cross-posted from: https://lazysoci.al/post/12664364

Everyone was kind enough to ram my brain chock full of knowledge about switches and I came away feeling like I can explain it to other people. (please don't test me on this, I'll fail)

But now I'm trying to figure out how I want my network to look and so it's best I ask the people smarter than me that actually understand what I'm trying to do.

My house is an average sized, end of terrace in a big city and so while I can get decent Internet speeds, I get lots of WiFi signal congestion with neighbours, buildings, etc.

In my present router, which I really need to replace, I have my NAS and cable box plugged in via Ethernet, everything else is connected via WiFi. That's a bunch of phones, a couple laptops, and a couple Raspberry Pi's (including my one with all my home services, like Home Assistant and my Pi-Hole).

The design I'm cooking up, is that my NAS would be on a virtual LAN with no direct access to the Internet, my Raspberry Pis would have Internet access. I don't need to worry about my smart home devices having Internet access since they're all Zigbee devices. But I plan to switch my cable box to an IPTV box and I'm also wanting to get a video doorbell and security camera for the garden, so that's at least three virtual local area networks. Four if I add a guest network.

My questions are really simple ones and you're probably gonna laugh at how stupid they are… can I do this all with a single switch? Do I need a separate access points for each VLAN or can I have multiple vLANs on a single AP? How many ports should I be looking at on my switch? Would four be enough for my set-up? Also managed is best right?

cross-posted from: https://lazysoci.al/post/12597342

Okay, I've been watching lots of YouTube videos about switches and I've just made myself more confused. Managed versus unmanaged seems to be having a GUI versus not having a GUI, but why would anyone want a GUI on a switch? Shouldn't your router do that? Also, a switch is like a tube station for local traffic, essentially an extension lead, so why do some have fans?

My home server is a Proxmox machine with some VM one of which is Open Media Vault from which a Windows PC plays videos to my TV. I want to get rid of the Windows PC and connect the TV directly to the server with an HDMI+USB RJ45 extender, but...how do I get a GUI from it? Is it even possible? I would need to connect to a Windows VM because for what I know Netflix only plays 4K videos with Edge. Thanks!

I want to build a proper server with room for 40+ HDDs to move my media server to and have RAID 1. I know a lot about PCs and software, but when it comes to server hardware I have no clue what I'm doing. How would I go about building a server that has access to 40+ RAID 1'd HDDs?

cross-posted from: https://lazysoci.al/post/12340365

With my Raspberry Pi basically being software/service complete, I'm starting to think more about my router and I need to make sure I'm thinking about this right.

As I envision it, my router would run OpenWRT, Pi-Hole and a VPN. Is that correct or have I got this wrong?

I run a Windows 11 VM on xcp-ng to do testing and Windows specific graphic and video work. I use an old R9 390 in passthrough mode right now but it's running out of steam.

I'm particularly interested in the A380 series of gpus as they have a lot of the modern compute and video encoding features for around $100.

Before I pull the trigger I just wanted to know if anyone has had much experience with ARC GPUs in a VM passthrough scenario. I see in their official docs that resizable BAR is a requirement and I didn't know whether that is handled properly in a virtual environment or on XCP-NG specifically.

Any experience you're willing to share would be most appreciated.

Thanks!

First time posting here, so please lmk if I should format this question differently or ask for this kind of help somewhere else.

What I'm trying to do: Have two WAPs that each have their own DNS servers. One of the DNS servers is a Pi-hole, and the other one being the regular dns server provided by my ISP.

Why I'm trying to do this: Been messing around with homelab stuff for a while and been having fun with it, and this is my next mini project. I have a crummy roku TV that I want to connect to a Pi-hole, problem is that I cant adjust the DNS settings on the TV, I can only select the network it can connect to. But I don't want to change the primary DNS on my network. I have been messing around with this setup trying to get it to work for a couple days and its been a tough one. I've tried multiple different setups and nothing has really worked. I'll probably type out what I've tried in the comments.

What I have to work with: I have a Netgear Wifi router connected to the internet from my Modem to my WAN port and I have a second Asus Wifi router that I planned on using for the second network which would have its default DNS server be the Pi-hole.

Also please correct me if I'm using terms/concepts wrong because part of the wider goal of my homelab is to have a better conceptual understanding of networking, so I want to make sure what I'm saying is correct.

hey,

I'm getting a 3D printer soon. Its on it way right now actually. I was wondering if anyone here has a 3D printer projects that are useful for a Homelab. Hard drive caddies are the only thing I can think of, that would be useful in the homelab. Of course I'm going to use it for other non homelab projects. So ideas would be highly appreciated! Thank you!

I was found a listing on eBay for a "Mellanox CX354A ConnectX-3 FDR Infiniband 40GbE QSFP+" card for quite cheap. By the sound of the listing title it supports both infiniband and 40GbE, is that right? I would like to try out infiniband, but I would be buying for the 40GbE. And are there good drivers for modern linux distros for this card? Also, do I just buy some QSFP cables to direct attach them?

