how I transformed a Mini PC into a private cloud, running virtual machines, containers, and CI/CD pipelines, all while ensuring secure remote access with Cloudflare Zero Trust. This setup mirrors real-world cloud infrastructure but remains fully self-hosted. π βοΈ
π My Hardware Setup
-
Mini PC: Lenovo ThinkCentre M710q
- CPU: Intel Core i5-7400T
- RAM: 8GB DDR4
- Storage: 256GB SSD
- Router: GL.iNet MT3000 (Beryl AX)
-
Network Bridge:
vmbr0(Proxmox-managed)
π₯οΈ Architecture Overview
Architecture of my self-hosted cloud setup
The architecture consists of six main components:
-
π€ User Access (Cloudflare Zero Trust)
- Ensures secure, remote access without exposing ports.
- Acts as a proxy between users and my self-hosted services.
-
πΎ Private Cloud (Mini PC with Proxmox VE)
- Runs Proxmox as the hypervisor to manage VMs.
- Uses vmbr0 as a virtual bridge for networking.
-
βοΈ VM Provisioning (Terraform + Cloud-Init)
- Automates VM creation on Proxmox.
- Cloud-Init configures VMs with static IPs on boot.
-
π¦ Dockerized Applications
- Each VM runs Docker to host essential services:
- Casa OS (Personal Cloud OS)
- Plex (Media Streaming)
- Vaultwarden (Password Management)
- Kavita (eBook Management)
- Portainer (Container Management UI)
- Each VM runs Docker to host essential services:
-
π CI/CD Automation (GitHub Actions)
- Triggers Terraform updates when infrastructure changes.
- Ensures consistent VM provisioning.
-
π Secure Connectivity & Networking
- Cloudflare tunnels protect services from direct exposure.
- VMs communicate via Proxmox-managed networking.
πΉ Workflow & Connectivity
1οΈβ£ Secure User Access via Cloudflare Zero Trust
- The entry point for accessing any self-hosted services is Cloudflare Zero Trust. This eliminates the need to expose ports on my home network, significantly enhancing security.
- Instead of relying on traditional VPNs, users authenticate through Cloudflare, which applies access policies, identity-based authentication, and additional security layers.
- Once authenticated, Cloudflare acts as a secure reverse proxy, allowing authorized users to connect seamlessly to internal applications hosted within my private cloud.
2οΈβ£ Proxmox as the Core of the Private Cloud
- The Lenovo ThinkCentre M710q Mini PC serves as my private cloud infrastructure, running Proxmox Virtual Environment (VE) as the hypervisor.
- Proxmox manages multiple virtual machines (VMs), each dedicated to different services. Networking between these VMs is handled through a virtual bridge (vmbr0), which allows internal communication while keeping them isolated from the external network.
- This approach provides the flexibility to deploy different operating systems and environments while maintaining efficient resource allocation.
3οΈβ£ Automated VM Provisioning with Terraform & Cloud-Init
- Instead of manually creating and configuring VMs, I use Terraform, an Infrastructure as Code (IaC) tool, to automate VM deployment.
- Terraform provisions new VMs on Proxmox, defining their configurations such as CPU, memory, disk size, and network settings.
-
Cloud-Init is then used within each VM to automatically apply post-installation configurations. This includes:
- Setting static IP addresses to ensure predictable networking.
- Pre-configuring SSH access and system users.
- Applying any additional customizations needed for specific workloads.
- This automated approach saves time, ensures consistency, and makes scaling effortless.
4οΈβ£ CI/CD Automation with GitHub Actions
- GitHub Actions is used to automate updates and configuration changes.
- Whenever I make modifications to the Terraform configuration files, GitHub Actions triggers a CI/CD pipeline that:
- Validates the Terraform configuration.
- Applies changes to the infrastructure on Proxmox.
- Ensures that any modifications to networking, security, or VM settings are instantly reflected.
- This keeps my infrastructure version-controlled, allowing me to track changes and quickly rollback if needed.
5οΈβ£ Cloudflare Tunnels for Secure Connectivity
- Instead of exposing services directly to the internet, I use Cloudflare Tunnels to securely route traffic.
- Cloudflareβs tunnel service establishes an outbound-only connection from my network to Cloudflareβs edge servers, eliminating the need for port forwarding.
- Each application, whether itβs Plex for media streaming, Vaultwarden for password management, Kavita for eBook hosting, or Portainer for Docker container management, is accessible only through Cloudflare-protected URLs.
- This ensures that unauthorized external traffic never reaches my home network, adding an extra layer of protection.
This fully automated, self-hosted cloud setup combines Proxmox, Terraform, Cloud-Init, Docker, and Cloudflare to create a secure, scalable, and maintainable environment. By leveraging CI/CD pipelines and Infrastructure as Code (IaC), I can dynamically manage VMs, automate updates, and ensure all services remain protected and accessible from anywhere in the world.
π Why This Setup Is Powerful
β
Private Cloud β No reliance on external providers.
β
Fully Automated β Terraform provisions and configures VMs.
β
Secure β No open ports, all traffic secured via Cloudflare.
β
Efficient β Docker ensures lightweight, containerized deployments.
β
CI/CD-Driven β Infrastructure as Code keeps everything repeatable.
This setup allows me to self-host my own cloud-like environment, making it a great showcase of cloud engineering, automation, and security best practices.
π¬ What do you think about self-hosting? Have you built something similar? Letβs discuss in the comments! π
Top comments (7)
Your post "How I Built My Self-Hosted Cloud with Proxmox, Terraform & Docker" contains great information on configuring an efficient and scalable self-hosted cloud system. From Proxmox virtualization, Terraform infrastructure-as-code, to Docker containerization, it is a complete guide on Cloud Application Development. It would be excellent to add more information regarding security best practices and automation techniques to further improve the deployment process.
Is it AI written? πΏ
No
This is next-level home lab wizardry! Turning a Mini PC into a fully automated private cloud with Proxmox, Terraform, and Cloudflare Zero Trust is pure genius. The fact that youβve got CI/CD pipelines managing infrastructure and secure access without exposing ports is so cool.
Thanks for sharing
Wow, this is incredible! π I'm super impressed by how you built this self-hosted cloud with Proxmox, Terraform, and Docker. π» How did you ensure seamless scaling and performance of your virtual machines and containers? π Also, did you encounter any challenges while setting up Cloudflare Zero Trust for remote access? π€ Would love to hear more about your experience!
Good Explanation
This is really cool and inspirational to me! I love self-hosting, and this is a good alternative to the "serverless" trend.