JMA1 — Self-Managed Web Hosting Platform
Self-hosted platform on Proxmox with Ansible automation, network segmentation, and CIS Controls v8.1 compliance.
Context
SKIL2 Semester 2 group project at Thomas More (2025–2026). The assignment was to build a fully self-managed hosting platform from scratch on our own hardware, capable of hosting PHP and Java web applications, and meeting the CIS Controls v8.1 security standard.
Goal
Design and operate a segmented, automated, and security-compliant web hosting platform using virtualization, infrastructure-as-code, and VPN-gated administration.
My Contribution
I designed the VM network segmentation strategy (web proxy, application, database, and monitoring VMs), wrote Ansible playbooks for automated configuration and deployment, and implemented several CIS Controls including automatic OS updates, firewall rules, audit logging, and daily encrypted backups.
Technical Learning
I gained practical experience with Proxmox hypervisor management, Ansible for infrastructure automation, network security design (segmentation, least-privilege traffic rules), and applying a real-world security compliance framework (CIS Controls v8.1).
Soft Skills
Managing infrastructure as a team required clear documentation, shared runbooks, and disciplined change management. I learned to write Ansible playbooks that colleagues could read and run without guidance.
Technologies
- Proxmox
- Ansible
- Linux
- VPN
- Network Security
- Docker
- CIS Controls v8.1
- Firewall
- Monitoring
Security Note
Platform built to CIS Controls v8.1: automatic OS patching, restrictive firewall rules, user access controls, audit logging, antivirus scanning, and daily encrypted backups. Admin access exclusively via VPN.