My homelab is still in its infancy as I'm at the start of my self-hosting journey. I'm now down the rabbit hole though and where I can self host, I'd like to.

Not long back, I asked for some advice regarding an IFTTT replacement. I only need a tiny subset of the service, in that I want it to check some RSS feeds and send a notification if it finds one. The people of the fediverse are amazing and I got some great recommendations, however some felt like a great fit but didn't pan out. That left me with less and less.

One of the suggestions though was n8n and as I looked into giving it a whirl, I noticed it needed Traefik to be installed.

Now here's the thing, I haven't sorted out my router yet and since nothing I'm doing is facing the net, I'm kinda just chilling without a proper set up. I'm wondering, if I install Traefik along with n8n, will it break my other services? Will I still be able to install my homebrew router with OpenWRT when I finally sort that out and will it impact the IPTV which I'll sort out when I've sorted out the router?

Hi folks,

I seem to be having some internet connectivity issues lately and I would like to monitor my access to the internet. I have a homelab and was wondering whether someone had perhaps something like a docker container which pings a custom website every so often and plots a timescale of when the connection was successful and when it was not.

Or perhaps you have another suggestion? I know of dashboards like grafana but I don't know whether they can be configured to actually generate that data or whether they rely on a third party to feed them. Thanks!

The majority of my homelab consists of two servers: A Proxmox hypervisor and a TrueNAS file server. The bulk of my LAN traffic is between these two servers. At the moment, both servers are on my "main" VLAN. I have separate VLANs for guests and IoT devices, but everything else lives on VLAN2.

I have been considering the idea of creating another VLAN for storage, but I'm debating if there is any benefit to this. My NAS still needs to be accessible to non-VLAN-aware devices (my desktop PC, for instance), so from a security standpoint, there's not much benefit; it wouldn't be isolated. Both servers have a 10Gb DAC back to the switch, so bandwidth isn't really a factor; even if it was, my switch is still only going to switch packets between the two servers; it's not like it's flooding the rest of my network.

Having a VLAN for storage seems like it's the "best practice," but since both servers still need to be accessible outside the VLAN, the only benefit I can see is limiting broadcast traffic, and as far as I know (correct me if I'm wrong), SMB/NFS/iSCSI are all unicast.

I got a server case and some rails for free, they were annoying to build (yes, build), and I could not find anything regarding those rails online, so I decided to blog about it, in the hope of helping someone with all the same questions as me!

Also, I have no idea what I'll do with this new server, any thoughts or fun ideas ?

#homelab #rails

After looking into travel routers a bit, I quickly came across Gl.iNet which seems to be a leader in the space. It seems they use OpenWRT which is great, but with some special sauce on top of it.

In a few different posts I've seen people mention that they are no longer open source. Does anyone know if this is the case? I see some activity on their Github repo, but am not quite sure which parts people are worried about being closed.

Post 1

Post 2

For those of you who use travel routers, do you only use them to wire guard/ openvpn back to your home networks for local resources?

Do you use the travel routers firewall features at all, or does the VPN tunnel home take care of concerns about others in the public (hotel/ coffee shop/ etc) from seeing your devices?

I've been using Whoogle for probably a couple years now, and it's been great.

I do not have a cert on my PC that's running it (in my house) so my connection to it is not https. My question though, is once my query reaches from my device to the whole server (http) does Whoogle then use HTTPS when exiting to complete the query?

I've gone through this process a few times over the last week since trying out WireGuard, and for the most part it's been seemless. There's hiccups here or there, but normally just me misconfiguring my keys/ config file.

Typically on the client (my phone, tablet, etc) there is an option to generate the key pairs. I'll then put the public one on my peer definition in pfsense, and away we go.

With this GL.iNet router however, there is no option (that I see) to generate the key pairs.. so I think the problem I'm running into is that they are not matching/ expected when the negotiation with my firewall happens.

How can I go about generating these keypairs? Has anyone had this issue with GL.iNet?

EDIT: After finding a post from GL.iNet staff advising to not have a Listening port in the Peer section, and to set the MTU to around 1300, I have everything working as expected.

Been running San Ace 120x38mm 0.8A fans for a few weeks now and have been super happy (they're not silent but that's fine since they're sitting in the furnace/HVAC closet in the basement). Just wondering if buying them 2nd hand was a smart move or not. The particular ones I got are rated for 70,000 hours of use and they were in good shape, but I've been wondering if anyone has had any die on them before, and if so after how long?

Dear all, I have some questions for what I'm about to do with my HomeLab. I recently upgraded my connection to a 1000/1000 and the ISP sent me this shit ass router (Fastweb Nexxt) which is very locked down. I want to change it.

Today this Fastweb Nexxt is not doing DHCP because I'm running a VM with OPNSense on it from which I manage IP reservation etc.

The fiber connection comes to my house and it's connected to a small box, an ONT from ZTE. Then an ethernet cable goes to the wan port of the Fastweb Nexxt and then LAN to my server where the OPNSense VM is hosted.

Now, I'm open to solution, the goal is to remove the Fastweb Nexxt.

