Zeanox
Zeanox5mo ago

Homelab Help

Hi all im really struggling to try and wrap my head around how to properly config my homelab! Please see the photo of the current network layout. My main intentions are to be able to host websites, a game server panel and node and for it to be secure! I was slated for having all of this on one debian server and to be fair it was causing issues. To start off with for my tp link switch am i able to make it so any device connected to it will be given a different ip as currently it is assigned 192.168.1.something Id prefer it if was 10.somethingidrk Anything other than the 192.168.1 I was also thinking about running proxmox on the HPE server so i can just create a new debian instance, for example. One debian server to run webservers Another to host game panel Another to run nginx proxy manager and another one for the node. Some concerns i have about this is getting proxmox to use my domain for example id want it to be proxmoxm1.zeanox.dev so i can access it wherever. The raspberry pi id most likely attach the mycloud nas to it and run a MariaDB server and phpmyadmin just so the databases are hosted on a completely separate device and have raid redundancy. This would also have to be accessible from for example database.zeanox.dev Another thing to note is ill be moving house so what configurations will i need to make once i do this? Hopefully if it came to it only port forwarding the same as before? Also how would i secure this?! Would just port forwarding the ports required be adequate? Please let me know if there are any hickups in what im trying to achieve its really starting to confuse me lmfao (edited)
No description
83 Replies
Wagon
Wagon5mo ago
Read up on this
Wagon
Wagon5mo ago
Cloudflare Docs
Cloudflare Tunnel · Cloudflare Zero Trust docs
Cloudflare Tunnel provides you with a secure way to connect your resources to Cloudflare without a publicly routable IP address. With Tunnel, you do …
Zeanox
Zeanox5mo ago
I saw this an a potential issue i may have would be every single one of the players trying to connect to the network would have to run cloudflared? There was also mention that in order to sucessfully do it you would need pro plan and spectre or something let me just take another look
Wagon
Wagon5mo ago
yeas technically they would need to run cloudflared as well or WARP. Also yes, specturm is a viable paided alterntive https://www.cloudflare.com/de-de/products/cloudflare-spectrum/minecraft/ For the minecraft portion I would just do a good old fashion port foward
Cloudflare Spectrum accelerates and protects your Minecraft server ...
Cloudflare Spectrum accelerates and protects your Minecraft server
Wagon
Wagon5mo ago
is getting proxmox to use my domain for example id want it to be proxmoxm1.zeanox.dev so i can access it wherever.
This part can be done easily with cloudflare tunnels for free and you will never need to publicy expose your cloudflare gui
Zeanox
Zeanox5mo ago
Amazing i see, one thing i have just seen tho is the 5GB monthly data allowance
Wagon
Wagon5mo ago
This as well
The raspberry pi id most likely attach the mycloud nas to it and run a MariaDB server and phpmyadmin just so the databases are hosted on a completely separate device and have raid ............
Zeanox
Zeanox5mo ago
Okay noted
Wagon
Wagon5mo ago
Uhh can you link where that is said at? I cant find that free tier limit
Zeanox
Zeanox5mo ago
Here on the pricing page at the top I dont see a free tier limit to be fair let me log into cloudflare and see whats going on on there
Wagon
Wagon5mo ago
Ohh yeah for spectrum, honeslty I would skip that and for the MC server you can just crack open the ports you need and port foward As long as you put those services on a sperate VLAN and segment everything properly shouldnt be a issues
Zeanox
Zeanox5mo ago
I see got it One other thing is i currently have my HP Proliant when i move into my new house this will be shoved into a closet somewhere because of how loud it is Im also renting a server from hetzner Im worried that the server i have may not be enough hense me renting one Is there any way to truely tell if it will cope or just give it a shot and see if it dies?
Wagon
Wagon5mo ago
what are the specs? and is this gonna be a modded server and what's the max player count you want to support.
Zeanox
Zeanox5mo ago
So the specs of the home server iss. 2X Intel Xeon E5-2690 @ 2.9GHz 8C 16T 120GB DDR3 at 1067MHz (One more stick is on the way) Potentially GTX 1070?! Couldnt get that to work some weird power issue 2x460Watt PSU 4 1GB ethernet 1ILO port Hardware raid card with. SDA is 2SSDs for like 240GB of storage was hoping to put the OS for proxmox on that SDB is i think 5 Disks Raid5 and i think 2Tb of storage if not it was 1.4 they are all different sizes And the new wifi will be gigabit
Zeanox
Zeanox5mo ago
No description
Zeanox
Zeanox5mo ago
And thats hetzner
Zeanox
Zeanox5mo ago
And this is the switch everything is plugged into https://www.tp-link.com/uk/service-provider/smart-switch/tl-sg2424/
24-Port Gigabit Smart Network Switch with 4 Combo SFP Slots
24-Port Gigabit Smart Network Switch with 4 Combo SFP Slots
Zeanox
Zeanox5mo ago
Following that diagram
Wagon
Wagon5mo ago
That looks fine to me, and if you want to mess with network segmentation I recc something like this
No description
Wagon
Wagon5mo ago
This is totally up to you though if you get this far, I recc to. It will be a good learning experince.
