Architecture technique de l'infrastructure BTS SIO — Lycee Jean Lurcat, Perpignan.
29 conteneurs LXC | 17 conteneurs Docker | 4 stockages | Mise a jour : 30/04/2026
| Composant | Detail |
|---|---|
| Hyperviseur | ProxMox VE 8.4.14 (10.0.112.200) — 2x Xeon E5-2620 v2, 32 Go RAM, 3.3 To |
| Reseau | 10.0.0.0/16 (plat, pas de VLANs), OPNsense 26.1.5, WireGuard VPN |
| AD | bts.sio — DC1 (10.0.112.2) + DC2 (10.0.112.3), Server 2022 |
| Docker | CT 200 (10.0.112.20) — 17 conteneurs, Traefik v2.11 |
| Monitoring | Wazuh SIEM (CT 103), Prometheus + Grafana, Suricata IDS 32/64 rulesets |
| Stockage | NAS QNAP Scotty (10.0.112.5), 4 pools LVM/thin sur ProxMox |
10.0.112.200:800610.0.112.210.0.112.310.0.112.110.0.112.510.0.112.19017 conteneurs sur CT 200 docker-srv (
10.0.112.20) — Debian 13, Docker 29.4.2
10.0.112.20:5310.0.112.20:91004 CT de production avec autostart (onboot=1)
10.0.232.3310.0.112.25010.0.112.1010.0.112.20| Prefixe | Usage | Equipements |
|---|---|---|
10.0.112.0/24 |
Infrastructure serveurs | ProxMox, DCs, NAS, switches |
10.0.113.0/24 |
VMs etudiants ProxMox | Portfolios, projets SLAM |
10.0.232.0/24 |
Postes de travail | Salles S109-S112 |
10.0.109-110.0/24 |
Salles de cours | SISR, SLAM |
10.10.10.0/24 |
VPN WireGuard | Overlay via VPS hub |
Switches : HP ProCurve 1810G (baie) + 5x Aruba 1930 24G (salles)
WiFi : D-Link DIR-300 (BTS-SIO, WPA2) — vulnerabilites critiques
Constat : reseau plat /16 sans VLANs (F-NET-001). Segmentation prevue Phase 2.
VPS heberge sur
51.178.85.97(OVH). Reverse proxy nginx + ModSecurity CRS v4. WireGuard hub.