Homelab Help
Hi all im really struggling to try and wrap my head around how to properly config my homelab!
Please see the photo of the current network layout.
My main intentions are to be able to host websites, a game server panel and node and for it to be secure!
I was slated for having all of this on one debian server and to be fair it was causing issues.
To start off with for my tp link switch am i able to make it so any device connected to it will be given a different ip as currently it is assigned 192.168.1.something
Id prefer it if was 10.somethingidrk Anything other than the 192.168.1
I was also thinking about running proxmox on the HPE server so i can just create a new debian instance, for example.
One debian server to run webservers
Another to host game panel
Another to run nginx proxy manager
and another one for the node.
Some concerns i have about this is getting proxmox to use my domain for example id want it to be proxmoxm1.zeanox.dev so i can access it wherever.
The raspberry pi id most likely attach the mycloud nas to it and run a MariaDB server and phpmyadmin just so the databases are hosted on a completely separate device and have raid redundancy. This would also have to be accessible from for example database.zeanox.dev
Another thing to note is ill be moving house so what configurations will i need to make once i do this? Hopefully if it came to it only port forwarding the same as before?
Also how would i secure this?! Would just port forwarding the ports required be adequate?
Please let me know if there are any hickups in what im trying to achieve its really starting to confuse me lmfao (edited)
83 Replies
Read up on this
Cloudflare Docs
Cloudflare Tunnel · Cloudflare Zero Trust docs
Cloudflare Tunnel provides you with a secure way to connect your resources to Cloudflare without a publicly routable IP address. With Tunnel, you do …
I saw this an a potential issue i may have would be every single one of the players trying to connect to the network would have to run cloudflared?
There was also mention that in order to sucessfully do it you would need pro plan and spectre or something let me just take another look
yeas technically they would need to run cloudflared as well or WARP. Also yes, specturm is a viable paided alterntive https://www.cloudflare.com/de-de/products/cloudflare-spectrum/minecraft/
For the minecraft portion I would just do a good old fashion port foward
Cloudflare Spectrum accelerates and protects your Minecraft server ...
Cloudflare Spectrum accelerates and protects your Minecraft server
is getting proxmox to use my domain for example id want it to be proxmoxm1.zeanox.dev so i can access it wherever.This part can be done easily with cloudflare tunnels for free and you will never need to publicy expose your cloudflare gui
Amazing i see, one thing i have just seen tho is the 5GB monthly data allowance
This as well
The raspberry pi id most likely attach the mycloud nas to it and run a MariaDB server and phpmyadmin just so the databases are hosted on a completely separate device and have raid ............
Okay noted
Uhh can you link where that is said at?
I cant find that free tier limit
Here on the pricing page at the top
I dont see a free tier limit to be fair let me log into cloudflare and see whats going on on there
Ohh yeah for spectrum, honeslty I would skip that and for the MC server you can just crack open the ports you need and port foward
As long as you put those services on a sperate VLAN and segment everything properly shouldnt be a issues
I see got it
One other thing is i currently have my HP Proliant when i move into my new house this will be shoved into a closet somewhere because of how loud it is
Im also renting a server from hetzner
Im worried that the server i have may not be enough hense me renting one
Is there any way to truely tell if it will cope or just give it a shot and see if it dies?
what are the specs? and is this gonna be a modded server and what's the max player count you want to support.
So the specs of the home server iss.
2X Intel Xeon E5-2690 @ 2.9GHz 8C 16T
120GB DDR3 at 1067MHz (One more stick is on the way)
Potentially GTX 1070?! Couldnt get that to work some weird power issue
2x460Watt PSU
4 1GB ethernet 1ILO port
Hardware raid card with.
