homelab-architecture
---
sidebar_label: Homelab Architecture
---
# Full Homelab Architecture
End-to-end infrastructure design combining DNS, reverse proxy, and cloud edge security.
---
## 🚀 What This Demonstrates
- End-to-end system design
- Network flow understanding
- Integration of multiple services
- Real-world infrastructure thinking
---
## 🧠 High-Level Architecture
User (Browser)
  ↓
Cloudflare (DNS + Security + CDN)
  ↓
NGINX (Reverse Proxy)
  ↓
\-----------------------------------
| Internal Network |
| |
| Pi-hole → Unbound (DNS) |
| Home Assistant |
| Docusaurus Docs Site |
| |
\-----------------------------------
---
## 🎯 Objective
- Centralize all services under one domain
- Secure access using Cloudflare
- Route traffic internally via reverse proxy
- Maintain privacy with local DNS resolution
---
## ⚙️ Technology Stack
| Layer | Technology |
|-------------|-----------|
| Edge | Cloudflare |
| Routing | NGINX |
| DNS | Pi-hole + Unbound |
| Services | Docker containers |
| Host | Ubuntu |
---
## 🔄 Full Request Flow
### 1. User Request
User visits:
https://homelab.smartwall.cc
---
### 2. Cloudflare
- Resolves DNS
- Applies SSL
- Applies Zero Trust policies
- Forwards request
---
### 3. NGINX Reverse Proxy
- Receives request
- Determines destination based on hostname
- Routes internally
---
### 4. Internal Services
Depending on request:
- Docs → Docusaurus
- DNS → Pi-hole
- Automation → Home Assistant
---
### 5. Response
Response flows back through:
Service → NGINX → Cloudflare → User
---
## 🧠 DNS Flow (Internal)
Client Device
  ↓
 Pi-hole (filtering)
  ↓
 Unbound (recursive resolver)
  ↓
 Internet DNS Root Servers
---
## ⚠️ Problems Encountered
### DNS Conflicts
**Issue:** Internal DNS conflicting with external resolution
**Fix:** Ensured Pi-hole handled LAN DNS only
---
### Routing Failures
**Issue:** Requests not reaching services
**Cause:** Incorrect NGINX config
**Fix:** Corrected upstream targets
---
### Container Isolation
**Issue:** Services unable to communicate
**Fix:** Shared Docker network
---
## 🧠 Design Decisions
### Why Cloudflare
- Global CDN
- SSL termination
- Zero Trust security
---
### Why Reverse Proxy
- Central entry point
- Cleaner routing
- Simplified management
---
### Why Local DNS
- Privacy
- Control
- Reduced dependency
---
## 🔐 Security Model
- Cloudflare Zero Trust protects access
- No direct exposure of internal services
- Single entry point through NGINX
- DNS filtering blocks malicious domains
---
## 📈 Performance Considerations
- Cloudflare caching reduces latency
- Local DNS improves lookup speed
- Efficient internal routing
---
## ✅ Final Outcome
- Fully functional homelab environment
- Secure, scalable architecture
- Centralized service management
- Real-world infrastructure design
---
## 💼 What This Proves
- Ability to design systems end-to-end
- Understanding of networking layers
- Experience with real deployment pipelines
- Strong troubleshooting capability
---
## 🔮 Future Improvements
- Add monitoring stack (Grafana + Loki)
- Implement redundancy
- Add load balancing
- Expand service ecosystem
---