You have just reached my homelan, which consists not just of my normal
everyday (home)working environment, but also my IT lab (play) environment.
I am a die-hard IT-guy with more than 25 years of experience, primarily
in administering Windows networks. network devices such as routers,
firewalls and switches and some basic knowledge in Linux.
My homelan is built on (amongst others):
The HP Enterprise MicroServer Gen10 Plus with an Intel Xeon-2224
processor and currently 48GB of ECC-RAM serves as an important link
in my homelan.
Equipped with 4 Gigabit network interfaces and a separate
ILO-interface this is the perfect small (and energy-efficient)
server to do some serious virtualization.
Proxmox Virtual Environment is the virtualization platform running
on my HPE MicroServer. Proxmox VE is an open source server
virtualization management solution based on QEMU/KVM and LXC. It can
create virtual machines as well as Linux Containers and it is free
to use for home users.
It can handle ZFS for a reliable and very fast storage solution,
especially with 2 (Data Center grade) Kingston DC500M 960 GB SATA
drives operating in ZFS RAID.
Another great product that is free to use in a home environment is
the Sophos XG Firewall Home Edition.
This is a fully equipped software version of the Sophos XG firewall
with full protection including anti-malware, web security, URL
filtering, application control, IPS, VPN and more.
I am running this as a virtual machine on Proxmox on the HPE
MicroServer and it is capable of delivering speeds of over 500Mbps
using speedtest.net with just about all features switched on. That
is without using IOMMU (Intel VT-d) to pass-through the physical
NICs/processors from the server to the virtual firewall.
A Synology DS920+ NAS serves my homelan with the necessary
storage capacity to store all my data as well as backups from my
Proxmox virtual machines, my Microsoft365 environment, my personal
Onedrive data and of course the computers in my home.
This NAS also runs docker with some docker containers that haven't
been migrated over to the Proxmox environment.
Besides my own data, this NAS also stores encrypted offsite backups
of my parents' NAS while encrypted copies of my backups are stored
offsite at the NAS at their location.
As a first defense against possible ransomware attacks, the NAS makes
regular snapshots that can be restored really quickly.
The central switch in my homelan is this 'smart-managed' Netgear
GS324TP gigabit switch with Power over Ethernet and capable of
handling all my VLAN-needs..
One of the Linux containers running on Proxmox on the HPE
MicroServer is running the NGINX reverse proxy that is managing all
my Let's Encrypt SSL certificates for all public facing services.
Since december 2021 I have moved most of my public facing services to
my free Kemp LoadMaster Load Balancer.
On my proxmox host I have a completely free Kemp LoadMaster
Load Balancer running.
In my environment it is not really balancing load over multiple real
servers. Instead it is allowing access to several of my internal services
from the internet. All protected with Cloudflare SSL wildcard certificates
and all reachable over just HTTPS port 443 depending on the FQDN used.
Kemp LoadMaster can also incorporate a login page for normally unprotected
webpages that don't need a login or display too much information to my likings
before needing to login to the service.
These logins are then authenticated with my Active Directory server to check
for validity.
The free Kemp LoadMaster is limited to 20Mbps throughput, but that is more than
sufficient for me.
Another Linux container running on Proxmox on the HPE
MicroServer is running Pi-hole.
Pi-hole is a network-level advertisement and internet tracker
blocking application acting as a DNS sinkhole.
Main purpose is to remove as much ads as possible while browsing
the internet from every device inside my house.
Of course I also have a couple of (evaluation) versions of Windows
Server 2019 installed in my homelan, all running as a virtual
machine in Proxmox on the HPE MicroServer.
This environment is my playground in which I can make changes as
much as I like and keep my knowledge at a high level without
breaking anything in a production environment.
Currently I am running
1 domain controller;
1 Windows Deployment Server;
1 WSUS server.
Cloudflare is not just the DNS resolver for all DNS names that
Pi-hole allows, but I have also started to use Cloudflare as a
(free) DNS-provider for some of the domain names I own.
Cloudflare cooperates nicely with Let's Encrypt and is capable of
automatically renewing wildcard SSL certificates. Cloudflare can
also act as a proxy between a domain name and the physical
IP-address (location) where a server is hosted, making websites
running from my home environment reachable on multiple public IPv4
and IPv6 addresses.