B active per token. Q4 quantization runs on MacBook Pro M5, matches Claude Sonnet performance.

Alacritty vs. Kitty: Best High-Performance Linux Terminal

Alacritty vs. Kitty: Best High-Performance Linux Terminal

Alacritty vs Kitty in 2026: emoji and Unicode rendering, real benchmarks, latency, memory, maintainer reputation, and the right terminal for your workflow.

Like what you read?

Get new posts on Linux, AI, and self-hosting delivered to your inbox weekly.

Privacy Policy  ·  Terms of Service
2026 Botmonster