Arseni Aliakseichyk

Embedded and Infrastructure Engineer

arseni.aliakseichyk@gmail.com • LinkedIn • GitHub • Portfolio • Słupsk, Poland

Homelab Infrastructure - Edge Router + Production VPS

OpenWrt Edge Router + Self-Hosted VPS (13+ Services)

Personal • 2024 – Present

Production (2+ years)

My self-hosted network has been running continuously for over 2 years and now spans the home edge and the cloud. An OpenWrt edge router (Wi-Fi 6) joins my home LAN and a public VPS into one private network over a WireGuard site-to-site tunnel, with network-wide AdGuard DNS filtering and nftables default-deny segmentation (LAN / guest / WireGuard). On the VPS, a system-level Nginx acts as a reverse proxy with SSL termination (Certbot), forwarding traffic to 13+ Docker containers bound exclusively to 127.0.0.1 across 4 domains. Critical services (VPN admin panel, Guacamole RDP/SSH proxy) sit behind Authelia SSO with YubiKey WebAuthn 2FA; the firewall (UFW) only exposes ports 80, 443, 51820 (WireGuard), and a non-standard SSH port. The full sanitized config, CI linting, and audit/health scripts are on GitHub.

View source on GitHub →

Nginx (SSL) → Docker containers (127.0.0.1:*) ├── :8086 CV frontend ├── :8443 WireGuard VPN (SSO + YubiKey) ├── :8081 Guacamole RDP/SSH (SSO + YubiKey) ├── :9091 Authelia SSO Portal ├── :8088 FileBrowser ├── :8085 upsl.lol frontend ├── :8080 raspisanie frontend ├── :8087 birthday-asyanka ├── :8089 game-finder └── :6379 Redis (sessions)

Domains

arseni-aliakseichyk.com - CV, VPN, Guacamole, Auth
arseni-lab.com - lab projects (game-finder, cloud, presentation)
upsl.lol - schedule management platform
raspisanie-bsufl-neoficalno.lol - university schedule caching

OpenWrt
WireGuard (site-to-site)
AdGuard Home
nftables
Docker/Compose
Nginx
Certbot
UFW
Authelia
Linux networking