https://blog.bella.network/Recent content on bella.network Blogen-usThomas BellaSun, 01 Mar 2026 15:05:00 +0100https://blog.bella.network/speeding-up-apt-with-goaptcacher/Sun, 01 Mar 2026 15:05:00 +0100https://blog.bella.network/speeding-up-apt-with-goaptcacher/In CI/CD pipelines and on isolated networks, apt performance often tanks because every build fetches the same packages over the WAN - sometimes from flaky mirrors. GoAPTCacher solves this with a pull-through cache: requested artifacts are stored locally and served from disk on subsequent requests. You keep your normal repository layout and package signatures; clients don’t need vendor-specific tooling. 🚀 This post explains what GoAPTCacher does, how the request flow works, when HTTPS interception makes sense (and when it’s a bad idea), and how to roll it out without shooting yourself in the foot. 😅SysadminDevOpsNetworkinghttps://blog.bella.network/securing-web-applications-with-passbeyond/Sun, 30 Nov 2025 12:43:00 +0100https://blog.bella.network/securing-web-applications-with-passbeyond/Self-hosted web applications are everywhere - from homelabs to critical internal tools - but many of them were never designed for modern SSO. With the proliferation of self-hosted applications, managing user authentication can become a complex task. Enter PassBeyond, a lightweight SAML Service Provider designed to act as a reverse proxy, enabling Single Sign-On (SSO) for your web applications without the need for extensive code changes or additional portals. My problem In my home lab and at work I run a lot of web applications: dashboards, admin tools, monitoring, password managers, wiki, storage, you name it. Most of them are “classic” self-hosted apps that were never designed to speak modern SAML or OIDC - if they support authentication at all, it’s usually local users or some basic LDAP integration if you’re lucky.SecuritySysadminDevOpshttps://blog.bella.network/introduction-selfhosted-services/Wed, 01 Oct 2025 08:50:00 +0200https://blog.bella.network/introduction-selfhosted-services/In my homelab, I run a variety of services that I and my family use almost daily. Some of these services are used for private purposes, others are shared with friends and work colleagues, for learning or development purposes. Most of these services run in Docker containers on a Proxmox VE host. A few services run directly on the host operating system or on virtual machines. This page is a follow-up to Homelab Page on my personal website and gives a concise overview of the services I run and why. In the following article I want to give a short overview of the services I run and use. Every service serves a specific purpose and helps me to manage my digital life more effectively. Select the tools and services that best fit your needs and preferences.Sysadminhttps://blog.bella.network/personal-man-in-the-middle/Sun, 21 Sep 2025 10:00:00 +0200https://blog.bella.network/personal-man-in-the-middle/More and more products are “smart” - or trying to be, with always-on mobile app connections to the cloud. Yet many apps expose no API and send your telemetry or health metrics straight to their cloud. Even after politely asking the vendor, you may be offered neither an API nor a data export, often citing “internal business secrets”. That raised two questions for me: What sensitive data is my phone actually sending about me that qualifies as a “business secret”? And how can I automatically capture my own copy of that data in my database, redact sensitive fields in transit (e.g., names, email, precise location) before they ever leave my phone?Sysadminhttps://blog.bella.network/basic-web-mail-and-dns-config/Sat, 13 Sep 2025 07:00:00 +0200https://blog.bella.network/basic-web-mail-and-dns-config/All services on the internet provide a variety of functionalities and features to enhance user experience. Due to ever-growing possibilities and new configuration options, I summarize general concepts and best practices on this page. The goal is to not only secure or extend existing systems, but also to give some hints to some not so well known functions and performance improvements. These configurations are not exhaustive and should be adapted to your specific needs and environment. It also does not only reflect public services, but also include recommended settings for internal domains and services in home and business networks.Sysadminhttps://blog.bella.network/internal-bgp-with-wireguard/Sun, 21 Jul 2024 20:38:50 +0200https://blog.bella.network/internal-bgp-with-wireguard/Public IPv4 addresses are becoming less and less available, IPv6 addresses will still not be widespread or dynamically assigned to end customers in 2024 and many applications still communicate with each other unencrypted today. A wide variety of technologies and methods can be used to securely connect