Development In The Homelab!

The state of the HomeLab:

1. What is in my HomeLab now?
2. What do I plan on adding in the future?
3. How have I overcome obstacles to the development of these goals?
4. What have I been studying to learn these skill sets?

Before You Read On!

This is a link to my discord community! We are a group of like-minded technology professionals and enthusiasts! Join and help us grow! So many of my solutions and ideas come from a collaborative effort with these great people!

What Is In My HomeLab Now?

Clustering:

My current setup does not stray too far from how it was described in my previous article; however, for the sake of documenting a few of the smaller changes that I have made, I will detail them here!

I have gotten more into the ins and outs of the Proxmox environment lately, and this has allowed me to craft my logical network to fit the form of my physical network. Namely, I have my physical network racked together in one single stack. Previously, my logical topology had these nodes separated. Now, I have taken advantage of Proxmox's Clustered DataCenter feature. Using this feature, my virtual machines and containers are housed within one conjoined logical host, called a DataCenter.

This change allows me to synchronize backups, versioning, patching, and it allows me to manage my lab through the proverbial Single Pane of Glass.

Custom DNS:

As mentioned in the previous article, I house a containerized DNS server in my network that runs on the resources of my Second Proxmox Node. They share a debian kernel. What I have DONE with this DNS server, though, has changed. It still sits as the primary DNS server on my network, failing over to Cisco's OpenDNS when an outage occurs, but now it also houses custom A name records for hosts on my network. In other words, I have named all of my hosts, including my gateway, so that they exist on a common, easily memorable schema. This makes management and remote access significantly easier to maintain. No more memorizing IP addresses!

For those of you who are curious, or who missed the previous article, I use Pi-Hole for my DNS server. It is lightweight, easily containerized, and runs great in a virtual environment! It also has a fantastic web-management interface. With just a little bit of Linux know-how, this was an easy setup!

File, Print Share, and IDRAC Management:

Since I am using recycled enterprise gear (Dell PowerEdge R510s), I have the privilege of using the IDRAC (Integrated Dell Remote Access Controller). This powerful tool adds a second, dedicated, independent NIC to the rear of the server and allows me to remotely boot the server, shut down the server, check logs, check stats, change settings, and even, with IDRAC Enterprise, manage the OS through a virtual console window! This functionality is a game-changer, and is really important to be comfortable with!

When I finally set up the IDRACs for my home servers, I realized that I needed a place to manage them from. Given that they were older, they lack standard encryption and TLS support. As a result, whatever browser wanted to query them would have to have their encryption protocols turned OFF. Since I found this unsafe for my main machine, I decided to spin up a Windows 10 virtual machine to access these resources instead. This VM then evolved into my IDRAC Management and Resource Distribution box.

I took this opportunity?to set up a proper share for my home multi-function printer. I also took this opportunity to share out a 300GB share drive so that I could store away sensitive information concerning my configurations in a decentralized location that could be easily snapshotted, backed up, and saved.

Ubuntu Server Cluster:

The final things that I most recently added were four blank instances of Ubuntu Server with PowerShell and Apache installed. These are fully updated, and ready for production. I have big plans for these, plans I will discuss in the next section!

What Do I Plan On Adding In The Future?

RustDesk & Ticketing System:

For a long time, I have been interested in starting my own business. A small side endeavor to both sharpen my skills, and make extra money. Using these tools, I can make this a reality!

Rust Desk is a FOSS (Free and Open Source Software) project that seeks to bring remote support (a la TeamViewer) to the Open Source world. They make the server application freely available on their website (above). Combining this with a ticket-keeping system (TBD) I can self-host a small, local, IT consultancy from the comfort of my home!

My desire is to build a basic webpage to house these resources, open this webpage to the public, and truly host my own IT Resources that can benefit others around me!

This project is reserved for one of my four Ubuntu Server instances. This will likely, however, not be done until I am in possession of a proper Firewall with support for VLANs, Custom Traffic Shaping, VPNs, and Firewall Rule Writing. I will not open a public-facing node in my network without proper isolation and security.

Minecraft & Terraria Servers:

This is a far simpler and more self-explanatory goal. My friends and I enjoy Minecraft and Terraria. To open a public facing server so that they could play with me remotely, would be an extremely fun achievement. This configuration would also allow me to manage backups, mods, and snapshots.

Media Server:

This idea is intended to solve the issue of "poor internet connection" preventing me from streaming media. By hosting media locally, I will be able to stream it at the highest quality without even a hint of buffering. In the future, I may also choose to open this to my devices via a VPN so that I can stream my favorites for free from my home. I intend to use popular media server software Jellyfin for this purpose.

Splashpage / WebHub:

This webpage will be a local-only webpage to act as a centralized splash page to access all of my services, pull logs and statistics, and house my servers in a GUI environment. Having this will make my services more accessible and usable to the average user who I may be sharing them with. I intend to use the popular service "Heimdall" for this purpose.

