Professionalize your home lab with a Raspberry PI and a NAS— Part 1
Table of Content
So you’re interested in hosting your own services inside your home network? This makes sense, as it’s getting more and more easy (and cheap!) to host your own services like a private cloud or even dynamic websites in your home network.
With 2021 coming, I was getting frustrated by all the different services I had to pay and coordinate. I was using Google Drive, Dropbox and One Drive just in case some unlikely sort of data loss event would occur. I was hosting small websites with low traffic on VPS (virtual private server) paying 10€/month. I was using Github and BitBucket in parallel, to not lose any code.
In most cases, those services are free of charge but as everyone knows by now, it’s really not for free. They’ll use your metadata and sell them to dubious companies, and you don’t have any sort of control on how your data is used and analyzed. Don’t get me wrong, I do not condemn anyone who’s using those services (I do it myself) as they are really powerful and convenient, but as a computer scientist I always try to economize the digital information I share. Additionally you don’t have to take care of the maintenance but I just wanted to get out of this hamster wheel and be “my own boss” without sharing my data with someone who’s making money out of it, even if this would mean digging into different topics and setting up everything on my own.
Even the electricity cost is not an argument anymore. I remember that in earlier days computers were consuming a lot of power and it was not really cost efficient to host your own server, but with the rise of Raspberry PI and newer CPU architectures, the energy costs have reduced significantly.
A goal without a plan is just a wish …
… that’s why I sat down before buying stuff and setting up my network. I tried to think thoroughly about the services I wanted to manage and how to protect all of them from remote access.
What is the goal?
Multiple things: Hosting my own (small) websites and private cloud with OCR, making them remotely accessible as well as hosting different services like GitLab or Calibre only internally (protected). As I did not want to worry about possible occurring failures, everything important should have a backup concluding in the idea of building my own NAS.
This eventually led to the idea of having the complete setup dockerized, which also has the nice side effect of being able to clone my setup on any other server. Another huge plus was the possibility to work with docker volumes which could be stored on my NAS and would provide a backup in case of any failure.
On top of all the previous things, I wanted my setup to be as energy efficient as possible. So I bought myself an ammeter to check how much power my NAS is consuming at idle (40W) as well as under load (70W). Actually a lot of people do forget that not the hardware but the operational costs do have a big impact on your bill. So I just made a very simple assumption:
Let’s assume our NAS (which is consuming way more electricity than a Raspberry PI) will be idle most of the time, so why bother keeping it active? Also there won’t be many scenarios where you’ll need your data available at 2am in the morning. Okay, so for my use case the computer will have a regular uptime between 10am and 10pm which makes it12 hours a day. I will definitely not use it 100% in those 12 hours, so let’s remove 3 hours (which is stilly quite conservative) and we’ll have an uptime of 9 hours with an average use of 45W. So, let’s do the calculation:
NAS: (9 hours uptime / day * 365 * 45W) / 1000 * 0,29 cent ~40€
Rasperry Pi: 35kwh / year ~ 10€
— — — — — — — — — — — — — — — —
50€ / year, sounds good, doesn’t it?
To be able to use the sleep mode while the NAS is inactive I use WOL (Wake-on-LAN) as well as automated shutdown as soon as there would be no activity.
How to do the public/private split of the network?
With the idea of hosting my websites and private cloud at home and making them accessible to the “outside”, I really wanted to “split” my network in a public part and a private part, where all my services could only be accessed if I would be connected to my home network. This just makes sense, as you don’t want to expose more than needed to the outside, which could potentially introduce security risks. The following highlevel schematic layout is the result of the above mentioned aspects:
On the image above you can see that the entry point into my network is (of course) my router, which actually is a FRITZ!Box 7490. The router will be forwarding specific outside traffic to my Raspberry Pi and differ on the basis of the used port if the traffic was meant for the public or the private part (which I will explain in detail in the next part of this series). Unfortunately, I do get easily distracted … that’s why the image says “Öffentlich” instead of public and “Privat” instead of private, but I think it’s still understandable (admittedly I’m also lazy because I wasn’t keen on correcting the language).
What components do I need?
So, what are the hard- and software requirements we need to satisfy to set up this network layout?
- Router (FRITZ!Box 7490) with port forwarding and DynDNS capabilities
- Server (Raspberry Pi 4b with 8 GB RAM) able to act as Docker host
- Server (NAS) with RAID capability
- Ubuntu 20.04
- Open Media Vault
- PiHole (DNS)
Traefik? You mean traffic, right?
No, it’s really called “Traefik”. In order to get a brief understanding of why I wanted to use Traefik to accomplish this “virtual network split” here’s a short summary of the problem we have to face if we would be using multiple webserver.
Imagine a scenario, where you want to host multiple websites on our home server and make it available for outside access (let’s just ignore for a moment that we need to have port forwarding and DynDNS configured for this use case). A simple website which is being served over https is accessible through port 443. If we now set up a webserver, this webserver will listen on port 443 and block the access on port 443 for every additional application, which means we cannot easily set up another webserver for our internal network hosting our internal services like GitLab.
Of course it’s also possible to set up two Apache webservers listening to different ports or nginx as reverse proxy, but in my opinion this is not an elegant way and includes a lot of hand tailored configuration.
Buuut, Traefik comes to our rescue. Traefik is some sort of scalable reverse-proxy or as Traefik calls itself “Edge Router” and enables us to use the same port(s) for multiple applications differing mainly in header, host and port and that with a minimum of configuration. As shown in the image below, Traefik “sees” the incoming request, e.g. “api.domain.com” and requests and returns the response of the service listening to this combination of host, header and port.
This is of course a very simple use case and Traefik can do a lot more than simply mapping requests to the correct service, but I will deep dive into this topic in my next post, where we will put hardware and software together.
One last thing: This post is intended as the start of a series, so if you’re interested in the topic of setting up your own home network I would love to see you subscribe or getting in touch with me.