A look at my server setup, and the evolution therein

I’ve spent a lot of time working on and tweaking my homelab. It started with just a Raspberry Pi 2B, followed by an upgrade to a custom desktop I had laying around, followed by the final upgrade, to a Dell Optiplex 3050, with an i3 7100 and 16 GB of ram.

Not the most glorious specs, but it works for me. Nowadays, it runs Fedora Server, with its main workload being a Docker stack. I used to have it exposed publically, hidden behind Authelia, but eventually ended up hiding it behind a Wireguard connection. Having it exposed didn’t particularly make much sense, and Wireguard is a lot safer. This ended up being an annoyance later, though. Directing the user to containers based on the URL is handled through Caddy reverse proxies, and I also use Caddy (and a bit of Javascript, for cosmetics) to prevent users from accessing pages they shouldn’t be able to.

Why, you ask? Well, one of the services I need to be able to access from a remote TV, and unfortunately, LG WebOS doesn’t come with support for Wireguard (obviously). The solution for this wound up being using a Raspberry Pi as a bridge - it connects over Wireguard, and then serves the site on its own subdomain.

There were some unfortunate features that I lost from using Wireguard - not necessary features, but just things that I found fun to set up. I had a Node.JS server that would interpret Caddy logs to see what sites were being requested, and would present those logs in a nice format. I had a similar script written in Python.

I used rootless Docker for a while, but ended up switching to rootful because there were network throughput issues with Wireguard (documented here). I had Geo-IP blocking setup to limit suspicious connections when things were exposed, and using rootless was a bit finnicky to get working because of this issue.

Nowadays, things are pretty much self-sufficient. I recently cleaned up my compose files, and made them more modular - initially, I had one monolith compose file, which became several categorized compose files, and now takes the form of several individual service files. In the latter two cases, I had a single docker-compose.yaml that would include the others.

I had crash issues every now and then with the server for a while - which I’m still not sure the cause of, since there were no apparent logs - but those have stopped in the last year or two.

I don’t run a whole lot on it anymore - mostly media stuff, Wireguard, and the occasional game server. But, it’s always a treat to have those things. I would consider putting up some more services - Owntracks was nice for novelty, but I didn’t travel enough to make it useful. I recently added to the Wireguard setup, with two separate containers running Wireguard simultaneously. The reasoning for this is that I have services that I’d like friends and family to be able to access, but I’d rather not open the entire network up to them - this is where the Caddy and Javascript setup from earlier comes in. Using iptables and separation via Docker network, I limited user-mode connections to a few services, and allowed super-user connections to the whole network. I’ve toyed with running Wireguard outside of Docker as well, but I find it more convenient to have everything running within.

Alas, that brings us to the end of the post. As always, thank you for reading. Let me know if you have any suggestions on what I should do with the server!