It’s too bad because I really like the idea, as there really are not much options here in Canada for this sort of thing, but holy crap they charge way too much. If they could make the 45 drive case + sas expander setup about $1,000, and then you add your own components, I think that would be a decent deal. When I built my 24 bay supermicro server about 10 years ago it ran me around 3k. Case was around $1,500 and then components around there too. Now that we lost NCIX and Tigerdirect there is nowhere to buy Supermicro stuff though.

I’d consider insulating the ductwork and doing air sealing if it gets that hot, as it means lot of your heat is not making it where it should so your hvac is probably running more than it needs to.

Do those have VT-D and can they accept a decent amount of ram like 16GB or so? Very tempting to build a Proxmox cluster if I can find some here in Canada.

Anything that faces the internet I have on a separate vlan. Each system on that vlan is treated as if it was facing the internet directly, that way if one of them gets compromised the hacker will not get far trying to get into any other machines.

Rest of my network is a little more tame just for ease of access since it’s only me on here.

Although at some point I do want to revisit my security protocol even locally, just in case. Hitting some kind of drive by trojan script or something within the browser is always a possibility, it could work in reverse where it connects to an external server and then accesses the rest of the network that way. I’m not aware of such trojans but I’m sure it’s possible.

I do block all outbound ports except for base internet ports but a properly written malicious script would probably take that into account and use a common port like 443.

At some point I might setup a honeypot. Just need to name the VM “cryptowallet” or something like that and it would be a very fast target. If access to it is detected it would alert me and shut off the internet.

Very possible as something like Minecraft server is popular enough so if there’s known vulnerabilities they might be trying to exploit them. Be sure you are hosting that on a separate vlan that is split from rest of your network.

If you want to be more safe only allow your friends’ IPs through.

Woah that’s a beaut. Do these take regular sata drives though? I find enterprise SANs tend to be super proprietary which makes them unsuitable for home use other than just messing around.

I recently did the same! I was using a bunch of individual .loc domains for all my servers and I recently moved to using a sub domain off a real domain that I own. It feels more professional because that’s how my work does it for their network. So everything is servername.int.mydomain.com. I setup Lets encrypt on my web server and I have a local rsync script that just grabs the cert off the web server. I didn’t do all of my servers yet but did the more important ones. Of course those only resolve locally since the records are local only. int.mydomain.com resolves externally as a wild card and just goes to a common page that does nothing but it allows for Lets Encrypt validation to work.

Firefox has this annoying thing where it warns you about unsecured passwords in forms and I was really getting irritated by that on my local dev server because it does like a drop down thing that gets in the way of the rest of the form.

For now I’m just specifying each sub domain to LE, but I eventually want to setup the zone as dynamic and do a wildcard, which requires to do a txt record or something… it’s a bit more involved so didn’t look at it yet.

I also discovered the DHCP option “search domain”. Seen it before but never really knew what it was. Well you can specify your subdomain in there so that on any workstation getting DHCP you can time servername and it will auto complete the .sub.domain.tld part. I guess this is how windows 98 Netbios used to work. I just never really put the two and two together.