I’ve been experimenting with self-hosted services for a long time, and I have several quality-of-life-enhancing apps running on my home lab. In the past, I’ve gone over my self-hosted gaming, coding, and automation apps. This time, I wanted to shed some light on my networking tools. Whether it’s keeping intruders at bay, monitoring my traffic, or simply documenting the plethora of devices in my arsenal, I consider these self-hosted utilities an essential part of my home network.
6 ntopng
To analyze my network traffic
As a network probing utility, ntopng grabs the network statistics from all my home lab devices and charts them inside a neat UI. These range from IP addresses, throughput, and traffic history to complex network flows and geoanalysis graphs.
While it’s more of a passive network analysis than a dedicated IDS/IPS, ntopng also has some active monitoring facilities up its sleeve. The vulnerability scan feature, for instance, can check my server ports for CVE. I can also create custom alerts to receive notifications about every major event on my home network, be it a new device connecting to my LAN or a server exchanging one too many packets with an unrecognized IP address.
5 Beszel
A light monitoring server for my home lab
Beszel is a monitoring application that hadn’t caught my eye until recently, which is a shame, because it’s one of the best tools for keeping tabs on all the devices in my home network. For starters, Beszel can compile the performance statistics of my home lab devices, including CPU consumption, RAM utilization, LAN bandwidth, disk usage, and even the system temperatures.
Beszel can even monitor the uptime of my servers, and I can use its built-in notification facility to receive pings every time a service goes offline, consumes too many system resources, or hits high temps.
4 WireGuard
But Tailscale deserves a shout out
Although I’d love to stay holed up in my rat’s nest of an apartment, there are times when I need to touch grass – often for extended periods of time. Since exposing my home lab to an insecure public Wi-Fi can make my devices and services vulnerable, I use a self-hosted VPN to access my home server from external networks.
WireGuard provides the perfect balance between speed and security, and it’s easy to deploy a WG server on my local devices. Tailscale is another decent alternative for folks who have to contend with the misery called CGNAT, though it’s technically not a self-hosted platform, as you’ll be relying on first-party servers to connect to your home lab.
3 Nginx
Or Caddy, if you want automatic HTTPS
When I first started venturing into the self-hosted landscape, I had no trouble remembering the IP addresses and port numbers of my servers and containers. But now that I’ve got an armada of services running on my home lab, it has become increasingly difficult to access my locally-hosted suite.
That’s where reverse proxy platforms like Nginx and Caddy come into the picture. Rather than relying on IP addresses to access your services, you can use a reverse proxy app to launch your self-hosted suite from a single domain. Ngnix provides better performance than Caddy, but the latter’s automatic HTTPS feature makes it more convenient to use.
If you're not using them already, you need to set up Nginx reverse proxies in your home lab - here's how
Reverse proxies are incredibly handy in the home lab, and Nginx is one of the best known.
2 NetBox
Ideal for documenting my chaotic setup
I regularly add new devices to my home lab, partly because I work as a hardware reviewer and also due to my terrible habit of purchasing new server equipment on a whim. A self-hosted NetBox instance can map all my devices and I use it to model my local network setup. Besides serving as a note-taker for my LAN, NetBox also includes robust IP Address Management (IPAM) and Data Center Infrastructure Management (DCIM) features.
The latter is particularly helpful, as I can use NetBox to document both physical and virtual servers in my home lab. As a DevOps enthusiast, I can even use it as a source of truth to automate my network devices via Ansible and Terraform.
1 OPNsense
My favorite router OS
I’m not a fan of the inadequate security features in consumer routers, and the ones offered by ISPs are even worse on the security front. A router running OPNsense is my favorite alternative to the lackluster first-party operating systems you’d find in modern routers.
Besides offering regular updates for years, OPNsense is armed with all the advanced security tools I can ask for, including built-in IPS/IDS support, dynamic routing features, and fine-grained control over my firewall rules. That’s before I mention the extra plugins that let me integrate Tailscale, Ntopng, Nginx, and other tools on this list into my OPNsense router.
There’s no shortage of self-hosted network tools
As is typically the case with my self-hosted listicles, I’ve got a couple of other applications that deserve a mention. Authentik is my go-to SSO platform, as it’s easy to configure and boasts compatibility with several authorization protocols. If you’ve got multiple UPS devices in your home lab, you can use PeaNUT to manage them over the network. Then there’s Pi-hole and AdGuard, which are the perfect panacea to intrusive advertisements.