different networks. I would like to present one such approach here: Dynamic site to site networking using WireGuard and BGP Why should I do this? There are many different reasons to use these technologies:Networkhttps://blog.bella.network/systemd-services/Sun, 21 Jul 2024 12:00:00 +0200https://blog.bella.network/systemd-services/Some Linux based systems like Debian and Ubuntu are using systemd as init daemon. That means that initially after loading the kernel, systemd is the first program which is started on the system which in result starts all other components of the system. Such service can be compared with Windows Services, where a service can be defined to run at start, run at specified intervals and use a specific user when executed.Sysadminhttps://blog.bella.network/monitor-borgbackup-with-checkmk/Tue, 03 Jan 2023 16:11:00 +0100https://blog.bella.network/monitor-borgbackup-with-checkmk/Just recently I deleted a folder in Syncthing which I did not want to delete. Since I had set up an hourly incremental backup of Syncthing some time ago, I wanted to use it to restore the deleted data. Unfortunately I had to notice that the automatic backup did not work anymore since more than half a year because the SSH connection to the backup server was blocked by a firewall change.Sysadminhttps://blog.bella.network/lacp-with-ios-and-debian/Mon, 27 Jun 2022 19:20:00 +0200https://blog.bella.network/lacp-with-ios-and-debian/I just bought a new switch for my homelab, a Cisco Catalyst 2960-X Series (WS-C2960X-48TD-L), and wanted to configure IEEE 802.3ad Link Aggregation Policy and LACP to bundle 4 existing ethernet ports of my HP Proliant DL360p G8 to be connected to the switch. I am running Proxmox 7 on my servers, but after upgrading from Proxmox 6 to 7 I encountered problems with LACP causing no link at all.Networkhttps://blog.bella.network/internal-acme-server/Sat, 18 Jun 2022 20:27:00 +0200https://blog.bella.network/internal-acme-server/Let’s Encrypt was instrumental in driving the uptake of the encrypted web. Not only by providing free certificates, but also by providing a simple way to get validated and trusted certificates automatically. In addition, renewal of these certificates can be automated without any human interaction. For these automations, the Automatic Certificate Management Environment - short ACME - protocol was created. Tools and programs like certbot, acme.sh, Caddy and Traefik use it to issue certificates.Sysadminhttps://blog.bella.network/wireguard-tunnel/Wed, 08 Dec 2021 11:00:00 +0100https://blog.bella.network/wireguard-tunnel/I liked to use OpenVPN to allow my servers to communicate securely with each other and to enable communication with my home network. However, I had increasing problems with stability and latency with OpenVPN, what made me looking for an alternative. WireGuard is a relatively new VPN technology, developed with a focus on security, speed and simplicity. In 2020 Linux 5.6 was released, where WireGuard was built directly into the kernel. This allows better performance to be achieved than with other technologies like OpenVPN, IPSec, …. Due to the comparatively small amount of code of WireGuard, audits can be carried out more efficiently.Networkhttps://blog.bella.network/backups-using-borgbackup/Tue, 20 Jul 2021 14:00:00 +0200https://blog.bella.network/backups-using-borgbackup/After installing a server and securing the operating system, I like to set up backup as early as possible. This prevents me from forgetting to create a backup at a later point in time or from losing previous configurations while setting things up. For the sake of simplicity, I will refer to a system that creates backups and transfers them to another system as a “client” in this article. The central system on which the backups are stored is the “server”.Sysadminhttps://blog.bella.network/create-dummy-file/Fri, 07 May 2021 12:00:00 +0200https://blog.bella.network/create-dummy-file/Ever wanted to create dummy files to test if your configured quota works as expected or to have a reason to buy a new disk? Here is your way to go. Windows You can create a dummy file using fsutil where the created file is filled with zeros. If you have compression in place, this file will not consume a big amount of space. To create the file, you can use the following command within cmd or PowerShell:Sysadminhttps://blog.bella.network/hello-world/Sun, 14 Feb 2021 16:00:00 +0100https://blog.bella.network/hello-world/Hello and welcome to my new blog. I’ve been planning to post in a blog again for some time. I will update individual articles from my previous blog and transfer them to this blog, with which I will then shut down the previous blog. By the way, this page is generated with Hugo, whereby I have this page generated with GitLab CI. - Blog post about this topic will follow ;-)Personal