Our Unifi system can support several different VPN configurations. We used the VPN server built into our Unifi Dream Machine SE and configured it to use Wireguard clients on our iPhones, iPads, macOS laptops, and Windows laptops. The Unifi system makes setting up our WireGuard VPNs simple.
The following video explains the various VPN options and how to configure them.
We use DDNS to ensure that our domains point to our router when our ISPs change our IP address. After the clients are installed, they are updated to point at our network’s current IP.
Iperf3 is a common tool for network performance testing. We run an Iperf3 server in a Docker container. You can find information on how to set up and use Iperf3 here.
We run a Docker container called Speedtest Tracker to monitor the performance of our Internet connection. This container is a self-hosted application that monitors the performance and uptime of our internet connection. It uses test servers on the Internet to measure our Internet upload and download speeds, latency, and jitter. The main use case for this tool is to build a history of your internet performance and ISP’s uptime so you can be informed when you’re not receiving your ISP’s advertised rates.
Setup and Configuration
This container is easy to set up in Docker. We used the process in the video below –
We also configured the container to store test results in our Influxdb.
Speedtest Tracker Grafana Dashboard
This allows us to configure a Grafana Dashboard to view the results of our tests.
Speedtest Tracker Results
The Grafana Dashboard that we used can be found here. You can learn more about how we have deployed and configured Grafana dashboard in our Home Lab here.
Many services and devices in our home lab have web interfaces. We secure many of them using Nginx Proxy Manager as a reverse proxy.
Traefik Reverse Proxy provides ingress control and SSL certificates for our docker services. While Traefik can be used for services outside Docker, configuring it is complex and requires restarting the Trafik container. As a result, we also run Nginx PM in a container to enable SSL certificates and simple reverse proxy configuration of our web-based services outside of Docker.
Nginx Proxy Manager Installation
Installing is easy. The following video explains the process, including using a DNS-01 challenge to obtain SSL certificates via Let’s Encrypt.
We configured a Docker macVLAN network for the Nginx PM container so that the proxy could determine the source IP addresses that access it. This enables IP filtering and other features.
We are running three Pihole installations, which enable load balancing and high availability for our DNS services. We also use a Cloudflare encrypted tunnel to protect information in external DNS queries via the Internet.
Unubtu VMs include a DNS caching server on port 53, which prevents Pihole from being deployed. To fix this, run the commands at this link on the host Ubuntu VM before installing the Pihole and Cloudflare Tunnel containers.
Scheduled Block List Updates
We must update our block lists by doing a Gravity pull. We do this daily via a cron job. This can be configured on the RPi host using the following commands –
# Edit the user crontab
sudo crontab -u <user-id> -e
# The following to the user crontab
min hr * * * su ubuntu -c /usr/bin/docker exec pihole pihole -g | /usr/bin/mailx -s"RPi Docker - Gravity Pull" [email protected]
We use Cloudflare to host our domains and the associated external DNS records. Cloudflare provides excellent security and scaling features and is free for our use cases.
We do not have a static IP address from either of our ISPs. This, coupled with the potential of a failover from our primary to our secondary ISP, requires us to use DDNS to keep the IPs for our domains up to date in Cloudflare’s DNS.
We run a docker container for each domain that periodically checks to see if our external IP address has changed and updates our DNS records in Cloudflare. The repository for this container can be found here.
Deploying the DDNS update container is done via a simple docker compose yml –
We use UniFi equipment throughout. We chose the UniFi platform for our second-generation home network primarily for its single-plane glass management and configuration capabilities.
Network Structure
Network Structure
The image above shows our network’s structure. Our Network is a two-tiered structure with a core based upon high-speed 25 GbE capable aggregation switches and optically connected edge switches. We have installed multiple OM4 fiber multi-mode fiber links from the core to each room in our house. The speed of these links ranges from 1 Gbps to 25 Gbps, with most connections running as dual-fiber LACP LAG links.
Access Layer
At the top layer, redundant Internet connections provide Internet Access and ensure that we remain connected to the outside world.
