Honeypots or honeypots are servers that are positioned in an infrastructure to anticipate and detect attempted attacks from malicious people or malware.

Teleport is the easiest, most secure way to access all your infrastructure servers, clusters, and applications. It is designed to provide role-based access control, audit logs, and session recording, making it ideal for organizations that need to provide secure access to their resources.

For a long time I have been using PfSense for my infra at home also to secure the virtual machines on my dedicated servers, also for small infra like schools, SMEs, hotels etc ...
I turned to OPNSense for the simplicity of the interface and above all more update and security patches compared to PfSense Community edition. I'm not saying PfSense has become a firewall to avoid, plan to buy the official hardware for better support and patching.

If like me you host several services at home or in production,  you are not going to set up a certificate on each server or docker, the easiest way to manage certificates is to centralize certificate management in a single node or docker. Traefik is much favored but I prefer Nginx proxy manager because it is easy to use and light and above all to add a service by UI in a simpler way. Traefik is useful for its configuration files, the logic of its configuration and the integration of Docker / Kubernetes. But above all Traefik becomes the ideal solution when I load/unload containers, it is the only one that allows me to simply manage the ports dynamically.

Mkcert is a simple tool that enables you to generate and install self-signed SSL certificates for local development. Here are the steps to install, configure, and generate self-signed SSL certificates with mkcert :

sudo apt install libnss3-tools
curl -JLO "https://dl.filippo.io/mkcert/latest?for=linux/amd64"
chmod +x mkcert-v*-linux-amd64
sudo cp mkcert-v*-linux-amd64 /usr/local/bin/mkcert

If you use a pfsense in your company, school …. with an active directory, nowadays Microsoft strongly recommends for a question of security, to encrypt your ldap connections. But since the version of PFSense 2.5.xx it is necessary to import the authoritative certificate of your LDAP. (An upcoming procedure to explain how to create an ADCS from your Active Directory). We will therefore proceed to my LAB demo which is HOME.LAN.