Hi folks,

I seem to be having some internet connectivity issues lately and I would like to monitor my access to the internet. I have a homelab and was wondering whether someone had perhaps something like a docker container which pings a custom website every so often and plots a timescale of when the connection was successful and when it was not.

Or perhaps you have another suggestion? I know of dashboards like grafana but I don't know whether they can be configured to actually generate that data or whether they rely on a third party to feed them. Thanks!

The majority of my homelab consists of two servers: A Proxmox hypervisor and a TrueNAS file server. The bulk of my LAN traffic is between these two servers. At the moment, both servers are on my "main" VLAN. I have separate VLANs for guests and IoT devices, but everything else lives on VLAN2.

I have been considering the idea of creating another VLAN for storage, but I'm debating if there is any benefit to this. My NAS still needs to be accessible to non-VLAN-aware devices (my desktop PC, for instance), so from a security standpoint, there's not much benefit; it wouldn't be isolated. Both servers have a 10Gb DAC back to the switch, so bandwidth isn't really a factor; even if it was, my switch is still only going to switch packets between the two servers; it's not like it's flooding the rest of my network.

Having a VLAN for storage seems like it's the "best practice," but since both servers still need to be accessible outside the VLAN, the only benefit I can see is limiting broadcast traffic, and as far as I know (correct me if I'm wrong), SMB/NFS/iSCSI are all unicast.

I got a server case and some rails for free, they were annoying to build (yes, build), and I could not find anything regarding those rails online, so I decided to blog about it, in the hope of helping someone with all the same questions as me!

Also, I have no idea what I'll do with this new server, any thoughts or fun ideas ?

#homelab #rails

After looking into travel routers a bit, I quickly came across Gl.iNet which seems to be a leader in the space. It seems they use OpenWRT which is great, but with some special sauce on top of it.

In a few different posts I've seen people mention that they are no longer open source. Does anyone know if this is the case? I see some activity on their Github repo, but am not quite sure which parts people are worried about being closed.

Post 1

Post 2

For those of you who use travel routers, do you only use them to wire guard/ openvpn back to your home networks for local resources?

Do you use the travel routers firewall features at all, or does the VPN tunnel home take care of concerns about others in the public (hotel/ coffee shop/ etc) from seeing your devices?

I've been using Whoogle for probably a couple years now, and it's been great.

I do not have a cert on my PC that's running it (in my house) so my connection to it is not https. My question though, is once my query reaches from my device to the whole server (http) does Whoogle then use HTTPS when exiting to complete the query?

I've gone through this process a few times over the last week since trying out WireGuard, and for the most part it's been seemless. There's hiccups here or there, but normally just me misconfiguring my keys/ config file.

Typically on the client (my phone, tablet, etc) there is an option to generate the key pairs. I'll then put the public one on my peer definition in pfsense, and away we go.

With this GL.iNet router however, there is no option (that I see) to generate the key pairs.. so I think the problem I'm running into is that they are not matching/ expected when the negotiation with my firewall happens.

How can I go about generating these keypairs? Has anyone had this issue with GL.iNet?

EDIT: After finding a post from GL.iNet staff advising to not have a Listening port in the Peer section, and to set the MTU to around 1300, I have everything working as expected.

Dear all, I have some questions for what I'm about to do with my HomeLab. I recently upgraded my connection to a 1000/1000 and the ISP sent me this shit ass router (Fastweb Nexxt) which is very locked down. I want to change it.

Today this Fastweb Nexxt is not doing DHCP because I'm running a VM with OPNSense on it from which I manage IP reservation etc.

The fiber connection comes to my house and it's connected to a small box, an ONT from ZTE. Then an ethernet cable goes to the wan port of the Fastweb Nexxt and then LAN to my server where the OPNSense VM is hosted.

Now, I'm open to solution, the goal is to remove the Fastweb Nexxt.

The "Cheap" idea would be to use a USBC to Ethernet cable so to add a second Ethernet card to my server and connect the ZTE device to it. I would then assign in OPNSense this cable as WAN and leave the existing card as LAN for the switch. I'm quite sure I would need as well to clone the MAC address of the Fastweb Nexxt device and assign this MAC to the wan of my OPNSense right?

I'm open to any kind of suggestion, even something like "this is the best home-router for 100€"

EDIT: It seems something is causing my wireguard hanshake to fail. I can't find much on this particular error except "try rebooting the wg server". I rebooted everything, and I can't get it to connect unless the clients are already connected to the home wifi.

