Architecure at Home

Created: 29 Jun 2025. Updated: 6 Jul 2025.

../../_images/HomeArchitecture.png

Overall architecture

The diagram above shows the architecture I have deployed at home. The various components are listed below:

  • Router (`pfSense <https://www.pfsense.org/>`_): This is an Intel Alder Lake N100 Mini PC costing just S$270 installed with the enterprise level router software based on FreeBSD. Since all routing is done with pfSense, the WiFi points are simply access points connected to the home LAN.

  • Mini PC1: This Asus PN51-S1 Mini PC has an AMD R7-5700U CPU with 8 Cores/16 Threads runs FreeBSD with each container running in a Bastille managed jail. This is ideal for long running containers.

  • Mini PC2: This recent addition - an Asus NUC 15 Pro U5-225H with Intel Core Ultra 5-225H is a Q1 2025 released CPU featuring 14 cores. It runs the ProxMox which allows us to run Linux based VMs or LXC containers and provides a very user friendly web interface to manage your VMs and containers.

pfSense Router

  • This router runs my home network and runs the pfBlocker-NG firewall package which blocks known malicious sites from making any request of any kind on my home network.

  • It runs a DHCP server for the 192.168.0.1/24 network with static IP address from 192.168.1.2 to 192.168.1.49 and DHCP leases from 192.168.1.50 to 192.168.1.254.

  • It provides Network Address Translation (NAT) for incomming HTTP and HTTPS requests which are directed to the NGINX based reverse web proxy.

Reverse Proxy

  • The NGINX reverse proxy handles all incoming HTTP and HTTPS requests at the application level while the router handles all IP related assignments and routing.

  • More details on the reverse proxy used in conjuction with Authelia can be found on the next page.

SMTP Mail Server

  • All containers and applications on the ProxMox is configured to send email notifications out using my GMail account using the SMTP service.

  • This is required for alerts on system level notification or user’s authentication registration and second factor via email.

Containers / Jails / VMs

  • All applications sitting on the FreeBSD Mini PC 1 run in Bastille managed jails while LXC containers and VMs on the ProxMox Mini PC 2 use the Debian Linux distro from Turnkey Linux. TurnKey Linux provides ready containers for OpenLDAP, MySQL etc.