SDA is 2SSDs for like 240GB of storage was hoping to put the OS for proxmox on that
SDB is i think 5 Disks Raid5 and i think 2Tb of storage if not it was 1.4 they are all different sizes
And the new wifi will be gigabit
And thats hetzner
And this is the switch everything is plugged into https://www.tp-link.com/uk/service-provider/smart-switch/tl-sg2424/
24-Port Gigabit Smart Network Switch with 4 Combo SFP Slots
24-Port Gigabit Smart Network Switch with 4 Combo SFP Slots
Following that diagram
That looks fine to me, and if you want to mess with network segmentation I recc something like this
This is totally up to you though if you get this far, I recc to. It will be a good learning experince.
So what devices would be on iot and trusted lan?
IoT - Internet of things devices, so smart fridge, thermostat, smart toaster, vibrat*r(jk) - this is super locked down and has basically no inter VLAN access
Untrusted - Public facing servers, this is super locked down and does not have much access to other VLANS and extremely locked down public facing as monitored.
Main - just your normal every day network your wifi will use
Trusted - Servers, Controllers (iDrac type things), NAS - Locked down and not publicy open beyond what is needed, heavily monitored.
Optional as well creating a "Default" that will be what stuff defaults to and you can toss a guest wifi on there
Im not super familiar with your exact network hardware so I cant say what getting this segmentation going will look like, that switch looks like it should be pretty easy to do stuff on since its managed.
For my deployment would IoT and Trusted be required? The only things connected to this switch would be literally everything in the first diagram
So the hpe server raspberry pi and the 2 nas
I would do a trusted and untrusted and main at minimum. If you have no smart devices than you can skip IoT for now
The NAS and Promox hosts you wont really want on the same VLAN as public facing services. Not that people dont, just the right way, would be to separate them
Okay noted however i am slighty confused at this part
Only because regarding the vlans
Id have to do this on the tplink switch
and once again the only thing connected to that switch is the server raspberrypi and nas
What is your gateway device?
Okay at this current moment in time before moving out its the bt router
I understand, but if you host the MC server of a VM on that server you will put it in a seperate VLAN
Yes i understand that
Its the other devices
Like the guest network etc
Following this
this is currently whats going on
And the vlans would be on the tp link
and you would have the untrusted and main
That would be fine, depending on your gateway you may be also to configure your VLANS there
I dont think im able to on this wifi
I am not too sure about the other one that will be on the day i move in
Gotchq
well yeah so far the plan looks good
as your doing it lmk if questions arise, ive messed with everything besides mc servers and tp link switches
Let me make new diagram for the new house
That would be the new house
So essentially all im doing is removing the netgear switch
And hopefully if im not mistaken all id have to do is port forward the ports again?
@Wagon
Gunna be a network between 50-250 People and not modded but with plugins
@DirtyJ may be better to advise, im not a big Mc guy, dont know what that size server would take
Maybe not even that
Well i mean if you get new router ya
and you would need to setup dhcp adnd shi for your other subnets really depends on the gateway situation
Minecraft enjoys ram, just about finding the right balance between optimization and playability
For 50-250 you're looking at 16-64gb of memory allocated to that fat java instance depending on a wide handful of variables. Are you preloading the world, running paper/purpur/a super optimized fork, have you tuned the configs, and are these player estimates peaks or averages.
The more things you optimize in the configs the more weird/unplayable the game will get etc
Wagon beat me to most of what I was going to say lmfao
So the plan for minecraft may be overkill. On the home server it will be a network with 4 servers. Skyblock the hub the proxy and a smp. All will be preloaded however i still need to look into what fork ill be running 🙂
The thing about this tho for my current router im really not sure if im able to change anything to do with the gateway, dhcp and subnets it would have to be done on the switch
Also just to make sure that im not mistaken
The first steps i will be taking is setting up vlans
then proxox
then cloudflare tunnel
theenn
the debian servers with the panel and stuff
Thats sounds good to me
Okay we are already off to an issue lmfao
Last night i had to make it so i can access my switch
and for some reason its decided its funny and has reverted
did you hit save
I did
The whole config reset smh
hmmmm
Right i changed it back to what it was however
I am slightly confused
Would there be any chance id be able to share screen and show you what i mean?
you can dm ss if needed but rn i am working
Ill send it here its not an issue but my explanation will be jank lmfao
So!
