Self Hosting Progress

By thunderwood

In January this year, I made the leap and bought a server. Thus began the journey down the road of being completely self-hosted and independent from Google or any other party. Below I will talk about what I have so far, and my future goals.

Starting off, I purchased a DELL PowerEdge R610 with 128gb of ram, 6 600GB 15k SAS Drives, and 2 Xeon E5645’s with 12 cores total at 2.40GHz…much to my Fiance’s dismay. I then purchased an HP Procurve 1800-24G (J9028B) for the LAN switch, ran CAT6a throughout the house for the various devices, and used an old Gateway Desktop with 10TB of storage for a FreeNAS server.

Next, I purchased a DELL Poweredge R320 for a steal on Ebay, coming in with just barebones. I upgraded it to have 24GB RAM, 1 Xeon E2407, and 11TB of SAS storage. With all the hardware I needed to get my VMware Cluster going, I focused on configuring the Environment.

VMware

As mentioned above, I went with VMware for my Hypervisor software. Both servers have ESXi 6.7 Enterprise Plus installed on 64gb Thumb Drives that stay in their internal enclosures. Next I installed and configured vCenter 7.0 on a Windows Server 2019 VM for management. With vCenter installed, I started deploying Virtual Distributed switches and VMk adapters in the environment to handle Management, vMotion, vSAN, and my regular network traffic.

pfSense

Once the necessary back-end configuration was complete, I moved on the heart of the network, the pfSense Main Router. I installed the iso as a VM (Plans in the future to migrate to physical hardware) and got to configuring. This router serves as my “Perimeter” router and performs as the IPS, Reverse Proxy Services, Main VPN, DNS blocker, and more.

With the Router done, I moved on to complete other tasks, which included:

  • Domain Controller for LAN/DMZ (Windows Server 2019)
  • PiHole (Debian VM)
  • Thunder Cloud (Nextcloud on an Ubuntu 20.04 VM)
  • Docker Servers (Running with Portainer on 2 VMs, LAN/DMZ)
  • Guacamole Apache (Clientless RDP Server on Ubuntu 20.04 for Lab connectivity)
  • Plex media server
  • Basic Torrenting Suite with automated file migration to Plex
  • Lab Environment (60+ mixed OS VMs)
    • Defender Net (Defense tools and services)
    • Red Cell (4 Kali boxes and Caldera)
    • Customer DMZ (Emulated “Customer” File server, SMTP server, and other services)
    • Customer Main (Workstation VMs and Services)
    • Customer Admin (Admin Workstations)
    • Customer Ops (“Ops” Workgroup)
    • Customer ICS (Fully emulated ICS/SCADA network replicating a nuclear reactor site)
The “Thunder Lab” Net Map

Portainer

Main services being done, I switched over to working with docker to further my understanding of it’s workings. I spun up Portainer and began setting up and deploying containers. These instances will serve as an automated torrenting setup in the future.

One of these containers has DashMachine running on it, which serves as my Intranet Main Dashboard. I pushed a Group Policy change from my DC to make this page be the first page that loads when a browser is opened on my network.

With that done, I finally started documenting everything I did on the network through op notes. Sadly, I wasn’t doing this before and will have to redo many of the previous tasks in order to properly create how-to guides to post on this site.

Summary

Including the external devices and not just the servers, my environment consists of:

  • 84 VMs (Mainly Ubuntu and Debian, with the rest being Windows OS)
  • Enterprise level Domain Security
  • Enterprise level threat mitigation and detection
  • DNS Services
  • 46 TB of total storage capacity
  • 60GHz of Processing power for Containers and VMs
  • 256 GB of RAM in the Cluster
  • Lab Environment emulation an Enterprise Network with ICS/SCADA systems
  • Web, File, and Media hosting Services
  • Smart Home Integration

Plans Ahead

In the future, I will be making guides on each task I complete and post them here to help anyone else that usually finds themselves learning the fun way and starting projects without any prior knowledge on them. Further plans for the environment include:

  • Automated Torrenting Setup
  • Physical pfSense Router
  • 10G networking
  • Oauth v2 Integration
  • Docker Swarm using Raspberry pi’s
  • Kubernetes w/ Intel NUCs
  • SMTP Server for Personal Use
  • Hybrid Hunter (Security Onion v2) configuration and agent deployment
  • Another website hosting a blog for my Fiance and I’s wood working projects
  • Finally, figuring out more Projects!