Guides on Marco Lazzarotto

Kubernetes, Longhorn, and Non-Root Images: A Permissions Fix Chronicle

postmaster@mlazzarotto.it (Marco Lazzarotto) — Sun, 08 Feb 2026 00:00:00 +0000

Intro

For my new venture as a freelance DevOps Engineer, I decided to build a website using Flask as the backend and a template (named “Simone - Personal Portfolio Template”), purchased from ThemeForest, as the frontend.
Nothing too complicated; HTML, CSS, and Javascript do 90% of the work, and the remaining 10% consists of the Flask backend, which handles internal functionalities like the contact form with Captcha, page routing, the endpoint for Kubernetes livenessProbe, and all the search engine optimization bits (robots.txt and sitemap).

Boosting Navidrome Security: SSO Auth with Traefik and Authentik

postmaster@mlazzarotto.it (Marco Lazzarotto) — Sun, 11 May 2025 00:00:00 +0000

Introduction

Music streaming services like Navidrome provide a fantastic way to access your personal music collection from anywhere. However, exposing such services to the internet comes with security concerns.

This guide demonstrates how to secure your Navidrome instance using Authentik’s Single Sign-On (SSO) capabilities behind a Traefik reverse proxy.

By implementing this setup, you’ll add an additional security layer to your music server while maintaining convenient access for legitimate users.

Exposing Seafile 12 Behind Traefik: The Complete Configuration Guide

postmaster@mlazzarotto.it (Marco Lazzarotto) — Thu, 01 May 2025 00:00:00 +0000

Introduction

Seafile is a powerful, open-source file syncing and sharing platform that provides an alternative to commercial cloud storage services. When deploying Seafile in a production environment, you’ll typically want to place it behind a reverse proxy like Traefik to handle SSL termination, routing, and additional security features.

In this guide, I’ll walk you through the exact Traefik configuration needed to properly expose Seafile 12 to the internet. This setup handles all three essential components of Seafile: the web interface, the file transfer service (seafhttp), and WebDAV access (seafdav).

Boosting Seafile Security: Hiding Login Fields When Using SSO

postmaster@mlazzarotto.it (Marco Lazzarotto) — Sat, 26 Apr 2025 00:00:00 +0000

When it comes to securing your Seafile instance, the small details make a world of difference. Today, I’m sharing a simple yet powerful security enhancement that takes just minutes to implement but provides significant protection for your data fortress.

If you’ve set up Single Sign-On (SSO) with services like Authentik or Authelia for your Seafile instance, congratulations! You’ve taken a major step toward improving your security posture. However, there’s a sneaky vulnerability that often goes unaddressed.

Installation of Zabbix-agent in Home Assistant OS

postmaster@mlazzarotto.it (Marco Lazzarotto) — Fri, 13 Dec 2024 00:00:00 +0000

Introduction

Home Assistant OS is a highly specialized Linux distribution optimized for running the Home Assistant home automation platform.

One of its main features, which can be both an advantage in terms of security and a disadvantage in terms of flexibility, is the inability to access the OS console directly.

This limitation makes the installation of additional software such as the Zabbix agent, an essential tool for system monitoring, particularly complex.

Nextcloud Hub Demo – How to try it

postmaster@mlazzarotto.it (Marco Lazzarotto) — Thu, 28 Jul 2022 00:00:00 +0000

Have you always wanted to test Nextcloud but didn’t feel like installing it because it was too complicated? Or do you just want to take a look to see what’s new in version 24 (Hub II)? Or do you want to show it to a friend?

In this article I will explain how you can get your hands on and test a fully functioning instance of Nextcloud Hub, thus being able to try out all the features offered by this powerful tool.

CentOS 8 - How to bind logstash on port 514

postmaster@mlazzarotto.it (Marco Lazzarotto) — Sun, 28 Nov 2021 00:00:00 +0200

The situation: you need to send logs from an old piece of equipment to logstash running on a CentOS 8, for storing your logs on ElasticSearch.

The problem

The device is old and doesn’t support changing the default syslog port from 514/udp to something different, like port 5140/udp. Unfortunately this can happen, for example on virtual appliances like ZeroShell, where there’s no way to change the syslog port from the default one, but there’s a quick solution to this!

Guides on Marco Lazzarotto

Kubernetes, Longhorn, and Non-Root Images: A Permissions Fix Chronicle

Intro

Boosting Navidrome Security: SSO Auth with Traefik and Authentik

Introduction

Exposing Seafile 12 Behind Traefik: The Complete Configuration Guide

Introduction

Boosting Seafile Security: Hiding Login Fields When Using SSO

Boosting Seafile Security: Hiding Login Fields When Using SSO

The Problem: Dual Login Methods Create Risk

Installation of Zabbix-agent in Home Assistant OS

Introduction

Nextcloud Hub Demo – How to try it

CentOS 8 - How to bind logstash on port 514

The problem