web3lookat.me
// self-hosted platform overview
A private platform running on a Raspberry Pi 5 —
storage, identity, monitoring, communication, and operations under one roof.
// what's running
The Full Stack
Core services are self-hosted, domain-routed over TLS, and access-controlled through SSO where needed.
Cloud Storage
OpenCloud with WebDAV, versioning, and Collabora editing for private file storage, sync, and document collaboration.
Single Sign-On
Authelia + Keycloak OIDC centralize authentication across the stack, with optional 2FA for protected services.
Monitoring
Prometheus, Grafana, and cAdvisor provide metrics, alerting, and operational visibility across the stack.
Team Chat
Mattermost with Keycloak SSO and custom plugins for agents, scheduling, and team workflows.
Private Mail
Stalwart Mail Server provides SMTP and IMAP for a custom-domain mail stack under direct control.
Voice Server
TeamSpeak 3 for low-latency private voice without depending on a hosted third-party platform.
Game Servers
V Rising dedicated hosting on ARM via Wine for private multiplayer under direct control.
Reverse Proxy
Traefik discovers containers, terminates TLS via Let's Encrypt, and handles routing without manual certificate work.
Object Storage
MinIO S3-compatible object store. Buckets for backups, media, and app data — AWS without the AWS bill.
// how it's wired
The Architecture
Request hits Traefik
All traffic enters via Traefik on ports 80/443. HTTP is permanently redirected to HTTPS. TLS terminates here.
Authelia checks auth
ForwardAuth middleware queries Authelia. No valid session? You're redirected to auth.web3lookat.me to prove yourself.
Service responds
Authenticated users reach their container. Every service lives on an isolated Docker network, invisible to the outside.
Private dashboard, public overview
Mission Control stays behind Authelia SSO. The public site explains what runs on the stack, how access is handled, and where the code lives.
Mission Control// auth.web3lookat.me · Authelia + TOTP