Home Lab

High Availability Servers

3 in Nicosia, 1, in Larnaca, 1 in Limassol, and 1 in Spain

Secured

All services exposed to the internet are protected and behind the WAF of Cloudflare.

Speed

All the servers are running Enterprise Data Center Edition SSDs for the best speed and reliability. 

THE PATH

angelo brewing
angelo brewing 1
Mikrotik has been the backbone of my network from the start. From a RB2011 I bought second-hand to learn networking, VPNs, and or how to simply create a VLAN. Today my new RB5009 serves all my needs and protects all my servers.
The main Mikrotik in Nicosia is connected via a Wireguard site-to-site tunnel to another Mikrotik in Larnaca.
Screenshot 2024 04 04 at 12.04.05 AM
Lenovo hardware has served as my reliable foundation for the past few years. Currently, I manage three servers in Nicosia and one in Larnaca, all configured with a High Availability setup on Proxmox. This infrastructure allows me the flexibility to maintain production, testing, and development environments simultaneously, ensuring both stability and reliability. To safeguard my data, all virtual machines (VMs) undergo daily backups across three locations: Nicosia, Larnaca, and Spain. Furthermore, these backups are encrypted and subjected to weekly verifications to confirm their integrity. This meticulous approach ensures that all backups are functioning correctly, minimizing the risk of file corruption and data loss.
angelo brewing 2
Screenshot 2024 04 04 at 12.21.57 AM
angelo brewing 3
I chose Synology NAS units for my setup because they’re at the top of the game right now, and I really wanted to learn all I could about their systems. Keeping up with what they offer means I can make the most of their technology. Using two of these units has been great for sharing storage between servers and backing up important data. They back up to each other every night, which has worked out perfectly. Over time, they’ve been super reliable. Learning about and using the best NAS units out there has helped me a lot, both in making sure my data is safe and in keeping my skills sharp. This blend of practical application and continuous learning has been instrumental in optimizing my network’s storage capabilities, all while keeping pace with the latest innovations in the field.
DSC 0905 copy
I’ve gone through a journey with different hypervisors, starting with Hyper-V on Windows Server, then moving to ESXi, before I finally switched to Proxmox. Proxmox has given me everything I needed in an easy-to-use, all-in-one platform. It offers high availability across my servers, Ceph for shared storage, and it makes backups a breeze. Proxmox even has its own Backup Server, which I use across three locations to back up all my servers and VMs. It’s been the best choice for my setup by far.
What’s more, with the recent news about VMware and ESXi being phased out for the general public, I’m really glad I made the switch to Proxmox early on. It’s reassuring to know that I’m using a platform that not only meets my current needs but also seems set for a stable future. Proxmox’s comprehensive features like high availability, efficient backup solutions, and Ceph shared storage have made managing my infrastructure smoother and more reliable than ever.
angelo brewing 6
DSC 0904 copy
angelo brewing 5
My monitoring setup is designed for comprehensive oversight, utilizing Grafana with InfluxDB to keep an eye on all virtual machines (VMs) and servers across every location. This system enables real-time monitoring and analysis, with the capability to send notifications via Slack for any unusual activity, such as spikes in usage or downtime. Complementing this, I employ Uptime Kuma for a detailed view of web apps and sites where Grafana might not be as effective. Uptime Kuma tracks metrics like ping, response times, and certificate expirations, ensuring I’m always informed. It’s integrated into my notification system through APIs, allowing for immediate alerts if anything goes awry. This dual-setup provides a robust monitoring framework, ensuring swift responses to any issues and maintaining optimal performance across my infrastructure.
DSC 0912
The reliability of my setup is built on careful hardware selection, intelligent automation, and diligent monitoring. Enterprise SSDs in my servers and NAS-grade HDDs in the Synology units ensure durability, while a robust network and regular updates maintain security and efficiency. Home Assistant’s smart environmental controls automatically manage air conditioning based on server rack temperatures, a feature that prevented overheating last summer.
A critical part of my reliability strategy is the UPS connected to a power monitor, guaranteeing my entire rack operates for 20 minutes during an outage. If power is close to running out, a command triggers a graceful shutdown of all VMs, servers, and NAS units to avoid data corruption. Moreover, my Mikrotik Router, enhanced with dual power supplies and a monthly backup routine of its configuration file, ensures network reliability. This setup not only meets my operational needs but also serves as a personal tech lab, allowing me to apply real-world innovations effectively.
Furthermore, my monitoring setup with Grafana, InfluxDB, and Uptime Kuma allows for real-time oversight across all locations, with immediate notifications for any issues, ensuring swift responses to potential problems. The choice to run Ubuntu Pro on critical production VMs underscores my emphasis on uptime and security for essential systems.
All these elements reflect my commitment to creating a reliable, self-sufficient data center. This setup not only serves my needs and safeguards my operations but also provides a personal learning environment. It allows me to experiment with the latest technologies, ensuring that I can apply these innovations in real-world scenarios when necessary. This approach has built a foundation that is not just about keeping systems running but about advancing my knowledge and capability in handling state-of-the-art technology efficiently and effectively.
angelo brewing 4
DSC 0887
DSC 0922
angelo brewing 7
In my setup, I leverage Cloudflare’s Web Application Firewall (WAF) to safeguard all my websites and applications. This decision is driven by the need for robust security measures that can deflect a wide array of cyber threats, including SQL injection, cross-site scripting (XSS), and more. Cloudflare not only meets these requirements but also simplifies the management process through a unified control panel, enabling me to monitor the security status of all my assets in one place.
To enhance security further, I’ve configured my Mikrotik router to allow HTTPS traffic exclusively from Cloudflare, effectively making port 443 inaccessible to unauthorized internet traffic. This setup ensures that attempts to probe or exploit this port are thwarted, as only traffic routed through Cloudflare can reach my network.
Additionally, Cloudflare’s ability to issue SSL certificates has been instrumental in securing HTTPS for all my services. By managing these certificates through an NGINX Reverse Proxy, I maintain a streamlined and secure communication channel for all incoming traffic. This comprehensive approach to security not only protects my digital assets but also demonstrates my capability to implement and manage advanced cybersecurity measures.
DSC 0915

