Let’s talk about a Cloudflare homelab!

What does homelab even mean? A homelab is a series of servers proudly scrapped together through love and time. Some My homelab has morphed into many different things over time and I gained tiny tidbits of automation knowledge in the process. From early version of terraform where I discovered the vast amount of open source providers randomly throughout github, to more mature CI/CD based automation practices to make keeping my smoker temperature monitored, I found a way to keep busy and find new ways to enhance my skillset.

Tell me more about this homelab!? I hear you barking there! I’ll try to explain it the best way I can. Through random dialogs about thoughts and diagrams shared. I hope to discuss different aspects of my homelab in the process as time goes by. Today I believe I want to cover the first ingress point. My WAN, and how I can use cloudflare to limit my HTTP ingress.

So let’s talk about how your eth0 touches my eth0 ( ͝סּ ͜ʖ͡סּ) ey? If you are on your telephone or laptop or a wireless device, that joke didn’t land home…

When your packets leave your device you hit Cloudflare’s DNS services, the lookup returns Cloudflare proxied IP ranges and eventually their proxy services. I utilize their published IP ranges as a semi-private ACL relationship on my Ubiquity Dream Machine and only permit the Cloudflare proxy services to ensure my IP address stays somewhat masked and my HTTP traffic comes from a trusted source. This ensures that I can easily publish application’s web endpoints to a secure endpoint without the risk of some random scan finding my IP address.

On the inside (once translated via NAT into my network), HAProxy is configured with ACLs to route traffic to various backends running on my virtualization server. I utilize Proxmox on a Dual Intel Xeon E5-2640 v3 hypervisor with 128 gigs of memory. Plenty of room for cores and memory alike.

The dmz virtual machine and my blog virtual machine is configured utilizing a series of ansible playbooks. I maintain my virtual machine hosts with various ansible playbooks to configure and install docker and maintain a docker-compose file for deployment. I will share these playbooks in the future as a deep dive.

I hope this post establishes a baseline of what a homelab could look like with regards to this very website you are reading right now! This here internet is a powerful tool to spread words of knowledge and joy under the right lens. I look forward to writing more posts to share some of my wisdom.

Leave a Reply

Your email address will not be published. Required fields are marked *