So I installed wg-easy on my one of my virtual machines on my proxmox "homelab". It seems to be working, and I installed the client wireguard-tools on my phone (via app), and on my laptop (EndeavorOS), and on my minecraft server (mineOS also in proxmox).

The web client for wg-easy shows all 3 clients connected and transmitting data.

I used my routers app to open the port to the wg-easy server.

I attempted to use my phone's cell network to pretend like I am not home, and simply ping my minecraft server. I tried with the wg ip (10.8.0.x) and I tried pinging the normal wlan ip (192.168.x.x). Neither work. I'm really confused as to why this simple test didn't work. The documentation on wireguard's site is pretty sparse when it comes to testing your own setup. Doe anyone have any resource to help me understand how this should work?

Side note: I have to have wireguard installed on every computer in my home network if I want to be able to reach them, correct?

other side note: If I wanted to reach my minecraft webUI (mineOS) from outside my network, what address should I use?

If you don’t mind Chinese vendors from AliExpress. It’s probably the best deal you’re going to find.

I have seen several cards that will do up to 4 NVMe from a single x16 slot (with MB and CPU that support bifurcation), but I have only found cards that are 1 PCIe slot to 1 M.2 A+E.

I think one way to do this would be to have a regular bifurcation x16 to 4 x4s and then use the 1x cards. But are there other options?

The reason I am asking is because I am procrastinating on other things I am supposed to be doing. I have no actual need for this and putting 4 wifi cards so close probably creates horrible interference anyway.

I recently upgraded my homelab core switch to a Mellanox SX 6012. It’s 12 ports of 40gb/s, and each can break out to 10gb/s. This switch also idles at 30 watts which was top of my list.

What model switches are you running, and do you like it?

I want a switch with a few POE ports but it needs to be as low power as possible as I rely in solar.

Any recommendeations?

Cross-posted to: https://sh.itjust.works/post/14975090

Solution

I'm still not really sure exactly what the root cause of the issue was (I would appreciate it if someone could explain it to me), but I disabled HTTPS on the Nextcloud server

nextcloud.disable-https

and it, all of a sudden, started working. My Caddyfile simply contains the following:

nextcloud.domain.com {
    server-LAN-ip:80
}

Original Post

I am trying to upgrade my existing Nextcloud server (installed as a Snap) so that it is sitting behind a reverse proxy. Originally, The Nextcloud server handled HTTPS with Let's Encrypt at domain.com; now, I would like for Caddy to handle HTTPS with Let's Encrypt at nextcloud.domain.com and to forward the traffic to the Nextcloud server.

With my current setup, I am encountering an error where it is saying 301 Moved Permanently. Does anyone have any ideas on how to fix or troubleshoot this?

Caddyfile:

https://nextcloud.domain.com {
        reverse_proxy 192.168.1.182:443
        header / Strict-Transport-Security max-age=31536000;
}

And here is the output of curl -v https://nextcloud.domain.com/:

* Host nextcloud.domain.com:443 was resolved.
* IPv6: (none)
* IPv4: public-ip
*   Trying public-ip:443...
* Connected to nextcloud.domain.com (public-ip) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: none
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_CHACHA20_POLY1305_SHA256 / x25519 / id-ecPublicKey
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=nextcloud.domain.com
*  start date: Feb 21 06:09:01 2024 GMT
*  expire date: May 21 06:09:00 2024 GMT
*  subjectAltName: host "nextcloud.domain.com" matched cert's "nextcloud.domain.com"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
*   Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using sha256WithRSAEncryption
*   Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
*   Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://nextcloud.domain.com/
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: nextcloud.domain.com]
* [HTTP/2] [1] [:path: /]
* [HTTP/2] [1] [user-agent: curl/8.6.0]
* [HTTP/2] [1] [accept: */*]
> GET / HTTP/2
> Host: nextcloud.domain.com
> User-Agent: curl/8.6.0
> Accept: */*
> 
< HTTP/2 301 
< alt-svc: h3="public-ip:443"; ma=2592000
< content-type: text/html; charset=iso-8859-1
< date: Wed, 21 Feb 2024 07:45:34 GMT
< location: https://nextcloud.domain.com:443/
< server: Caddy
< server: Apache
< strict-transport-security: max-age=31536000;
< content-length: 250
< 


301 Moved Permanently

<h1>Moved Permanently</h1>
<p>The document has moved here.</p>

* Connection #0 to host nextcloud.domain.com left intact

So I'm trying to build a router. Just need something to handle the networking in my house and the plan is to separate things out via virtual local area networks. Anyway, reading a bunch of threads and comments, I think my design will be something akin to this. Is this good or bad? Ultimately I wanna run OPNSense since that's what most people recommend, but wanna about x86.