Firewall, Routing, and Management Layer
UniFi Dream Machine Pro SE
Our network’s firewall and routing layer implement security and routing functions using a UniFi UDM Pro router and firewall.
Home Network Dashboard
The UDM also provides a single-pane-of-glass management interface. All configuration functions are performed via the GUI provided by the UDM.
Core Aggregation Layer
UniFi High-Capacity Aggregation Switch
The core layer uses a pair of high-capacity Aggregation Switches to provide optical access links to all of the switches in our network’s edge layer. We also include a high-speed 10 GbE wired ethernet switch at this layer. All of our storage devices and servers are connected directly to the core layer of our network to maximize performance and minimize latency.
Edge Connectivity Layer
Example UniFi High-Speed Edge Switch
The edge layer uses various switches connected to the core layer, combining 25 GbE, 10 GbE, and 1 GbE optical links. Many of these links are built using pairs of optical links in an LACP/LAG configuration.
UniFi Firewall/Router, Core, and Edge Switches In Our Network
Our edge switches are deployed throughout our home. We use a variety of edge switches in our network, depending on each room’s connectivity needs.
This site is dedicated to documenting the setup, features, and operation of our Home Lab. Our Home Lab consists of several different components and systems, including:
A high-performance home network with redundant Internet connections
A storage system that utilizes multiple NAS devices
Multiple enterprise-grade servers in a high-availability cluster
Applications, services, and websites
Powered via dual-UPS protected power feeds and a backup generator
Home Network
Home Network Core, High-Availability Storage, and Secondary Server Rack
Our Home Network uses a two-tiered structure with a core based upon high-speed 25 GbE capable aggregation switches and optically connected edge switches. We use Ubiquity UniFi equipment throughout. We have installed multiple OM4 multi-mode fiber links from the core to each room in our house. The speed of these links ranges from 1 Gbps to 25 Gbps, with most connections running as Dual-Fiber LACP LAG links.
We have redundant Internet connections which include 1 Gbps optical fiber and a 400 Mbps/12 Mbps cable modem service.
Our servers run Proxmox in a high-availability configuration. In total, we have 104 CPUs and 1 TB of RAM available in our primary Proxmox cluster.
This rack includes an all SSD storage high-speed NAS that we use for video editing. It also includes a NAS which stores our video and audio media collection and provides access to this content throughout our home and on the go when we travel.
High Capacity Storage System
Main NAS Storage Rack
Our NAS Rack provides high-capacity storage via several Synology NAS Drives. It features redundant UPS power and includes additional rack-mounted Raspberry Pi systems which provide several different functions in our Home Lab. This rack also houses our Raspberry Pi NAS and NAS 2 systems.
Our total storage capacity is just over 1 Petabyte. Our setup also provides approximately 70 TB of high-speed solid-state storage.
Power Over Ethernet (PoE)
Main Power Over Ethernet (PoE) Switch
We make use of Power Over Ethernet (PoE) switches at many edge locations in our network to power devices through their ethernet cables.
The switch shown above is located centrally where all of the CAT6 ethernet connections in our home terminate. It powers our Surveillance Cameras, IP Telephones, Access Points, etc.
Home Media System
Our Home Theater
We use our Home Network and NAS System to provide a Home Media System. Our Media System sources content from streaming services as well as stored video and audio content store on our Media NAS drive and enables it to be viewed from any TV or Smart Device in our home. We can also view our content remotely when traveling or in our cars via the Internet.
Surveillance System
Synology Surveillance Station
We use Synology Surveillance Station running on one of our NAS drives to support a variety of IP cameras throughout our home. This software uses the host NAS drive for storing recordings and provides image recognition and other security features.
Telephone System
Telephone System Dashboard
We use Ubiquity Unifi Talk to provide managed telephone service within our home.
Ubiquity IP Telephone
This system uses PoE-powered IP Telephones which we have installed throughout our home.
Applications, Services, and Websites
We are hosting several websites, including:
This site, which documents our Home Lab (self-hosted)