Zeanox
Zeanox5mo ago
So what devices would be on iot and trusted lan?
Wagon
Wagon5mo ago
IoT - Internet of things devices, so smart fridge, thermostat, smart toaster, vibrat*r(jk) - this is super locked down and has basically no inter VLAN access Untrusted - Public facing servers, this is super locked down and does not have much access to other VLANS and extremely locked down public facing as monitored. Main - just your normal every day network your wifi will use Trusted - Servers, Controllers (iDrac type things), NAS - Locked down and not publicy open beyond what is needed, heavily monitored. Optional as well creating a "Default" that will be what stuff defaults to and you can toss a guest wifi on there Im not super familiar with your exact network hardware so I cant say what getting this segmentation going will look like, that switch looks like it should be pretty easy to do stuff on since its managed.
Zeanox
Zeanox5mo ago
For my deployment would IoT and Trusted be required? The only things connected to this switch would be literally everything in the first diagram So the hpe server raspberry pi and the 2 nas
Wagon
Wagon5mo ago
I would do a trusted and untrusted and main at minimum. If you have no smart devices than you can skip IoT for now The NAS and Promox hosts you wont really want on the same VLAN as public facing services. Not that people dont, just the right way, would be to separate them
Zeanox
Zeanox5mo ago
Okay noted however i am slighty confused at this part Only because regarding the vlans Id have to do this on the tplink switch and once again the only thing connected to that switch is the server raspberrypi and nas
Wagon
Wagon5mo ago
What is your gateway device?
Zeanox
Zeanox5mo ago
Okay at this current moment in time before moving out its the bt router
Wagon
Wagon5mo ago
I understand, but if you host the MC server of a VM on that server you will put it in a seperate VLAN
Zeanox
Zeanox5mo ago
Yes i understand that Its the other devices Like the guest network etc
Zeanox
Zeanox5mo ago
Following this this is currently whats going on
Zeanox
Zeanox5mo ago
And the vlans would be on the tp link and you would have the untrusted and main
Wagon
Wagon5mo ago
That would be fine, depending on your gateway you may be also to configure your VLANS there
Zeanox
Zeanox5mo ago
I dont think im able to on this wifi I am not too sure about the other one that will be on the day i move in
Wagon
Wagon5mo ago
Gotchq well yeah so far the plan looks good as your doing it lmk if questions arise, ive messed with everything besides mc servers and tp link switches
Zeanox
Zeanox5mo ago
Let me make new diagram for the new house
Zeanox
Zeanox5mo ago
No description
Zeanox
Zeanox5mo ago
That would be the new house So essentially all im doing is removing the netgear switch And hopefully if im not mistaken all id have to do is port forward the ports again? @Wagon Gunna be a network between 50-250 People and not modded but with plugins
Wagon
Wagon5mo ago
@DirtyJ may be better to advise, im not a big Mc guy, dont know what that size server would take Maybe not even that Well i mean if you get new router ya and you would need to setup dhcp adnd shi for your other subnets really depends on the gateway situation
DirtyJ
DirtyJ5mo ago
Minecraft enjoys ram, just about finding the right balance between optimization and playability For 50-250 you're looking at 16-64gb of memory allocated to that fat java instance depending on a wide handful of variables. Are you preloading the world, running paper/purpur/a super optimized fork, have you tuned the configs, and are these player estimates peaks or averages. The more things you optimize in the configs the more weird/unplayable the game will get etc
w33t
w33t5mo ago
Wagon beat me to most of what I was going to say lmfao
Zeanox
Zeanox5mo ago
So the plan for minecraft may be overkill. On the home server it will be a network with 4 servers. Skyblock the hub the proxy and a smp. All will be preloaded however i still need to look into what fork ill be running 🙂 The thing about this tho for my current router im really not sure if im able to change anything to do with the gateway, dhcp and subnets it would have to be done on the switch Also just to make sure that im not mistaken The first steps i will be taking is setting up vlans then proxox then cloudflare tunnel theenn the debian servers with the panel and stuff
Wagon
Wagon5mo ago
Thats sounds good to me
Zeanox
Zeanox5mo ago
Okay we are already off to an issue lmfao Last night i had to make it so i can access my switch and for some reason its decided its funny and has reverted
Wagon
Wagon5mo ago
did you hit save
Zeanox
Zeanox5mo ago
I did The whole config reset smh
Wagon
Wagon5mo ago
hmmmm
Zeanox
Zeanox5mo ago
Right i changed it back to what it was however I am slightly confused Would there be any chance id be able to share screen and show you what i mean?