NanoPi as a hub: https://a.aliexpress.com/_EHU4JCV

AX3000 as an AP: https://a.aliexpress.com/_EzPBBVX

Network Switch: https://a.aliexpress.com/_EITz5Gz

I've used fail2ban in the past on Ubuntu, and it was very easy to setup.

Apparently on Debian, there is no /var/log/auth.log, and it does not use iptables, so fail2ban is not seeing the failed login attempts and jailing the purp.

Has anyone set this up successfully before? I see suggestions online to set backend = systemd, but this does not seem to be fixing the issue for me.

So I'm trying to build a router. Just need something to handle the networking in my house and the plan is to separate things out via virtual local area networks. Anyway, reading a bunch of threads and comments, I think my design will be something akin to this. Is this good or bad? Ultimately I wanna run OPNSense since that's what most people recommend.

NanoPi as a hub: https://a.aliexpress.com/_EHU4JCV

AX3000 as an AP: https://a.aliexpress.com/_EzPBBVX

Network Switch: https://a.aliexpress.com/_EITz5Gz

Hey all,

I have a TP-Link EAP660-HD which has been serving me very well. I recently upgraded the FW on it, and after checking the back of the unit to see that it is a ver 1.6 (and downloading the appropriate 1.6 FW) I see in the dashboard that it says it is a HW version 1.0.

Is this expected? Pic

I'm using old laptop as a home server.
But the cooling fan started to click a lot, and I'm afraid that it will stop spinning soon.
Any ideas for how to replace the fan with something else? Preferably something that does not require electricity?
I'm thinking about dismantling it, taking the fan out and soldering a big block of metal to the heatsink.
How bad of an idea is that?
Is anyone aware of any other ways of physically converting laptop into something that is more suitable for home server?
Know of any guides or videos about something related? Please post links.
Thank you

Hey, y'all!

Here's the deal:

I have a server I've been running for a couple years, running mostly home automation and NVR stuff (home assistant, node red, frigate, etc). This was my first server and it wasn't set up in the best way possible. On top of that, it's starting to suffer from hardware failure. So I'm replacing it with a retired gaming computer, and I want to do it "right" this time.

So far, I've got it running proxmox with a couple debian VMs (thought process was to have one "primary" one that runs most of everything, and a "network" one that runs network services like nginx, tailscale, etc - I don't know if that separation is actually important or not). I, at some point, want to run pi-hole for sure. I also need a new router, so my thought was to set up opnsense for that. I also want to build a dedicated NAS somewhere down the line, but that's another thread for another time.

I work from home and require stable internet, and I have family that will be very upset if internet is randomly going out from my tinkering with stuff, so I think it's probably best to have totally separate, dedicated hardware for opnsense/pi-hole. I was looking at protectli, but it seems like I'd be looking at at least ~$300 for that option, and I'm not even sure I can run both opnsense and pi-hole on it? I'd also need to get an access point since I'd be replacing my current router that supplies wifi to the house, so I'm looking at like $400 for that transition, which is much more than I'd like to pay for this right now.

I could set everything up without the extra complexity of opnsense/pi-hole and add it down the line, but then I'd be looking at yet another complete re-work of the network and reconfiguring all my automations, cameras, etc., so it feels like it'd definitely be best to just do it up front and get it done. I have access to another old gaming PC I could theoretically set up as a dedicated network box to run opnsense and pi-hole on (after buying a NIC for it), but that seems wildly overkill (it's running an i5 and 32gb RAM, if I remember right), large (full ATX case), and power-hungry for a glorified router. I guess, in this case, I could move my network vm off the "main" server and onto this one, to truly use it as a dedicated network box, running things like opnsense, pi-hole, wireguard/tailscale, nginx, authelia, etc. But then I start getting into the territory of it being too much of a "tinkering" box instead of a stable router that I allow to handle my network and don't screw around with, lol.

So, I seek the advice of you much more experienced homelabbers. I'm terrified to do it "wrong" and wind up having to redo everything over and over, which I know is kind of antithetical to the entire idea of homelabbing in the first place. I need to avoid, as much as possible, unstable internet. In my shoes, what would y'all do? Bite the bullet and go for protectli? Use another old PC for the network box? Just set things up without opnsense/pi-hole for now and go protectli/something else later on and just deal with having to redo everything again?

Thank you so much in advance for any advice!

EDIT: I found a Zotac ZBox CL331 locally for $100 - would that be a good option, do y'all think?

(small aside: if anyone has any advice on moving my entire home assistant instance, node-red, and frigate setups (all separate docker containers) from the old server to the new one, that'd also be greatly appreciated!)