Personal Website:

I don't know, yet, if this will be appended to my support services, or if I will make it a standalone project. This project is mostly intended to teach me HTML, CSS, Javascript, and public-facing endpoint security. This is a big project to undertake from start to finish, and I have a lot to learn before I try it. However, I still have an apache webserver spun up and waiting in Proxmox!

NETWORK OVERHAUL:

This is the final goal of my HomeLab for the foreseeable future. As it stands right now, my only two network appliances are the TP-Link Archer AX10. It is a cheap home router from Walmart. My only switch is a 5 port unmanaged Netgear who's model designation I don't even know. This is not really an acceptable setup for constructing ANYTHING public facing.

As of right now, before I can complete some of my previously mentioned goals, I need to upgrade my route-switch appliances. Namely, my firewall first.

The above-linked SonicWall TZ270 provides me with enterprise-grade firewall management on a budget. It has support for multiple VPN protocols and clients, extensive VLANing, Cellular Failover, and custom Route Tables. This appliance would revolutionize my ability to segment, and protect my internal network. I would use it to make VLANs and Screened Subnets for the different types of hosts on my network, then write firewall rules to allow for their remote management from my management plane.

The above switching and AP appliances would give me the ability to manage Layer 2 traffic from a single pane of glass. They are part of the new TP-Link Omada SDN suite and they provide a budget-oriented alternative to Ubiquiti's Unifi devices (Which are great but too expensive).

Using these network upgrades I will truly be able to emulate an enterprise-lite setup and practice the core tenents of network availability, security, and integrity.

How Have I Overcome Obstacles To These Goals?

BlooSurf's Double NAT Issue:

There really is only one issue that I have run into recently with any of these goals. That one issue is that my ISP (BlooSurf) double NATs my home. Essentially, they have a middle-man router sitting between their border router and my home. This means that my WAN is actually in a schema of private IP Addresses. Multiple homes on my street share one, cycling, DHCP, public address. This presents a big problem for hosting public services.

Queries to my webpages would be unaware of my internal private address on BlooSurf's network and, therefore, would never be able to actually make it to my server. There is no way to solve this from layers 2 or 3. A solution for this must bypass the need for a complete TCP/IP Handshake.

The solution that myself, and friends of mine within our Discord Community, have come up with, is to setup an inexpensive VPS in the cloud with Linode, Azure, or AWS (TBD). I will install Wireguard in this VPS and treat it as the gateway for my webserver. I will then install a Wireguard node within my webserver and establish a persistent VPN between the two sites. This VPN will function above layers 2 and 3 of the OSI Stack and will therefore be unaware of any changing WAN addresses that may impact my home.

Given the lightweight nature of my intended applications, this should be a serviceable solution for my issue and I cannot wait to gain the experience of configuring Wireguard with a VPS!

What Have I Been Studying To Learn These Skill Sets?

The Books:

1. Mike Myer's CompTIA Network+ 008 Certification All-in-One Exam Guide Textbook was the first book that I picked up.
2. No Starch Press's How Linux Works, 2nd Edition: What Every Superuser Should Know. This book is a quick read and a great Linux field guide!
3. No Starch Press's The Linux Command Line: A Complete Introduction, 3rd Edition. This book is a fantastic look into the world of BASH, CLI, Scripting, and Unix-Like Operating systems in general.

The Videos:

1. NetworkChuck's "Linux for Hackers" series is a GREAT look into Linux for the first time. He walks you through the setup and configuration of multiple popular Linux distros using the Linode CSP.
2. NetworkChuck's "You Need To Learn Virtual Machines Right Now" series has a Part 1 and a Part 2. These two videos give you all that you need to know to spin up and configure both type 1 and type 2 hypervisors. These videos are what allowed me to truly go deeper into HomeLabbing.
3. ANY video from Techno Tim's Youtube Channel. This guy is fantastic. He has one of the most wildly engineered and extremely impressive HomeLab setups I have ever seen. From Kubernetes, Docker, Rancher, and home-cooked applications, to load balanced DNS servers sharing a VIP...he has it ALL.

The Courses:

As of right now, I have not formally educated myself in IT in any way (that may change soon!!). However, I still have paid for a few online courses here and there with my favorite service, Udemy.

1. TOTAL: CompTIA Network+ (N10-008) Preparation Course by Mike Myers and Joe Ramm.
2. CompTIA FC0-U61 IT Fundamentals Course by Vision Training Systems.

I own many more, but have chosen to only list those that I have used since the date of their purchase to prepare me for these projects.

In Conclusion?

Thank You For Reading:

Thank you very much for reading, if indeed you have managed to read this far in! I put a lot of work into these projects, but have found them to be wildly educational and rewarding! I can say from experience that the best way to learn IT is to START LABBING AT HOME! It is a great feeling. As I improve my setup, look out for more posts and articles detailing the progress!

Thank you!

Tyler James Sell

*Special Thanks To*

Chuck Keith Mike Meyers Jason Dion

Thank you for teaching me so much!