Skip to main content
Imad Uddin
Imad Uddin
Why I Built a Homelab (And What's Running in It)

Why I Built a Homelab (And What's Running in It)

·436 words·3 mins
Homelab Homelab Linux Docker Self-Hosted Networking
Imad Uddin
Author
Imad Uddin
Writing about Apple security, threat intelligence, homelabs, and the long road of learning in public.
Table of Contents

The problem with just studying
#

Security courses teach you what attacks look like in diagrams. Networking modules explain subnets on whiteboards. Cryptography gets covered in lectures with no lab component.

None of that tells you what it actually feels like to misconfigure a firewall rule and lock yourself out. Or to watch a service silently fail at 2am and have to trace why. Or to realise your mental model of how DNS works was wrong in a specific way that only becomes obvious when you try to run your own resolver.

The homelab exists to find those gaps.

What it is
#

A server running in my room, 24/7, hosting services I actually use. Not a cloud instance — physical hardware I can touch, break, and rebuild without paying per hour for the privilege of making mistakes.

Everything runs in Docker containers managed through Portainer. This means I can spin up a new service in minutes, and when I inevitably break something, rolling back is straightforward.

What’s running
#

Network layer:

  • Pi-hole — DNS-level ad and tracker blocking for everything on the network. More interesting than it sounds once you start seeing what your devices are actually talking to.
  • WireGuard — VPN so I can access everything remotely. Setting this up properly taught me more about networking than any module I’ve taken.

Infrastructure:

  • nginx — reverse proxy handling routing and SSL termination for all services
  • Portainer — container management UI

Monitoring:

  • Uptime tracking across services with alerting when something goes down

What I’ve actually learned
#

Every outage is a lesson. Some examples:

  • Misconfigured nginx upstream caused 502s I couldn’t explain for an hour — turned out to be a container name mismatch that only appeared because of how Docker’s internal DNS works
  • Pi-hole blocked a dependency my VPN client needed — taught me to check DNS logs before assuming the problem is somewhere else
  • WireGuard key rotation went wrong in a way that locked me out remotely — learned to always test key changes locally first

None of these failures are in any textbook. They’re the actual knowledge.

Why it matters for security work
#

At CrowdStrike, a lot of threat intelligence work involves understanding how attackers move through infrastructure — lateral movement, persistence mechanisms, C2 communication. Understanding infrastructure from the defender’s side, including all the ways it fails, makes that work more concrete.

You can’t really understand how something gets compromised if you’ve never built and broken it yourself.

What’s next
#

Expanding the monitoring stack, adding intrusion detection, and documenting each service properly. Writeups on individual components coming to the Projects section.