Wagon
Wagon5mo ago
you can dm ss if needed but rn i am working
Zeanox
Zeanox5mo ago
Ill send it here its not an issue but my explanation will be jank lmfao So! For the interface config
Zeanox
Zeanox5mo ago
No description
Zeanox
Zeanox5mo ago
Its using vlan 1 To make the webgui work on my desktop
Zeanox
Zeanox5mo ago
I changed it from static to DHCP and pressed apply
No description
Zeanox
Zeanox5mo ago
And i assume that is fine However the next like problem/concern/nocluewhatimdoing is setting up the vlan! There are 3 options 802.1Q Mac and Protocol
Zeanox
Zeanox5mo ago
Following this
No description
Zeanox
Zeanox5mo ago
Port 1 is the ethernet to my other switch that goes to the router Port 2 Is ILO for my Hpe Server Port 9-10 is for the Hpe server However it will be 11 and 12 too as soon as my ethernet cables arrive Port 18 is i am not too sure i think a raspberry pi? Then 23 and 24 are the two nasses Essentially i have no clue what i am doing any guidance would be greately appriciated
Wagon
Wagon5mo ago
Let me get back to my desk and I will get you some help
Zeanox
Zeanox5mo ago
Thank you so much
Zeanox
Zeanox5mo ago
So with that guide ill be creating 2 vlans
Zeanox
Zeanox5mo ago
One for untrusted and one for trusted But with the 4 ethernet ports for the server Its allocating a port on the switch so like lets say with this Following this
Zeanox
Zeanox5mo ago
Id create a vlan for 9-10-11-12 But that means anything made by that server would instantly go on the main vlan even though id need one to go to untrusted @Wagon Still cant wrap my head arount it
Wagon
Wagon5mo ago
Unfortunately I have taken you as far as I can. I am not familiar with tp-link managed switches and they seem to have zero docs. Also you are probably not going to be able to configure all this correctly without a gateway you can make changes to/proper firewall Someone else may be able to further assist
Zeanox
Zeanox5mo ago
I see thank you v much 🙂 Yeah by the look of it i cant change the dhcp settings on my router
Wagon
Wagon5mo ago
Can you get a different gateway? Microtik makes some really affordable options and their routerOS is really comprehensive you can also do a DIY Pfsense/OPNsense option if you want something a little more all in one, unifi is not bad for at home. people will shit on it but for home use it is completely fine, especially these days
Zeanox
Zeanox5mo ago
So for the time being unfortunately its a no However Im going to just bodge it So proxmox is up Nginx proxy manager and docker with portainer is also up and im using nginx proxy manager to access it via my domain and i have only port forwarded 80 and 443 atm So now what i am doing is installing proxmox on my rented server merging the two together annd installing the panel on my machine and then the nodes on both thats unfortunately without any cloudflare tunnels and the only issue i may think of is that with my router atm its using DHCP however i set it to always use this ip and its not having any of it So im taking a risk in the sense that if the ip changes i am fucked But for the time being hopefully it will suffice Just had an issue with my server too a ram stick combusted? Anyone with proxmox experience able to help me link the ethernet ports? Is it just as simple as editing the bridge and adding the en02 eno3 eno4 or do i have to do any other configuration?
Wagon
Wagon5mo ago
Are you trying to get the ethernet port to work in proxmox? IM afraid I dont understand
Zeanox
Zeanox5mo ago
Well i have 4 ethernet ports all plugged in and id like to link them all together so i have more thruput instead of all through 1 ethernet port
Wagon
Wagon5mo ago
I can help in a bit but this is the direct from proxmox wiki, however I doubt you really are going to see any benefit, i imagine the NIC on your server is a GIG and so is you switch so splitting into 4 isnt going to do anything
Zeanox
Zeanox5mo ago
No description
Zeanox
Zeanox5mo ago
Each port is gigabit
Wagon
Wagon5mo ago
Ok then there is no reason to split because your switch is only Gigabit
Zeanox
Zeanox5mo ago
I understand however if there are 3 devices its trying to communicate to will it not help?
Wagon
Wagon5mo ago
No
Zeanox
Zeanox5mo ago
Like for example the two nas they are each gigabit thats going to completely overload the one ethernet port connected to the server atm so by bridging 4 it can split it across all 4 so i can have 1gigabit to the internet if needed and 1 gigabit to each of the nas instead of it being like 33% 33% 33%
Wagon
Wagon5mo ago
Nevermind I see what your saying now Are your NAS's VM on proxmox?
Zeanox
Zeanox5mo ago
Nope but plugged into the switch the server is ill have to mount them to the proxmox server but shouldnt be an issue
Wagon
Wagon5mo ago
Ive never done NIC teaming on proxmox but I would check this out
Zeanox
Zeanox5mo ago
Last time i attempted to do this i completely crashed my whole network thanks 🙂 Right going from that reddit just gotta reboot Unfortunately no luck im pretty sure im gunna have to fresh wipe it 😦 server fans just kick to 100% nd have no access at all and its just crashed my wifi again lmfa