Proxmox virtualisation for data protection at home - Starline Computer: Storage und Server Lösungen von erfahrenen Experten

Staff project

Proxmox virtualisation for data protection at home

Do you consider your personal data security to be jeopardised by lax online processing? Then we have an anti-micro-targeting project for you.

A valued colleague - with understandable security concerns - has closed several data leaks for himself in a private project. Micro-targeting really went against the grain for him.

It was precisely to protect his family members that he took a stand against the collecting frenzy of the data octopuses so that he himself could not be identified by individual behaviour, interests or characteristics.

He has thus combined his projects, which were initially implemented in individual campaigns - some of which were realised using Raspberry Pi - and expanded them into a single, inexpensive and multi-secured Proxmox virtualisation.

 

He cleverly combined these applications under one cap

  • Pi-hole ad-blocker with "unbound" as recursive DNS server
  • Tvheadend TV server
  • Smart Home Hub
  • Private (Family-) Cloud
  • Persistent VPN tunnel
  • OCR-supported document archive
  • PhotoPrism for sharing photo albums
  • NGINX proxy manager
  • Backup service
  • Passwort manager
Proxmox Übersicht

Pi-hole as an all-round DNS solution

Pi-hole acts as a comprehensive DNS solution, blocks unwanted adverts, protects against malware and improves network performance. This is already possible with a Raspberry Pi, which then filters DNS queries. The bottom line: all requests to known advertising and tracking servers are blocked, while legitimate requests are forwarded. 
Pi-hole not only offers ad-free Internet use, but also improved website loading times and effective data protection. As an all-round DNS solution, it optimises network life and thus offers a cost-effective way of blocking unwanted content.

https://docs.pi-hole.net/guides/dns/unbound/

 

Pi-hole

Tvheadend TV server

A media server for the family's TV recordings is almost extinct these days due to ubiquitous streaming. The fact is: This is the only way to actually select, centrally store and manage the desired content. This requires a container with sufficient storage space that receives TV signals - via a tuner card or FRITZ!box - records them and then makes them available in a network. They can then be accessed by various devices in the network.
Configuration is carried out via a user-friendly interface in which recording requests can be planned and managed. Thanks to this media server, family members can watch their favourite programmes time-shifted and stream them flexibly on different devices in the network.

https://tvheadend.org/

 

Tvheadend

Smart home

The technology freak has also integrated smart home functions. Smart home refers to all technologies used to automate living areas. Shading systems, for example, use motorised curtains or blinds controlled by smart home hubs such as Google Home or Amazon Echo. Here too, however, the Proxmox solution confidently dispenses with its micro-targeting and controls everything itself and locally. Components - heating thermostats, actuators, light switches - can be integrated into the smart home via standards such as Z-Wave, Zigbee or Thread and operated centrally or assigned to an automation system.

https://www.home-assistant.io/

Home Assistent

Private family cloud

This private cloud enables the secure storage, sharing and management of data within the family. The functionality is based on a container that runs in the Proxmox server. It acts as a personal data storage facility for all family members to access from different devices. You can easily upload, share and edit photos, videos and documents together. Apps and software enable access from smartphones, tablets and PCs.

https://nextcloud.com

Nextcloud

Persistent VPN tunnel

A tunnel provides a continuous and secure connection between networks. In this case, between external networks (mobile networks) and the home FRITZ!box. It works by encrypting the data traffic and establishing a permanent connection between the VPN gateways. If the connection is lost, the tunnel is automatically re-established to ensure uninterrupted communication. The VPN-capable devices such as routers or special VPN appliances at both ends of the tunnel must be powerful enough to handle the encryption and constant data exchange.

Persistent VPN tunnels guarantee the secure exchange of sensitive data between family members from remote locations. They offer data protection and increased network security by maintaining a continuous, encrypted connection.

https://www.wireguard.com/

OCR-based document archive

An OCR-supported document archive also operates within the private cloud. This automates the text recognition of scanned documents. The advantage: it enables digital storage and searchability of all documents. The functionality is based on Optical Character Recognition (OCR) software, which converts printed or handwritten text into machine-readable text. This text data is indexed and stored in a digital archive.

https://github.com/paperless-ngx/paperless-ngx

Paperless

PhotoPrism server

A PhotoPrism server revolutionises photo management through intelligent image recognition and organisation. The software automatically analyses images, organises them according to people, places and objects and enables a user-friendly search. The functionality is based on machine learning and metadata extraction.

As PhotoPrism can be installed on various platforms, it also feels right at home in the Proxmox container. A clear web interface also offers convenient management of the photo collection.

https://www.photoprism.app/

Photoprism

NGINX proxy manager

The Nginx poxy manager facilitates the management of web servers and, in this case, the secure publication of individual services/ports on the Internet. The functionality is based on the Nginx web server and a proxy manager that simplifies the configuration of reverse proxies, SSL certificates and domains. 
This enables secure access to various services via a standardised interface. The Nginx proxy manager therefore optimises the management of web services and enables the simple provision of applications via the Internet.

https://nginxproxymanager.com/

Ngnix

Proxmox backup server

The functionality is based on a dedicated backup server that runs on the virtual computer of a second Proxmox node. This software enables the configuration of backup routines for selected containers and VMs. An integrated backup service ensures continuous data security, protects against data loss and enables easy recovery if required. This provides users with an efficient and reliable solution for managing their digital data and services.

https://www.proxmox.com/de/proxmox-backup-server/uebersicht

Proxmox Backup Dashboard

Passwort manager

The icing on the cake is the self-hosted password manager, as it allows you to manage all access data securely yourself. The functionality is based on an encrypted database that runs within the NextCloud. All users can store, organise and retrieve their passwords centrally in encrypted form. They therefore retain control over their access data without having to entrust it to third parties. This offers increased security and data protection for personal and business password management.

https://apps.nextcloud.com/apps/passwords

Conclusion

Overall, a very economical and solidly implemented data protection bastion that reveals hardly any points of attack. What's more, it can be set up extremely cheaply and energy-efficiently with old hardware and free software. Equipped with this, data-hungry search engines, sales platforms and social media providers only learn the bare minimum.

This way, you stay protected as a customer - and don't become a product yourself.

Any questions?

starline_logo_kontur_300
Enterprise Storage Solutions Team
Technik

Our experts are of course also experts in Linux, Ceph and ZFS