One (potential) downside to running public services on your homelab, is that you expose your IP address. That may, or may not, be a problem — but here are ways around it. The simplest way is to put Cloudflare in front, but this will only handle web traffic, and is a bit of a black box.

Another, more hands-on, approach is to use a VPS (or LXC container); WireGuard and iptables. We will create a secure tunnel between the VPS/container and the homelab HAProxy instance, and forward traffic using iptables.

I’ve been using dnsmasq as a local DNS resolver for a while, time to switch to Unbound instead.

I made a simple script that adds entries to a map file — which HAProxy reads. And voila — a URL shortener! 👇

A lot of my homelab traffic goes through the HAProxy reverse proxy — making it a single point of failure. This can be fixed by having two HAProxy servers and a floating IP.

I’ve been hosting repository mirrors from my homelab rack for a while. I first set up Archlinux in May 2018, then followed OPNsense, Cygwin, MariaDB, Raspbian and lastly Manjaro — now they are in a Terrahost datacenter instead.