Dedicated page

Home Lab: infrastructure and security operations

Concise documentation of a personal infrastructure focused on operations, security and monitoring.

Introduction

The Home Lab is used as an operations and validation environment: it supports service publication, availability control and a consistent security baseline.
Shared information stays intentionally high-level to preserve operational security, without exposing sensitive details.

Read the rack from top to bottom: network and security layer, compute/virtualization layer, then storage and backup power layer.

Middle section: virtualization host and services split by role (publication, administration, monitoring).
Lower section: primary storage, backup flow and power continuity to reduce service interruptions.

Traffic and publication principles

Usage segmentation to separate administration, internal services and exposed services.
Traffic paths restricted to what is strictly required per service role.
External publication centralized through a reverse proxy with a consistent exposure policy.
Conceptual separation between production environment and administration perimeter.
Documented approach to simplify maintenance and operational recovery.

Control and continuity baseline

TLS across published services, using Let’s Encrypt through the reverse proxy.
Restricted administrator access, with a VPN-only objective for sensitive operations.
SSH key-based authentication for system access.
MFA enabled where supported by services.
Continuous monitoring of service availability and health.
Operational alerting to handle incidents quickly.
Scheduled backups with regular restore testing.

Active monitoring

Public availability view of monitored services.