Architecure at Home

The diagram above shows the architecture I have deployed at home. The various components are listed below:

Router (pfSense): This is an Intel Alder Lake N100 Mini PC costing just S$270 installed with the enterprise level router software based on FreeBSD.
Mini PC1: This Asus PN51-S1 Mini PC has an AMD R7-5700U CPU with 8 Cores/16 Threads runs FreeBSD with each container running in a Bastille managed jail. This is ideal for long running containers.
Mini PC2: This recent addition - an Asus NUC 15 Pro U5-225H with Intel Core Ultra 5-225H is a Q1 2025 released CPU featuring 14 cores. It runs the ProxMox which allows us to run Linux based VMs or LXC containers and provides a very user friendly web interface to manage your VMs and containers.

pfSense Router

This router runs my home network and runs the pfBlocker-NG firewall package which blocks known malicious sites from making any request to anything behind the firewall on my home network.
It runs a DHCP server for the 192.168.0.1/24 network with static IP address from 192.168.1.2 to 192.168.1.29 and DHCP leases from 192.168.1.30 to 192.168.1.254.
It provides Network Address Translation (NAT) for incomming HTTP and HTTPS requests which are directed to the NGINX based reverse web proxy.

The NGINX reverse proxy fronts all incoming HTTP & HTTPS requests and sends this forward to the appropriate IP address that are usually hosted in one of the containers on one of the Mini PCs.
It also reuqests and automatically renews the Let’s Encrypt certificate for all incoming HTTPS requests for the two domains we host - thomas-pk.com and philiptk.com
It is also configured in such a way that any container that requires authentication has to go through the Authelia container.