1. Welcome to my homelab server documentation
The final goal of my homelab is to provide a self-hosted, secured and free solution for a personnal cloud. It should answer some daily functionnalities.
1.1 Global setup
The desired setup is the following one :
X
┌──────────────────┐
Wireguard connections │ │
┌─────────►│ Server main │
│ │ │
│ └──────────────────┘
┌──────────┐ ┌───────────────┐ │
│ │ │ │ │
│ Internet ├──────────────────►│ Proxy (Caddy) │◄─────────|
│ │ mathisrevenu.fr │ │ │
└──────────┘ └───────────────┘ │
VPS (OVH) │ ┌──────────────────┐
│ │ │
└─────────►│ Server backup │
│ │
└──────────────────┘
Home
1.2 VPS as proxy configuration
1.3 Main server configuration
The server is hosted on a debian machine.
The debian machine has 3 differents users :
- admin who is for the properly configured services
- mathisrevenu who is only for testing some functionnalities.
- root
All services are hosted in isolated docker containers.
1.4 Backup server configuration
1.5 Services on main server
Here is the list of the services on the main server :
| Service name | Repository | Service url | Open ports |
|---|---|---|---|
| SSH | ssh : 22 | ||
| Documentation | homelab-docs | https://doc.mathisrevenu.fr/ | http : 9005 |
| Authentik | |||
| Forgejo | |||
| Seafile | |||
| Immich |
1.5.1 Documentation
Mkdocs is used as a tool for hosting properly documentation.
The documentation can be found in the homelab-docs repository.
Mkdocs is served using nginx on port 9005.
Documentation server is automatically deployed with a CI/CD pipeline with forgejo-actions.
1.5.2 Authentik
1.5.3 Forgejo
Forgejo is a service that have a particular place in this system because some of the others are build and deployed using forgejo-actions.
1.5.4 Immich
1.5.5 Seafile
1.6 Proxy on main server
Caddy is used as a proxy
Need for a custom caddy version to handle ssl certificates
curl -o caddy "https://caddyserver.com/api/download?os=linux&arch=amd64&p=github.com/caddy-dns/ovh"
sudo chmod +x caddy
sudo mv caddy /usr/bin/caddy
To allow caddy to generate proper certificates, it needs access to the dns. To create application keys in OVH it is here : https://auth.eu.ovhcloud.com/api/createToken
It only needs some rights : - GET /domain/zone/ - POST /domain/zone/ - PUT /domain/zone/ - DELETE /domain/zone/
Then sudo systemctl edit caddy where the following lines have to be added :
[Service]
Environment="OVH_ENDPOINT=ovh-eu"
Environment="OVH_APPLICATION_KEY=your_application_key_here"
Environment="OVH_APPLICATION_SECRET=your_application_secret_here"
Environment="OVH_CONSUMER_KEY=your_consumer_key_here"
Then a little reload : sudo systemctl daemon-reload
Finally it is time to setup the Caddyfile :
Caddyfile, which is the configuration file of the proxy, can be found at /etc/caddy/Caddyfile.
Usual commands to manipulate caddy are :
sudo systemctl restart caddyafter a change in configuration.sudo systemctl status caddyto see its status.
Caddy is run using the sudo user to be able to access ports such as :80.
{
email root@mathisrevenu.fr
}
mathisrevenu.fr {
tls {
dns ovh
resolvers 127.0.0.53
}
reverse_proxy localhost:9005
}