📋 Overview

Over the past two days (March 2-3, 2026), I built a comprehensive self-hosted AI assistant infrastructure on my Raspberry Pi 5. This post documents everything we accomplished, the challenges we faced, and the solutions we implemented.

🎯 What We Built

1. N1 Clash Proxy System

Goal: Create a reliable proxy for international traffic with automatic failover.

Hardware: Phicomm N1 (TV box flashed with OpenWrt), IP: 192.168.51.2

Internet → ChinaNet (192.168.1.1) → Redmi Router (192.168.51.1) → N1 Proxy (192.168.51.2)

Features:

  • OpenClash with Meta core
  • Automatic failover to backup proxy (192.168.31.11)
  • Telegram notifications on failover
  • Health checks every 2 minutes

2. Pi-hole DNS Ad-Blocker

Key Decision: Used Chinese DNS servers (114.114.114.114, 223.5.5.5) instead of Google/Cloudflare.

Why?

  • ✅ Works without proxy
  • ✅ Fast response (~10ms)
  • ✅ Reliable even if all proxies go down
  • ✅ No GFW interference

Access: http://192.168.51.74:8082/admin

3. Pi Dashboard (System Monitor)

Tech Stack: Node.js backend, HTML/CSS frontend, PM2 process management, nginx reverse proxy

Features:

  • Live CPU, Memory, Temperature monitoring
  • Top 5 processes by memory
  • Uptime Kuma integration
  • Auto-refresh every 30 seconds

Access: http://192.168.51.74:8080/admin/ or http://henryjin8s.xyz:8080/admin/

4. Cloudflare Tunnel

Goal: Make dashboard accessible from anywhere without port forwarding.

Key Learning: Cloudflare tunnel needs proxy to CONNECT (GFW blocks Cloudflare API) but NOT for traffic (already routed through tunnel).

Important: Added Cloudflare domains to Clash DIRECT list to prevent routing loop!

rules:
  - DOMAIN,henryjin8s.xyz,DIRECT
  - DOMAIN-SUFFIX,cloudflare.com,DIRECT

5. Uptime Kuma Monitoring

Monitors Added: Pi Dashboard (HTTP check every 60s), Website, OpenClaw Gateway, SSH, Alibaba Cloud TCP

Access: http://192.168.51.74:3001

🎯 Challenges & Solutions

Challenge 1: Google Custom Search API Not Working

Problem: API returned 403 "Permission Denied"

Root Cause: Google discontinued Custom Search JSON API for new customers in 2022.

Solution: Switched to Jina AI Reader (r.jina.ai) - free, unlimited!

Challenge 2: Cloudflare Tunnel 502 Errors

Problem: Domain access returned HTTP 502

Solution: Added proxy configuration to cloudflared service

Key Learning: Cloudflare API needs proxy to CONNECT, but traffic through tunnel doesn't need proxy.

Challenge 3: Clash Routing Loop

Problem: Domain worked in private browser tab but not regular tab

Solution: Added Cloudflare domains to Clash DIRECT list

Challenge 4: Dashboard Not Loading

Problems:

  1. Frontend fetch missing credentials
  2. Login not calling API
  3. PM2 cluster mode issues
  4. Browser cache

Solutions:

  1. Added {credentials: 'include'} to fetch calls
  2. Fixed login to call /api/login API
  3. Changed PM2 from cluster to fork mode
  4. Added no-cache headers to HTML

💡 Key Learnings

  1. Cloudflare Tunnel needs proxy to connect (GFW) but not for traffic
  2. Clash routing - Don't proxy tunneled traffic (creates loops)
  3. Browser cache - Major source of "works in private tab" issues
  4. Google APIs - Read documentation carefully (some discontinued)
  5. Jina AI Reader - Great free alternative for URL fetching
  6. PM2 modes - Use fork for single-instance apps

📈 Current Status

ServiceStatusAccess
N1 Clash Proxy✅ Running192.168.51.2:7890
Proxy Failover✅ Active51.2 → 31.11
Pi-hole✅ Running192.168.51.74:8082
Pi Dashboard✅ RunningLocal + Domain
Uptime Kuma✅ Monitoring192.168.51.74:3001
Cloudflare Tunnel✅ Connected3 connections

🔗 Useful Links