Security is key!

Literally, a Yubikey, or more! 🙂

DSC 0929
Screenshot 2024 04 04 at 1.48.46 AM
I self-host Bitwarden, a robust password manager, on my own servers at home, ensuring that all my passwords are securely stored under my control. This setup not only enhances my digital security but also streamlines my online interactions by saving me considerable time. A critical layer of this security framework is the requirement for a YubiKey to authenticate access, adding a physical dimension to the authentication process that significantly bolsters security.
I employ the Elastic Search stack along with Kibana to keep a vigilant eye on the security posture of my entire infrastructure. This powerful combination allows me to monitor for vulnerabilities, ensuring I’m always ahead of the curve in patching systems and preemptively addressing potential threats. The proactive approach facilitated by Elastic helps in averting issues before they escalate into serious problems.
Currently, I’m in the process of deepening my understanding of Elastic and aiming to integrate it throughout all my VMs and services. My goal is to enhance this setup with N8N, creating intelligent automation pipelines. These pipelines are intended to streamline operations and sift through data via multiple filters, ensuring that I’m alerted only to critical, actionable information. This strategy is designed not just to save time but also to focus my attention where it’s most needed, thereby optimizing my response to security alerts and maintaining a fortified and efficient network environment.
DSC 0918
DSC 0917
DSC 0916
In my pursuit of robust security measures, I’ve set up two Wireguard servers, with each serving as a gateway to a specific VLAN, enhancing network segmentation and access control. Parallel to this, I utilize Tailscale, a solution built on Wireguard’s framework, which has proven exceptionally effective. Notably, I employ Tailscale for remote backups in Spain, a strategy that allows me to secure my data transfers without exposing any services directly to the internet, thereby reducing potential attack vectors.
Additionally, for the backup location in Larnaca, I’ve established a direct Wireguard tunnel between Mikrotik routers. This setup is part of an ongoing evaluation to determine the most efficient, reliable, and secure method for my needs. By comparing Tailscale and Wireguard in real-world scenarios, I aim to ascertain which solution—or potentially a combination of both, serving as an active-backup system—best suits my infrastructure. This approach underscores my commitment to leveraging advanced networking and security technologies to safeguard data transfers and ensure the integrity of my remote backup processes.
Data analytics play a crucial role in understanding and optimizing the performance of my websites, which is why I place a high value on both the quality of the data and the sovereignty over it.

To align with these priorities, I self-host Matomo, an alternative to Google Analytics. Matomo empowers me to dive deep into the analytics of all my websites without the necessity to share this detailed information with Google.

This setup not only ensures comprehensive insights into user interactions, traffic sources, and engagement metrics but also guarantees complete control over the data. By hosting Matomo on my own servers, I maintain full privacy and data ownership, enabling a more secure and personalized analysis of website performance. This approach reflects my commitment to leveraging advanced analytics tools while upholding the principles of data privacy and control.
DSC 0914

THE JURNEY 

Over the years, my passion for technology has guided me on a fascinating journey, from the early days of fixing neighbors’ computers and phones to diving deep into the worlds of networking, telephony, virtualization, and, more recently, containers. My setup today leverages Docker containers extensively, which has significantly optimized resource utilization and accelerated deployment processes across the board. Additionally, I run various services on Linux, predominantly Ubuntu, with Ubuntu Pro in select scenarios for its Live Patching, CIS Benchmark scripts, and more, enhancing both security and efficiency.

For managing Docker environments, Portainer has become an invaluable tool, streamlining operations across some of my Docker nodes. My infrastructure, built with a blend of dedication and curiosity, has evolved into a small data center I’m genuinely proud of. It stands as a testament to my commitment to technology and my relentless pursuit of knowledge. Throughout this journey, technology has not just been a career path but a profound interest that has enriched my life in countless ways. Looking back at the array of roles I’ve embraced, it’s clear that my dedication to tech was the constant driving force, steering me through various fields and challenges.

As I reflect on this journey, my approach remains humble yet filled with an unwavering enthusiasm for what the future holds. The small data center I’ve built is more than just hardware and software; it’s a personal milestone, a learning environment, and a stepping stone to further advancements. With every project and innovation, I’ve advanced my career and stayed true to that inquisitive kid who was always eager to learn and explore. As technology continues to evolve, I’m excited about the new paths it will carve and where this unending adventure will lead me next.