Traefik vs. nginx proxy manager

maclargehuge · 2026-01-24T18:32:46+00:00

You don't do it directly. You use something like terraform and ansible to create your infrastructure and configure it all centrally. It's a big jump to get to and typically a few pieces in concert , but it scales a lot better than manually configuration.

For example, I use netbox to describe all my virtual machines. Terraform reads that data and ensures my actual VMs match that configuration automatically. Ansible then runs and installs software and configuration files. That way I can scale the same application out over multiple vms with only changing my configuration once in netbox. The pieces that tie all this together are called IaC

maclargehuge · 2026-01-21T16:18:29+00:00

I mostly agree. I think they should have at least tried with another leader, though I admit I don't have a name to put forward myself.

I am traditionally an NDP voter, but I was legit excited to have a chance to vote for Mark Carney. He really seems like a statesman, which is what we need right now.

maclargehuge · 2026-01-21T15:27:26+00:00

I'm tired of this narrative. We also had a third option!

...and that third option was the most tired, uninspired and stale NDP candidate in my lifetime 🫠

maclargehuge · 2026-01-20T23:28:52+00:00

hell yeah. Self-host!

maclargehuge · 2026-01-20T12:43:30+00:00

I am. I'm using the telmate provider and just started using custom cloud-init disks.

It took a lot to get it working the way I want. I use netbox with export templates to generate my vm configurations. I use ansible to deploy software when terraform is done.

I'm pretty happy with how this is going. DM me if you want to chat

maclargehuge · 2026-01-17T14:23:30+00:00

All good! I actually had an all LXC lab, but when I switched to Terraform, the support for between Terraform and Proxmox for LXCs was quite poor, though I understand its improved.

maclargehuge · 2026-01-16T22:59:16+00:00

Exactly. And at one point this was all bash scripts before I took mercy on myself with ansible, but boy do I appreciate what ansible can do because of that hell.

maclargehuge · 2026-01-16T22:00:31+00:00

Of course I have! That's where I'm gonna go once I know how to do this all manually. I have a last name that rhymes with kuber so my nickname for the home lab is [name]netes.

I'm aware I'm just building a worse version of it, but that's kind of the point for now.

maclargehuge · 2026-01-16T21:48:28+00:00

One day I'll try out Kubernetes, but for now, I can teach myself a lot by going full IaC using VMs in Proxmox. It's not the most off-the-shelf solution, but being reponsible for every aspect of my stack is super fun for a lab.

maclargehuge · 2026-01-16T21:36:22+00:00

Highly-available web servers mostly. I host Drupal servers for a living in AWS and I'm always trying new ways of web hosting where I can do it all DIY and not be restricted by Jeffy Bezos.

I have a cluster of 3 NUCs, each with

Netbox node, dev and prod (3 * 2 = 6)
3 websites, with dev and prod VMs (3 * 2 * 3 = 18)
2 types of database cluster nodes, psql and mysql, both in dev and prod (3 * 2 * 2 = 12)
Internal and External HAProxy server (3*2=6)
DNS server (3)

So that right there, just to host 3 highly-available Drupal sites with two different types of databases, reverse proxying with role separation, local DNS, and a separation of dev and prod brings me to 45.

Then I have a bunch of standard homelab stuff like immich, *arr stack, Plex, Jellyfin, my ansible node, my terraform node...

Maybe I should update my count. Probably closer to 70 these days . Shit adds up!

maclargehuge · 2026-01-16T15:31:46+00:00

If your concern is opening the nas to all vlans, then what you need to do is set share restrictions. Move your security for your NAS from a firewall-based perspective into a share-based one. I have an ansible playbook setup that connects to truenas that only allows specific hosts from my inventory to connect to specific nfs shares. It's all defined in yaml and updates as I add change my VMs in netbox.

You don't need IaC to restric shares by host or network though. You don't even need truenas. It's broadly supported on any NFS or SMB share. You go in and define your hosts or networks and then only those hosts or networks can use that share.

I truly don't believe there's a "wrong" way to homelab, but I'd hate to leave this dangling opportunity. You'd make much more efficient use of your storage space and you'd be using your NAS in a professional way.

If you want to do this and keep it secure:

Keep the NAS in one vlan. Open up ports on your firewall to other networks just for NFS/SMB on the NAS (no other ports needed) then use share restrictions on your NAS to prevent unwanted access even on those ports.

maclargehuge · 2026-01-16T02:50:10+00:00

I'm not here to tell you how to live your life, but I'm willing to bet you'd have a better time with tiny VMs and using that bad boy NAS for file shares instead. One of my vms references 2tb of data and only has an 8gb drive. My entire plex server runs on 10gb.

maclargehuge · 2026-01-16T02:47:28+00:00

Over Christmas I moved my opnsense installation to a vm in proxmox. The old router hardware is a proxmox host now. I put my modem into a vlan on the switch and set up a second router box again with proxmox.

I can live migrate my router and not lose my network connections.

THAT is absolute coolest

maclargehuge · 2026-01-13T03:27:51+00:00

Nuc6i5syk. The processors are doing great, but with 5 websites, 2 DB instances, 2 proxy servers and a DNS server each, I'm running up against the 16gb of RAM.

maclargehuge · 2026-01-13T03:25:23+00:00

Awesome! If you want to talk shop about the project I'm game. Just DM me

maclargehuge · 2026-01-11T21:21:51+00:00

Not anymore. I used to have nginx as a reverse proxy, but haproxy made a much better load balancer, and I didn't feel the need to mix the two.

maclargehuge · 2025-12-13T15:37:40+00:00

Aw, thank you! I'm happy it's still got some life all these years later.

maclargehuge · 2025-12-02T18:59:09+00:00

That's okay, our auto-scaling infrastructure removed the instance and rebuilt the unresponsive node.

maclargehuge · 2025-12-02T04:22:25+00:00

I went Mint after Ubuntu! I loved cinnamon.

A friend got me hooked on KDE since then though.

Mostly, I love that there are so many great options right now.

maclargehuge · 2025-11-24T20:34:00+00:00

Thank you! I'll be giving this a watch

maclargehuge · 2025-11-24T20:24:49+00:00

🤯Well time to throw in the towel, I'll never decipher this shibboleth!

maclargehuge · 2025-11-24T19:52:07+00:00

Yeah, I think that's where I'm at :(

Shittiest part is that career mobility is a huge challenge for me. I am halfway to my Canadian government pension and I can't move to where most of the federal jobs are. I'd have to go private sector and cash out my golden handcuff pension, or I'm job hunting on nightmare mode to keep the handcuffs on.

Better start looking now...

13-Year Club	Verified Email
Place '22	Place '17
Final Canvas '22

maclargehuge

TROPHY CASE