The "Cheap" idea would be to use a USBC to Ethernet cable so to add a second Ethernet card to my server and connect the ZTE device to it. I would then assign in OPNSense this cable as WAN and leave the existing card as LAN for the switch. I'm quite sure I would need as well to clone the MAC address of the Fastweb Nexxt device and assign this MAC to the wan of my OPNSense right?

I'm open to any kind of suggestion, even something like "this is the best home-router for 100€"

EDIT: It seems something is causing my wireguard hanshake to fail. I can't find much on this particular error except "try rebooting the wg server". I rebooted everything, and I can't get it to connect unless the clients are already connected to the home wifi.

So I installed wg-easy on my one of my virtual machines on my proxmox "homelab". It seems to be working, and I installed the client wireguard-tools on my phone (via app), and on my laptop (EndeavorOS), and on my minecraft server (mineOS also in proxmox).

The web client for wg-easy shows all 3 clients connected and transmitting data.

I used my routers app to open the port to the wg-easy server.

I attempted to use my phone's cell network to pretend like I am not home, and simply ping my minecraft server. I tried with the wg ip (10.8.0.x) and I tried pinging the normal wlan ip (192.168.x.x). Neither work. I'm really confused as to why this simple test didn't work. The documentation on wireguard's site is pretty sparse when it comes to testing your own setup. Doe anyone have any resource to help me understand how this should work?

Side note: I have to have wireguard installed on every computer in my home network if I want to be able to reach them, correct?

other side note: If I wanted to reach my minecraft webUI (mineOS) from outside my network, what address should I use?

If you don’t mind Chinese vendors from AliExpress. It’s probably the best deal you’re going to find.

I have seen several cards that will do up to 4 NVMe from a single x16 slot (with MB and CPU that support bifurcation), but I have only found cards that are 1 PCIe slot to 1 M.2 A+E.

I think one way to do this would be to have a regular bifurcation x16 to 4 x4s and then use the 1x cards. But are there other options?

The reason I am asking is because I am procrastinating on other things I am supposed to be doing. I have no actual need for this and putting 4 wifi cards so close probably creates horrible interference anyway.

I recently upgraded my homelab core switch to a Mellanox SX 6012. It’s 12 ports of 40gb/s, and each can break out to 10gb/s. This switch also idles at 30 watts which was top of my list.

What model switches are you running, and do you like it?

I want a switch with a few POE ports but it needs to be as low power as possible as I rely in solar.

Any recommendeations?

Cross-posted to: https://sh.itjust.works/post/14975090

Solution

I'm still not really sure exactly what the root cause of the issue was (I would appreciate it if someone could explain it to me), but I disabled HTTPS on the Nextcloud server

nextcloud.disable-https

and it, all of a sudden, started working. My Caddyfile simply contains the following:

nextcloud.domain.com {
    server-LAN-ip:80
}

Original Post

I am trying to upgrade my existing Nextcloud server (installed as a Snap) so that it is sitting behind a reverse proxy. Originally, The Nextcloud server handled HTTPS with Let's Encrypt at domain.com; now, I would like for Caddy to handle HTTPS with Let's Encrypt at nextcloud.domain.com and to forward the traffic to the Nextcloud server.

With my current setup, I am encountering an error where it is saying 301 Moved Permanently. Does anyone have any ideas on how to fix or troubleshoot this?

Caddyfile:

https://nextcloud.domain.com {
        reverse_proxy 192.168.1.182:443
        header / Strict-Transport-Security max-age=31536000;
}

And here is the output of curl -v https://nextcloud.domain.com/:

* Host nextcloud.domain.com:443 was resolved.
* IPv6: (none)
* IPv4: public-ip
*   Trying public-ip:443...
* Connected to nextcloud.domain.com (public-ip) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: none
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_CHACHA20_POLY1305_SHA256 / x25519 / id-ecPublicKey
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=nextcloud.domain.com
*  start date: Feb 21 06:09:01 2024 GMT
*  expire date: May 21 06:09:00 2024 GMT
*  subjectAltName: host "nextcloud.domain.com" matched cert's "nextcloud.domain.com"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
*   Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using sha256WithRSAEncryption
*   Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
*   Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://nextcloud.domain.com/
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: nextcloud.domain.com]
* [HTTP/2] [1] [:path: /]
* [HTTP/2] [1] [user-agent: curl/8.6.0]
* [HTTP/2] [1] [accept: */*]
> GET / HTTP/2
> Host: nextcloud.domain.com
> User-Agent: curl/8.6.0
> Accept: */*
> 
< HTTP/2 301 
< alt-svc: h3="public-ip:443"; ma=2592000
< content-type: text/html; charset=iso-8859-1
< date: Wed, 21 Feb 2024 07:45:34 GMT
< location: https://nextcloud.domain.com:443/
< server: Caddy
< server: Apache
< strict-transport-security: max-age=31536000;
< content-length: 250
< 


301 Moved Permanently

<h1>Moved Permanently</h1>
<p>The document has moved here.</p>

* Connection #0 to host nextcloud.domain.com left intact