The idea behind this particular journey is that within my home I should be able to access anything I wish from anywhere. For this I began by rewiring my home with high quality CAT 6 cable as there was no existing Ethernet cabling and I prefer to think ahead rather than limit myself to CAT 5e in the future.

Once the wiring was taken care of, an unmanaged network switch was installed and was plugged directly into the network modem. The built in Wi-Fi was then disabled. This ensures that in the event of a network compromise it is one cable to disconnect from the internet. Additionally battery backups are installed for critical systems such as the network switch, router, gateway, DNS server, etc.

Next a Raspberry Pi was set up as a DNS server. This allows all requests to be logged as well as letting the intranet have its own local domain. Every network enabled device that is more permanent, such as computers, TVs, game consoles, is given a static IP address and set to use the Pi as the only DNS server.

An enterprise grade Wi-Fi router is installed as well and is plugged into the router as to allow the intranet to function over Wi-Fi if needed. This is run with Power over Ethernet so the battery backups will keep this running if and when the power fails.

For internal systems an older model laptop with sufficient computing power was set up as a front end system. This runs Docker as to help maintain portability, isolation, and resource management. Outside of Docker, NGINX is installed as a reverse proxy to direct traffic. WordPress is also installed on this machine but I will get to that later.

As a file store node, a special computer with sufficient compute power was built. This machine has 24 Terabytes of HDD space in RAID 5 configuration, leaving 20 Terabytes of usable drive space. This is set up as an NFS file share accessible by the PC used to maintain the system primarily, and the laptop front end node. Due to some latency issues Docker is installed on this machine as well to run the Emby server, this will be touched on later as well.

The NFS node is set to be the file store for the services run on the Front End node, such as Jenkins, WordPress, and other services as needed. This gives redundant storage in the event of catastrophic failure on the end of the laptop, or drive failure on the end of the NFS server.

Emby is installed using Docker but directly on the NFS node to reduce latency from running on the laptop, collecting the data, and sending it back to the requesting server via the laptop. As a media server, this is critical to keep the latency low. NGINX is used as the reverse proxy for Emby on the laptop though giving SSL security.

WordPress is running on the laptop directly as a learning exercise in how to create and host a website. The data is saved on the NFS server but NGINX serves the files up. This is how you are seeing this post.

Once the infrastructure is completed, a domain is purchased and SSL certificates generated courtesy of Let’s Encrypt. The DNS server is updated to point the domain directly at the NGINX, this is to save the hop to the open internet to serve up the files. Additionally this gives a speed boost as the intranet speeds are much faster than the internet speeds due to me being cheap an only purchasing 1 Gbps down internet with up speeds being a miniscule fraction of that.

At the end of the day, we have infrastructure being run on a laptop with data being saved on a NFS file store. The traffic is routed internally to speed up the services internally as well as allow them to be seen externally as necessary.