Today I’m diving in to the world of network access control! Being able to authenticate network devies plugged in to your switches is a great way to improve network security without resorting to unplugging or disabling every unused port on yout equipment. Now every switch port is universal, and will enable on demand based on what is plugged in. While I couldn’t go through the complete authorization part of the setup (mapping devices to VLANs), I’m planning on making a future video for that step.

Today I’m setting up a simple nginx proxy, so I can store updates used by my many Linux systems. Most of them run a derivative of Debian, so this guide focuses mostly on caching apt repositories (Debian, Ubuntu, Proxmox, and more), but the same approach should work with any distro. Install nginx I’m using a Debian 12 (Bookworm) unprivilaged LXC container, but this is basic nginx which should be in every distro ever.

Today I’m diving into Mutual TLS to securely expose my homelab services! TLS is already ubiquitous in the modern era, providing strong symmetric encryption, perfect forward secrecy, and a public chain of trust to authenticate the server. But, it also has a lesser known ability to authenticate the client. By creating our own certificate authority to issue certs to clients, we can securely authenticate them to the server, preventing other users from even hitting our web app and probing it for vulnerabilities.

In this episode, I’m playing with Single Root I/O Virtualization (SR-IOV) in Proxmox Virtual Environment (PVE). I’ve heard ruomors that it will be anything from a minor to major improvement in IO performance for my VMs, so I wanted to do some testing on my own system to be sure. Please don’t take my results as final, I’m not comfortable saying that I’ve removed all of the background tasks and load from the measurements.

In this video, I’m setting up Authelia. It’s a very lightweight authentication service, which can be used to provide authentication to services which don’t natively support any form of authentication. I think this is a great choice for small scale homelab environments, as it’s simple to run and administer. Contents Video Authelia Configuration User File TLS Certificate Protected Service Example with Caddy Video Authelia I installed Authelia on an LXC container (Debian 12), and set it up with a dns name / AAAA record in public dns, and all the jazz required for normal HTTPS access.

This video started as the answer to a simple question - how can I self-host a service for my friends and family, behind cgnat, without requiring them to install any apps (like tunnels)? This video turned into a bunch of different ways to proxy IPv4 to IPv6, so you can receive IPv6 traffic natively and bring in legacy traffic from a VPS which does have public IPv4. While I’m giving you a lot of different examples and methods here, you can mix and match a lot of them to fit your needs.

Today I’m trying to reduce the power consumption of my Proxmox Backup Server. The HP Microserver is great for what I need, but it’s kinda loud and I’m working on optimizing my power bill. The homelab is the largest single consumer of electricity aside from the air conditioning in the summer, so it’s something I’m looking at heavily. Anyway, I thought I could do this purely with systemd sleep / suspend initially.

You’ve probably heard all about creating multiple VLANs, for things like your IoT network, guest wifi, and more. But do you know what a VLAN actually is, and what the difference is between a VLAN and a Subnet? Today I’m going to cover the numbering of subnets in your network, and how to set up new subnet and VLAN interfaces in OPNsense. Come along on this adventure! Contents Video Subnetes VLANs Video Subnets Starting in the last video, we have a basic network setup with the internet (green cable) and a ‘LAN’ made up of only my laptop (black and yellow cable).

In this project, I explore an all-in-one home server using low cost hardware, bringing together as many common home applications as possible in a single box. Terramaster NAS as low-cost Proxmox node? Teardown and SW Install! In the first video, I introduce the hardware for this project - a cheap Terramaster NAS! It combines two HDD bays and two NVMe slots in a very tiny and low power brick, with dual 2.

I’ve been using Mikrotik RouterOS for awhile now, both using their hardware and their virtual image (Cloud Hosted Router). It’s a great product for routing and firewalling, while it’s not a NGFW it’s an absolutely amazing router and their L2/L3 switches are also a great value for the price. So anyway, I often setup images of the latest CHR in Proxmox VE for testing things. I create vmbr bridges in Proxmox to point-to-point link multiple CHRs, and can lab out complex network setups.