Home Lab • Linux • Networking • Self-Hosting

Notes from my Home Lab

Short, practical write-ups about what I built, what broke, and how I fixed it. Panda Ops is my proof-of-skills blog: Linux, networking, self-hosting, troubleshooting, and documenting real systems.

Read posts Start here
🐧 Linux 🛡️ NGINX ☁️ Cloudflare 🔒 WireGuard VPN 🧼 Pi-hole DNS

Current focus: secure foundation (VPN + DNS filtering) and building my own web server + mini CMS behind NGINX.

Lab: active

Hosting approach

Cloudflare → NGINX → Custom server

Hardware

Raspberry Pi (Pi Zero focus)

Why this blog exists: I’m building real IT skills by running real services and documenting the results. I started with reliable tools (NGINX), then added edge protection (Cloudflare), and now I’m building fundamentals (my own server + CMS) in a safe hybrid setup.

Start here

1) What this blog is

A runbook-style home lab log. Each post aims to include: goal → environment → steps → errors → fixes → takeaway.

2) What I’m building

A homelab that grows in phases: stable hosting → secure remote access → DNS filtering → always-on services → upgraded home server + segmentation.

3) How posts are generated

Posts are written as simple files (Markdown) and my custom server turns them into consistent pages using the same CSS. The homepage cards are auto-generated from the post list (mini CMS).

Roadmap (in the order I’m building it)

Phase 1: Get hosting working locally

  • Serve the site locally and confirm pages load reliably
  • Organize files and verify the blog layout + CSS consistency
  • Start documenting repeatable steps

Phase 2: Add NGINX for reliability

  • Install NGINX and validate logs + requests
  • Clean separation of content vs configuration
  • Prepare for reverse proxy architecture

Phase 3: Add Cloudflare for safer public access

  • DNS + HTTPS at the edge
  • Use a Cloudflare Origin Cert with Full (strict)
  • Lock down origin traffic to Cloudflare (firewall allowlist)

Phase 4: Pi Zero security foundation

  • WireGuard VPN (safe remote access)
  • Pi-hole DNS filtering (with a fallback plan)
  • Stability checks so the internet doesn’t depend on vibes

Phase 5: Custom web server + mini CMS (hybrid)

  • Custom server listens privately (localhost) behind NGINX
  • Auto-generate blog cards from post files
  • Click-through pages: /blog/<slug> render consistent post layout

Phase 6: Upgrade path

  • mATX home server build (Docker host + services)
  • Storage + backups plan (NAS/snapshots/off-device copy)
  • Network segmentation (Trusted/Servers/IoT/Guest VLANs)

Latest posts

Loading Please wait

Fetching posts…

If this message never changes, the server endpoint /api/posts isn’t running yet. That’s okay — once your custom server is live, this section will auto-build cards.

Lab notes

Current environment

  • Home network: router + stable Wi-Fi
  • Pi hosts services and runs 24/7 where possible
  • Public access: Cloudflare + NGINX (edge + gate)
  • Private app: custom server on localhost behind NGINX

Why hybrid matters

  • NGINX handles the risky public ports (80/443)
  • Custom server stays private and focuses on routing + content
  • Less attack surface, better learning, easier debugging