Homelab

A homelab is a set of servers and hosts you run locally to try out software and ideas on a non-production / low risk system. The simplest setup is to use virtual machines on a single host, but often people branch out into one or more pieces of dedicated physical hardware so they can experiment with clustering and virtual machine hosts themselves (hypervisors). A homelab is a computing environment set up at home for experimenting with different technologies and IT practices in a safe and isolated way, without risking production systems. It typically includes a collection of hardware and software components, such as servers and hosts, and can range from a single host running virtual machines to multiple dedicated physical hardware pieces that allow users to experiment with clustering and hypervisors. The purpose of a homelab is to gain hands-on experience with new technologies and test out different configurations before implementing them in production environments.

For my purposes, I use my homelab to explore automation technologies, security tooling, and home automation.

Reverse Proxy with Traefik

This1 is a very good guide for quickly sorting out Traefik in docker reverse proxying other docker containers and non-docker hosts. The corresponding notes are here with the relevant config files found on github here. In short, you stand up a docker container with traefik in docker compose. Using a domain you own, you then have Traefik acquire a wildcard certificate for a local sub-domain. This done during the configuration of the docker-compose file, setting up an API connection to your domain provider. Cloudflare is the provider of choice, but I had success using my own provider. After Traefik has the certificate, it then is able to proxy back to docker and non-docker hosts. Docker hosts are configured with labels while non-docker hosts use a config file. Finally, for it to work locally, you must setup DNS entries within your local DNS server (pihole or your router) to point the local service domains at the Traefik container IP address. Particularly useful in the above guide is the configuration for Proxmox hosts.

Security

In an interest to learn more about Security. To start, I wanted a logging solution for firewall and IDS events. I went to the ELK Stack for this but more specifically a variant of ELK where Logstash is replaced by Graylog and ElasticSearch and Kibana are replaced by the open source OpenSearch and OpenSearch Dashboards.

I wanted to learn more about Intrusion Detection System, For creating IDS dashboards, a dashboard like this might be useful.

QRadar, available at https://www.ibm.com/community/qradar/ce/, is a community edition Security Information and Event Management (SIEM) tool.


References

1.
Techno Tim. Put Wildcard Certificates and SSL on EVERYTHING - Traefik Tutorial. at https://www.youtube.com/watch?v=liV3c9m_OX8 (2021).

Links to this note