Personal Infrastructure · Ubuntu Server 24.04
BLUESTORM
LAB
lab.blackrose.fi

A publicly accessible home lab server running a hardened security stack. Built for learning, experimentation, and demonstration of real-world infrastructure skills. Everything here is live.

24/7
Uptime target
Zero Trust Servers
VM's on i9-12900K
SSL
Let's Encrypt
IPs tarpitted
Ubuntu 24.04 Docker Nginx fail2ban endlessh UFW Let's Encrypt Portainer
← Back to portfolio

// Live Activity

Endlessh — SSH Tarpit
Live
Loading tarpit data...
— connections
Threat Activity — fail2ban / UFW
Live
Loading threat data...
— events

// Running Stack

Ubuntu Server 24.04
Base OS running as a VMware VM on Blackstorm (i9-12700K, Windows 11 host). SSH on non-standard port, key-only authentication.
● Running
Nginx + SSL
Reverse proxy serving all public-facing services. Let's Encrypt SSL via Certbot with auto-renewal. Handles routing for all subdomains.
● Running
Docker + Portainer
Container runtime for all services. Portainer provides a management UI. Docker Compose for orchestration. Manually updated to latest stable.
● Running
fail2ban
Intrusion prevention — monitors SSH, Nginx, and custom log patterns. Bans offending IPs automatically. Custom filter for SSH banner exchange attacks.
● Running
Endlessh
SSH tarpit running in Docker on port 2022. Keeps scanners and bots stuck in an infinite fake SSH banner loop — wasting their time, not mine.
● Running
UFW Firewall
Host-based firewall with strict allow-list rules. Bulletproof hosting subnet blocks active. Only necessary ports exposed to the internet.
● Running
Uptime Kuma
Self-hosted uptime monitoring for all services. Provides public status page and internal alerting when services go down.
● Running
DDNS / Port Forwarding
Dynamic DNS keeps lab.blackrose.fi pointed at the current home IP. Self-hosted router handles port forwarding and DDNS updates automatically.
● Active