Server Build 2.0 Part 1 – Updates

Roughly 10 years ago, I wrote a series of articles walking you through the process of setting up a home server. Over time, my needs changed, as did the available technology, as well as my knowledge. So in the next few articles, I’ll be writing a follow up, but it’s really starting from scratch. This specific article is more of a catch up, that fills the gaps between then and now. This will seem like it all happened at once, but this really spans years. The old articles are still accurate. Installing a system is installing a system. I just learned how to do more and new things. All of the software is free and open source. So all I had to pay for was the hardware. This will be very high level and vague. I’ll get into more details with each project specific article.

When we left off, I had a Dell R410 running Xen as a hypervisor, and a few VMs including PiHole as an adblocking DNS server. This worked fine. I also had a Synology NAS that I used for file storage. On the R410, I had two mirrored RAID1s. Unfortunately, one drive in each array died within a month of each other. The magic of RAID is that I didn’t lose any files. But I realized that I didn’t use it enough to warrant buying new drives. I had long since left Windows completely, so I didn’t need the Active Directory. Plus the Dell was loud, and used a lot of electricity. So I decided to move the PiHole to an actual Pi that I had lying around. In fact, it was the Pi that I had purchased to run PiHole in the first place. I sold the Dell, and my power usage plummeted. All of my files were stored on the NAS.

Around a year ago, fiber internet became available at my apartment. I went from 250mbs (that was more like 100 in real life) to 1gig. It was awesome. The problem was that now my hardware was a bottleneck. My firewall could only go up to about 650. My cables were all CAT6 which should theoretically work. My wifi routers were wifi5, so that slowed me down, as well. Time to rethink and rebuild my infrastructure.

Meanwhile, at my job, I had learned about managing VLANs and Unifi APs. So I decided to upgrade to actual enterprise level hardware.

First, I upgraded to CAT8 cable. It wasn’t that expensive, and should future proof me for a long time. This alone, caused my speed to skyrocket, even when I was still on cable internet. Next, I tried some Deco APs, but even though they advertised the ability to use VLANs, that only worked if you used them as the DHCP server, which wasn’t feasible for my setup. I bit the bullet and got a Unifi U6 Enterprise, and later I added a U7 Pro. I was going to run the Unifi Network Application on Docker, but it looks like that project was closed, so I grabbed the Pi from my old Smart Mirror and installed it there.

I needed to upgrade my switches. I had a Netgear 8 port switch, and it worked fine. I just needed more ports. Plus I wanted POE for a new camera and the AP. I first tried a TrendNet managed switch, but it was a huge pain in the ass to configure because it seemed to only want to talk to a Windows app. I actually had to bring it into work to use my Windows computer and even then I had no way of knowing if it worked until I got home. Hint, it didn’t. So I went back to Netgear. I got a 16 port POE managed switch as my primary, and moved the 8 port switch over to my media center. I love Netgear, by the way.

My firewall eventually had a hard drive failure. It was one of those stupid soldiered chips. Rather than pay a stupid amount of money for a new Netgate (not to be confused with Netgear) firewall, I decided to get a Beelink mini pc, and install pfSense on there. Unfortunately, my most recent backup of pfSense was over a year old, plus I hadn’t created any VLANs yet, so I decided to start from scratch. The Beelink has way more resources than the old firewall, so I wasn’t worried about going crazy with it.

Then I found out about Docker. And this is where my life spiraled out of control and I dove down the rabbit hole. Soon I was selfhosting everything I could think of. This website? It’s actually running on a server in my apartment. I run my own NextCloud instance so I can access my files anywhere. I use Immich to manage the photos, so I can search for images. I run my own speedtest system. The Arrstack. All sorts of amazing things. Jellyfin streams my media, and I even set it up so others could stream stuff from anywhere in the world, even at the same time. Kiwix allows me to host a copy of Wikipedia. I started running Docker on the NAS, but quickly ran out of resources. Especially when I added NextCloud.

That meant I had to buy a new computer. Well, new to me. This time, instead of going for a rack mount server, I went with an HP small form factor computer that was very VERY upgradable. I figured, with the amount of money I would save no longer needing to pay a webhosting package, I could invest that in a computer that could do that and so much more. That’s running Proxmox, which I had actually considered using with my first server build. Xen ended it’s community edition, plus the projects that made software to manage Xen were closed, so Proxmox became the dominant hypervisor in the homelab world.

Lastly, my old old old OLD security camera system was so out of date that it could only be viewed from Internet Explorer. The cameras themselves were only like 4 megapixels, so I just gave up on it. I had begun playing with HomeAssistant, and decided to get some Reolink IP cameras because they could connect to HA. Kind of. More on that dumpster fire in a future article.

So now I have 1 gig internet at the wall. That goes to my pfSense firewall. The firewall uses my PiHole as the DNS server. I also setup the PiHole as a recursive DNS server to speed things up. The firewall feeds 4 VLANs. The management VLAN, my everyday VLAN, an IOT VLAN, and a guest VLAN. You know. In case I ever get friends. Those VLANs are dispersed among my Unifi APs, so I have 4 SSIDs to manage. On wifi, about 20 feet from the AP, my devices can get up to 900mb. With the Unifi mesh, I can be at the end of my block and still get 20mb. My car has an Android based stereo, and the wifi is strong enough that I can run updates or whatever from the parking lot.

The NAS and server both have dual NICs, which enables those devices to be accessible to two different VLANs without needing to mess with firewall rules. The server is running a handful of VMs. Mostly I use those VMs to run Docker. Some of those Docker containers are accessible outside my network with a reverse proxy on the firewall. And also SSL! Duplicati makes backups of the Docker files and stores them on the NAS. I also have an external hard drive plugged into the NAS and the NAS makes a backup of itself onto the external drive.

HomeAssistant and the IOT devices are on their own network, with only some of those devices able to connect to the internet. That limits my attack surface quite a bit. The guest VLAN only has access to the internet. The everyday VLAN has access to itself. The management VLAN has access to everything.

Selfhosting has also enabled me to get away from large corporations. During this time, I had also moved from stock Android to GrapheneOS, so I had already moved away from most of Google. OpenStreetMaps to replace Google Maps. Proton to replace Gmail. F-droid to (mostly) replace the Play Store. Now I have my own “cloud” storage with NextCloud, so I don’t need Dropbox or Google Drive. Immich replaces Google Photos. I control my data. Completely. Plus, with fiber internet, the upload speeds are basically the same as the download speeds, so I don’t have to worry about slow connections to any of my local services, remotely.

After using Ubuntu and then Ubuntu Mate as my daily driver for almost a decade, I switched to QubesOS two years ago, and have loved it. I still have a MacBook because I do tech support for people, so I need to have a basic understanding of all OSes. I did have to buy a Windows laptop because the remote software my job uses is only available on Windows. Though, technically, the laptop was free.

In the end, other than time, I really only spend around $1000 to do all of the above. If you consider that I sold my old server for $500, and that I used to spend $300 a year for the hosting package, I’m only down $200, and next year, I’ll be back in the positive. I’ve learned so much in the process. I’ve been able to do things that I couldn’t even imagine 10 years ago. Plus, there’s so much I could do in the future, if I want. Let’s be honest. WHEN I want.

Maybe this weekend, I’ll start playing with Wazuh, which is a security monitoring system.