Some background: I have a Synology NAS already with plenty of space on it. It runs my Jellyfin server in a docker container. I also have a Raspberry Pi 3b running Pihole.

I would like to get a mini PC to run Proxmox on, and migrate those workloads over to it, as well as use it to host any other fun projects that can be virtualized that catch my eye. It'll also be a useful learning experience as I would like to learn Proxmox to potentially broaden my skills at work, where we are an entirely VMware house, but the shit Broadcom has been pulling since taking over has put a shadow over all of that.

Anyway, I'm thinking I would like something along these lines:

• A relatively recent CPU with decent performance and low power consumption. I prefer AMD these days.
• Capacity for at least 32GB of RAM, but it doesn't have to have that much from the get-go.
• NVMe storage, 512GB or so.
• Two ethernet ports. 1Gb is acceptable, 2.5Gb would be nice, though.
• Low-ish costs. I don't need this thing to be able to play games or anything, just run my VMs at a decent clip without burning too much power.

Transcoding performance isn't a huge deal either as the Jellyfin server isn't shared with anyone outside the house, and my playback devices so far have been able to play pretty much anything I've thrown at them natively.

I think that I would plan to have the actual VMs stored on a share on the NAS rather than having them live directly on the PC.

What would you recommend?

I currently have my reverse proxy on my NAS. That means I forward all of my 443 HTTPS traffic to my NAS. I am using OpnSense for my router, and there are several options for reverse proxies on that. Everything works the way it is now, but I do wonder if it would be "better" if I moved all of the reverse proxy stuff to my router. I don't know that anything would be simpler to manage one way or the other, so I think it comes down to best practices and security. If I move the reverse proxy to my router, I would be able to remove that forwarded port, but is that really any more or less secure?

Hi everyone, I'm looking to see if I could get some suggestions or recommendations on an upgrade path for my NAS in my current home environment. I'm also unsure if this is the best place to ask, so please let me know if this question doesn't fit in here.

My setup isn't too sophisticated at the moment. I had purchased a QNAP TS-453A back in February of 2017 and have it loaded with four WD Red 8TB (WD80EFZX-68UW8N0) configured in RAID 5. It is solely dedicated to storage and nothing else; with the bulk of it used for media archive. It has proved a shockingly reliable little device. I have a headless Intel NUC6i7KYK that is dedicated to running a majority of the self hosted services I use.

In the next year I'd like to expand my network storage and initially I had planned on simply purchasing replacement Exos X18's and go through the drive swap process but upon further thought, I figured I'd like to purchase an additional NAS and use my current one as a backup solution. I'm not particularly locked in to staying with QNAP and so any recommendations would be welcome. Admittedly, I have been looking at the TS-932PX-4G as I'm interested in adding in SSD caching to the array.

At any rate, thanks for any help or suggestions you may be able to provide! Or, if you can point me to a more appropriate place for this sort of question, I would also greatly appreciate it.

Hi,

I need help with my first homelab hardware. Maybe you experts can help me with that. I looked at this tutorial about building your own Openshift one node cluster using an Intel NUC, though I’m unsure, if I really should buy one of these.

I have set a budget of 1000€ (I’m located in germany). The tutorial suggests the Intel NUC10i7FNK, which I can get for 450€ new here (would buy 64GB RAM and a 2TB M.2 SSD for that). And I would follow the tutorial in getting a dedicated router for my lab environment.

Can I get more for my money (also in terms of upgradability) with some other product? Or should I just get that suggested NUC? I don’t need it to be that small (can be a tower), but I don’t want real server hardware, since the lab will run in my home office.

Thanks in advance for your help. My brain hurts from comparing products, searching for their availability, etc.

EDIT:

I've now decided to buy the NUC10i7FNK. It seems to be a sensible choice and the tutorial says, that it has enough beef for my first goal of building my own Openshift cluster for experimenting.

Thanks to all of you! You helped me to get to a good decision in this wide field of home lab equipment.

I have ZBOX MI571 with an i7-6700T and 16GB (SODIMM) RAM laying unused. And I want to make a personal backup/archive server, for which I think TrueNas will work best.

The box has more than enough computational power for running TrueNas. But as far as I could find it has only one SATA and one M.2 SATA port, so not enough to have a boot-pool and a redundant storage-pool. And it doesn't have any spare PCIe ports.

So I'm wondering what's my best option here? Can the drives be somehow reliability attached through USB for example? Or will it be best to buy a used mobo and ram and replant the CPU? Or should I just sell the whole thing and build a server from scratch?