A two-node Proxmox cluster running 20+ containers and VMs — covering low-code automation with n8n, local AI with Ollama, SSO with Authentik, self-hosted docs with Outline, and all the networking, backups, and monitoring that keeps it running.
The diagram reflects the live layout: Cloudflare sits at the edge (DNS/CDN), traffic comes in via Cloudflare Tunnel to Nginx Proxy Manager (reverse proxy / TLS), and OPNsense enforces segmentation between VLANs. WireGuard provides remote access, and AdGuard Home handles DNS on the LAN.
Domain: *.balawalraja.uk (Cloudflare). Stack: Proxmox VE, LXC/Docker, OPNsense, Cloudflare Tunnel, NPM.
A two-node Proxmox VE cluster with 20+ containers/VMs, a mix of LXC and Docker workloads, and redundancy where it matters.
Public HTTPS, VPN, and LAN paths align with the diagram’s legend (public, VPN tunnel, LAN, management).
I keep the lab simple: edge ingress is separated from core services, and the AI/testing areas are isolated behind OPNsense VLAN policies.
Core services, automation, docs, monitoring, and backups.
Ingress, DNS, VPN, and connectivity between VLANs.
Networking & ingress
Operations
High-level security notes: public access is fronted by Cloudflare, traffic enters via a tunnel to Nginx Proxy Manager, and internal access is segmented behind OPNsense. SSO is handled with Authentik; backups run through Proxmox Backup Server.
Cloudflare for DNS, CDN, and edge controls; tunnel delivers traffic to NPM, which reverse-proxies and handles TLS for internal services
Identity provider for single sign-on across internal applications
Encrypted remote access for clients without exposing management to the public internet
DNS filtering and policy on the LAN, aligned with the diagram’s access path
Collaborative threat detection engine — analyses logs, detects attack patterns (HTTP probing, brute force), and issues live bans via the bouncer
The practical problems solved to get a stable, secure, and maintainable lab.
The changes that made the environment reliable, repeatable, and easy to operate.
Learning Outcome: This hands-on experience, combined with professional cloud infrastructure work at ZAVA, has strengthened my skills in system administration, network management, infrastructure automation, and secure operations.