For the interface config
Its using vlan 1
To make the webgui work on my desktop
I changed it from static to DHCP and pressed apply
And i assume that is fine
However the next like problem/concern/nocluewhatimdoing is setting up the vlan!
There are 3 options 802.1Q Mac and Protocol
Following this
Port 1 is the ethernet to my other switch that goes to the router
Port 2 Is ILO for my Hpe Server
Port 9-10 is for the Hpe server
However it will be 11 and 12 too as soon as my ethernet cables arrive
Port 18 is i am not too sure i think a raspberry pi?
Then 23 and 24 are the two nasses
Essentially i have no clue what i am doing any guidance would be greately appriciated
Let me get back to my desk and I will get you some help
Thank you so much
Read through this https://www.tp-link.com/uk/support/faq/544/
How to configure 802.1q VLAN on Smart Switches | TP-Link United Kin...
How to configure 802.1q VLAN on Smart Switches
So with that guide ill be creating 2 vlans
One for untrusted
and one for trusted
But
with the 4 ethernet ports
for the server
Its allocating a port
on the switch
so like
lets say with this
Following this
Id create a vlan for 9-10-11-12
But
that means anything made by that server would instantly go on the main vlan
even though id need one to go to untrusted
@Wagon Still cant wrap my head arount it
Unfortunately I have taken you as far as I can. I am not familiar with tp-link managed switches and they seem to have zero docs. Also you are probably not going to be able to configure all this correctly without a gateway you can make changes to/proper firewall
Someone else may be able to further assist
I see thank you v much 🙂
Yeah by the look of it i cant change the dhcp settings on my router
Can you get a different gateway? Microtik makes some really affordable options
and their routerOS is really comprehensive
you can also do a DIY Pfsense/OPNsense option
if you want something a little more all in one, unifi is not bad for at home. people will shit on it but for home use it is completely fine, especially these days
So for the time being unfortunately its a no
However
Im going to just bodge it
So proxmox is up
Nginx proxy manager
and docker with portainer is also up
and im using nginx proxy manager
to access it via my domain
and i have only port forwarded 80 and 443 atm
So now what i am doing is
installing proxmox on my rented server
merging the two together
annd
installing the panel on my machine
and then the nodes on both
thats unfortunately without any cloudflare tunnels
and the only issue i may think of is that with my router atm its using DHCP however i set it to always use this ip and its not having any of it
So im taking a risk in the sense that if the ip changes i am fucked
But for the time being hopefully it will suffice
Just had an issue with my server too a ram stick combusted?
Anyone with proxmox experience able to help me link the ethernet ports?
Is it just as simple as editing the bridge and adding the en02 eno3 eno4
or do i have to do any other configuration?
Are you trying to get the ethernet port to work in proxmox? IM afraid I dont understand
Well i have 4 ethernet ports all plugged in and id like to link them all together so i have more thruput instead of all through 1 ethernet port
I can help in a bit but this is the direct from proxmox wiki, however I doubt you really are going to see any benefit, i imagine the NIC on your server is a GIG and so is you switch
so splitting into 4 isnt going to do anything
Each port is gigabit
Ok then there is no reason to split because your switch is only Gigabit
I understand however if there are 3 devices its trying to communicate to will it not help?
No
Like for example the two nas
they are each gigabit
thats going to completely overload the one ethernet port connected to the server atm
so by bridging 4 it can split it across all 4 so i can have 1gigabit to the internet if needed and 1 gigabit to each of the nas
instead of it being like 33% 33% 33%
Nevermind I see what your saying now
Are your NAS's VM on proxmox?
Nope but plugged into the switch the server is
ill have to mount them to the proxmox server but shouldnt be an issue
Ive never done NIC teaming on proxmox but I would check this out
Last time i attempted to do this i completely crashed my whole network
thanks 🙂
Right going from that reddit just gotta reboot
Unfortunately no luck im pretty sure im gunna have to fresh wipe it 😦
server fans just kick to 100% nd have no access at all
and its just crashed my wifi again lmfa