Hardware
I started my homelabbing journey Q4 of 2024. I wanted to try self-hosting some services in Docker containers. As I wanted my homelab to be fairly power efficient, but powerful enough, I invested in an Intel N100 NUC with 16G of ram and 512G of storage. Also as I had taken interest in networking, I wanted the possibility of using it as a router, so I got one with two ethernet interfaces (haven’t tried that yet).
Stage 1
I wanted the system to be as robust as possible, so I opted to use NixOS (of course) with plain Docker on top. As I wanted some services to be accessible over the internet right from the get-go, I opted to use a reverse proxy for TLS and routing traffic to containers. In the beginning I experimented with a free domain name from duckdns, Nginx Proxy Manager and trusted certificates from Let’s Encrypt (built in to Nginx Proxy Manager). But as I got tired from configuring my reverse proxy from the web UI and got envious of other homelabbers on the internet who were using Traefik, I soon switched to it. I also got myself a domain name from Cloudflare.
A cool trick: to separate traffic from the internet and strictly local traffic (e.g your homepage VS your DNS server), in your reverse proxy, set up ports 80 and 443 for local services and some other ports, like 81 and 444 (can be something else), for public services. Then forward the ports 80 and 443 from your ROUTER to the designated public ports in your reverse proxy. I didn’t even use the public http port, because I set up HSTS. This trick is from Jim’s Garage.
I HIGHLY recommend homelabbing newcomers to use a setup similar to this (maybe not NixOS if you’re not familiar with it). Docker is simple to wrap your head around and networking in Docker is also simple enough. The part that gave me most trouble was getting the automatic certificates to work properly. At first I used a HTTP challenge that got a separate certificate for every subdomain. But after I got my own domain, I could set up a DNS challenge, which was by far the most confusing for me. However if you get a good video to follow (or just the documentation), you will be fine. Traefik documentation for example has all the necessary steps to set up a DNS challenge with a wide variety of DNS providers.
Stage 2
My second stage was quite brief. I got tired of running stuff in docker and managing the containers with docker-compose files. I wanted to try something new. So I installed Proxmox on the same Intel NUC. First of all, the installation process took a long time and came with some very weird problems. But as I got it up and running, I wanted to get my previous lab’s functionality back. I created some virtual bridges and installed Traefik on an LXC container. I tried to get Vaultwarden running on an LXC container aswell (which I eventually accomplished), but I had to build it from source. This took a while and a lot of tinkering with the databases behind the scenes.
In this moment I knew that Proxmox wasn’t for me. It is just a bit too complex and has just a bit too much overhead. The LXC containers were eating into my ram faster than I would’ve wanted. And as I’m not much of a “VM guy”, if I wanted to use Docker, I would’ve just used it without Proxmox under the VM running Docker… which I had just tried. It might be a bit ironic as I just whined about the high overhead of Proxmox, but I wanted to try Kubernetes.
To be continued…