Last year I started slowly planning out a home server setup with help from Tildes. I've gotten a few things up and running, but have been bouncing off a variety of walls trying to get to the next step.

The first goal was-
"Ok i've got Cosmos up and running for local access using self signed certs. I'd like to get it up and running using lets encrypt and a domain so I can eventually start giving a few family and friends proper logins and external access". Of note, ideally,

This led to a second goal of-
"Gosh it sure would be nice if I didn't have to be sitting at the physical server to do testing and could instead be at another computer in my house. I should probably configure ssh locally (working) and get it to forward windows so I can work in other rooms (not working...)"

"The stack":

Server - MS01 running LTS Ubuntu with Cosmos Cloud installed (well it was, but is currently not)

Router - Ubiquiti Dream Machine Pro (of note i've done some minimal guided config of this to try and harden it at a basic level so my cameras and IoT devices are better isolated. Not fully default, but the server is, for now, in the same network/vlan as the rest of my main computers so don't think this should matter.)

Clients - All local windows 10/11 machines for now, although in the off off chance it matters, i'm running nushell in the terminal

Domain Provider - Cloudflare

The SSH Problems:

I have a friend who's set SSH up for themselves with their home server, however they haven't had time to come over and troubleshoot. My rough understanding is "setup VcXsrv, change some configs, then it just works.". Windows these days has ssh built in, and I can SSH to the machine just fine with my key.

ssh -X...less so. I've read some docs, followed some guides, tried copilot, and it all leads to "yeah should work" and it just doesn't. I have configured a ssh config on both machines to allow X11 forwarding, i've started the XLaunch making sure I disable access control, made sure my unbuntu login isn't on wayland and so on. So far, no dice.

If someone has an end to end guide they trust to link, i'll gladly read and start from scratch. I've been cobbling together so many sources at this point i'm very lost. Lots of things jump quickly to "well just use WSL", which yeah ok i probably should test that next, but I was hoping I wouldn't need to (and am unclear if that'll even help).

The HTTPS/Domain Problems:

So..cosmos cloud.

I like the theory behind this software in that it helps enforce best practices so you don't blow your own head off when you screw something up. Maybe it's not the absolute best starting place, but getting it running without a domain was trivial, and more importantly, shockingly well documented. Not perfect, but for what I understand is mostly a one man show it's better than a lot of professional grade stuff i've dealt with.

And so I figured it'd be easy to just do the setup from scratch but choose https and point to my domain. There's been two attempts here, no DNS challenge and DNS challenge

No DNS Challenge Method

Per their docs it seemed easy enough. I'd never touched a DNS screen before but I configured an A record pointing at my WAN IP (eventually...) and disabled the cloudflare proxy.

Well going to that domain took me to my router login. Hmm. After screwing around with port forwarding and router DNS records I never got it to work and felt like I was playing with fire, so undid everything I'd done and decided I'd try the DNS challenge. Of note I could still access the cosmos cloud page from http directly to the IP, where it confirmed it failed to get the TLS cert, but https to the domain wasn't having it.

DNS Challenge Method

This seemed like I was close, and then nothing. I have no idea if i need to do internal routing on the router for this, it just sorta says "Do the DNS challenge, here's a form, you don't need to fill out all of it" which uh...ok.

I filled out what I think I needed to after setting up a token(not an API key) in cloudflare. I'm pretty certain I got that correct as I saw text files with keys created on cloudflare's DNS page and had I screwed that I'm guessing it couldn't have.

However from what I can tell, that's as far as it got. The files nuked themselves 2 minutes later when the TTL expired, and going to the domain locally gave me the cloudflare "our shit's fine, the server is timing out" page. From what I could tell diving into logs, cosmos had the same error, and I couldn't hit cosmos at all, even using the IP and http.

I do however wonder if maybe it did work BUT since I undid the router DNS record before trying this maybe that killed it? dunno.

Any ideas?

That's basically my situation. Figured i'd throw it here and see if anyone has some guidance or troubleshooting they'd recommend. Aforementioned friend who's done some of this before should be free one of these weekends and can probably help, and I haven't tried again since the second attempt. I've thrown some of the questions i've had on the discord and gotten minimal response(although I'm kinda using the thread as a rubber ducking spot as well). Next attempt is probably just DNS challenge again after more research on it and seeing if that works if I put back on the router DNS record, but i feel like logically that shouldn't work.

Oh also if anyone has some general recommended reading so that I can really understand what the hell it is I'm doing I'd love that. There's a ton of networking books/articles/etc, and in general I'd like to learn more about the subject, but I'm curious if there's a go to for people who are techy and trying to dip their toe in all of it the same way I am and setting up a proper home network and server.

This is a recurring post to discuss programming or other technical projects that we've been working on. Tell us about one of your recent projects, either at work or personal projects. What's interesting about it? Are you having trouble with anything?

Pretty much what the title says - I'm building out a smallish compute cluster and hoping to set up some centralised storage that won't be a bottleneck, but I'm very much not a networking specialist. Most of the load will be random reads from compute nodes pulling in the bits of various datasets they need to work on.

Is it plausible to throw a 100GbE ConnectX-5 card and 256GB RAM into a consumer AM5 machine, format everything in ZFS, and set up a network share with KSMBD? My understanding is that I want to ensure everything's using mirroring rather than worrying about RAIDZ parity if I'm optimising for speed, which is fine, and I know that I'll only get full throughput as far as things can be cached in RAM - but is it reasonable to expect ZFS ARC to do that caching for me? Dare I hope that the SMB driver will just work if I drop it in there between the filesystem and the NIC? Or have I crossed the line into enterprisey-enough requirements that it's going to be an uphill battle to get this working anywhere near line speed?