The Infrastructure

In this post I’m going to be focusing on the basic infrastructure running the network and blog. I imagine I’ll have another post with diagrams laying out my entire network once I find time to diagram it all out.

This blog runs on a ZOTAC ZBOX-CI327NANO. It’s a pre-built bare-bones nano PC with a quad-core IntelĀ® CeleronĀ® Processor N3450. I’ve equipped it with 8 GB of RAM, and a 128 GB SSD I had laying around from previous desktop upgrade. Minus the drive this ran me about $200. This was a great buy for me considering a UniFi Security Gateway which is a popular homelab-ers choice costs about $130, and this hardware was chosen accomplish the same functionality, and more. Plus getting the experience of homebrewing it along the way.

This PC has two Gigabit Ethernet ports which were essential for my configuration. One is connected directly to my ISP’s gateway. The other is connected to the rest of the home network. While with Xfinity I was able to put the ISP’s router into bridged mode to act only as a modem, and I actually saw a bandwidth increase as a result. With Frontier I have only been able to add my router to the DMZ. Which while effective is not completely ideal. Frontier’s cable package uses Ethernet for transport, and from my admittedly minimal research, it appears I may break this trying to accomplish the same configuration. I may revisit this in the future.

In an effort to run my environment more like a data-center, I opted to run VMWare ESXi. The installation of which could be a whole other post. It involved creating my own ESXi 6.0 ISO using PowerShell utilities to re-add drivers removed by VMWare to support my officially unsupported hardware. This meant I could install ESXi on almost any host I chose. This allows me to run multiple Virtual Machines on my hardware. Separating concerns and simplifying any one server’s functions. Even with modest hardware, it runs a few services for me with good performance.

The primary virtual machine running on this host is OPNSense as my edge-router appliance. This VM is configured in such a way that it is the only one that communicates directly with the Internet. It runs services like DHCP, DNS, UPnP, Dynamic DNS, acts as my firewall, and provides statistics on my connection.

This ESXi host also runs a minimally provisioned Centos VM that I use as a server to log into when I’m remote. It’s a SSH server with utilities and tools to troubleshoot and manage my network. While I may look into OpenVPN someday. Currently I use SSH proxy-ed ports to accomplish everything I have needed to so far. This VM also allows me to deny all access to the OPNSense OS externally as an added layer of security. I only access the management of my router through the internal network.

Finally that brings us to the Centos VM running Docker that houses this blog. I have currently provisioned this machine, dubbed docker1, with 2 GB of RAM. This is roughly the size of $10/mo droplet at Digital Ocean. In the future we’ll get into hosting services in the cloud. This made for a comparable setup. I still have limited room to grow this if it becomes needed.

If you’ve been keeping track, I only use open source software where possible. Unless my projects involve the use of free or affordable software I’d like learn. For instance, the conscious decision to use VMWare ESXi instead of KVM. A nice side-effect of this is that it keeps the cost of my home lab down.

In my next post we’ll take a look at configuring my domain’s DNS entries. So that requests from your web browser find the correct server to serve this page.

Leave a comment

Your email address will not be published. Required fields are marked *