Homelab

Background If you have read my previous posts, I actively deploy and maintain multiple services for personal use, running from my home, accessible securely from the internet. I use docker-compose to keep all the 40+ services running smoothly. It works fine but is not a perfect way. If one of the containers goes down and becomes unhealthy, I would not know until I tried to access the service, but it was not. While I have a CI/CD pipeline set up with Drone , I cannot use it since there is no good way to deploy docker-compose files. They depend on folder names and other local parameters. If I wanted to scale these services tomorrow, I would have no way to do the same. The docker swarm is not comparable to what I had in mind. ...

I have written before about how I have used Tailscale, a magical tool to set up Wireguard tunnels to create an overlay network called Tailnets. I have also written about how I host all of my services to be publically accessible using Cloudflare Tunnels (fka Argo Tunnels). But I recently discovered that the ~20MiB binary of cloudflared can do a lot more than just run tunnels. Here is how I used most of the newly discovered features. ...

If you have read through the previous articles, I have a setup where applications are securely accessible to me from anywhere. That is all well and good until something breaks, and I have to fix it. No big deal when I am home, but how would I do that if what I am trying to fix is the one that helps me access it remotely? Enter Tailscale , a point-to-point mesh VPN topology private LAN overlay over the internet. Tailscale is a game-changer when it comes to VPN technologies. It accomplishes this using WireGuard , another up-and-coming technology for secure, simple tunneling. ...

In the last part of this series, we saw what I had set up for self-hosted applications. Now let me show how I got all these on the internet. For this, the last section is a good background. Let us look at some of the hurdles I had. I have two ISPs, and neither of them provides a static IP. Moreover, one of the ISPs does not even assign a public IP, placing me behind a CGNAT . Managing dynamic DNS records can be a pain. Load balancing them can be a tedious process as well. Forwarding ports can turn out to be a security issue depending on how effectively I implement firewall solutions behind it. All of these added up result in a problem for my network. Another thing to note that I had already moved my domain registrar to Cloudflare owing to its better management UI and fast DNS resolvers. I was impressed by how quickly the DNS changes propagated, making testing things out a smooth experience. ...

Before moving to the next part, I thought it was relevant to have a background on what network architecture was backing all of this. I was never the person to take what an ISP would sell as a useless excuse of a modem/router, but I was still using a stock TP-Link router with reasonably good wireless and gigabit networking support. What I now have are two ISPs, both providing FTTH (fiber to the home). The first one provides 300Mbps symmetrical, and the second one reaches 200Mbps. Each has its ONT (Optical network terminal) and provides a gigabit port or two bundled with unusable WiFi. There is nothing I can do about this, but it is good enough for the job. ...