Why use a nginx proxmox proxy using letsencrypt ssl? 1st: why not? 2nd: Load balancing! Nginx is built to handle many concurrent connections at the same time from multitude of clients. This makes it ideal for being the point-of-contact for said clients. The server can pass requests to any number of backend servers to handle the bulk of the work, which spreads the load across your infrastructure. This design also provides you with flexibility in easily adding backend servers or taking them down as needed for maintenance. 3rd: Security! Many times Nginx can be secured to not allow access to certain parts of the underlying application so life doesnt throw you a curveball at 3AM on December 24th 2006(dont ask 🙁 ). 4th: Port firewall constraints! Sometimes you need to access an application on port 34563 but firewall doesn’t allow access on random ports. You can allow incoming connections on port 80 via nginx but proxy them to the app on 34563. 5th: seriously… why not….. Now you know why we may want nginx as a frontend proxy for our underlying app. so let’s get to setting it up for our use case which is to protect proxmox from bad actors! and to provide reliable access to our proxmox for ourselves. We are going to setup nginx to forward all traffic from port 80 to port 443 where letsencrypt will provide us with ssl encrypted access! Install nginx light instead of full, so you have a smaller set of utilities but also a lighter install. you can install […]
Category Archives: Virtualization
Proxmox iso upload method
I just setup proxmox, and am testing out various features. I needed to upload an ISO so I can install an OS. took me a bit so i figured I’d throw it on here for future ref. Login to proxmox web control panel. Goto server view from drop down on left hand side. Expand datacenter menu until you see local then click it Right hand side select COntent tab click upload button Click select file, find your ISO, click upload. This should solve any proxmox iso upload questions that may arise 🙂 Update to add a screenshot below.
Proxmox IP bridge for single public IP
I just setup a test copy of proxmox 4.1 and realized I only had one IP attached to the box. So I had to set up a bridge and forward ports to the internal IPs. So the basic idea is, we are going to set up a new virtual interface bridge in your networking file. This requires a working proxmox machine up and running. I am using a standard install, no changes made to the network prior to this. Proxmox Desired Network Layout External IP ————————- proxmox server as NAT ————————— Internal IP 1.2.3.4 ————————- 1.2.3.4 NAT 10.0.0.10 ————————-10.0.0.10 Current network Layout when we check /etc/network/interfaces we see the following : # The loopback network interface auto lo iface lo inet loopback # for Routing auto vmbr1 iface vmbr1 inet manual post-up /etc/pve/kvm-networking.sh bridge_ports dummy0 bridge_stp off bridge_fd 0 # vmbr0: Bridging. Make sure to use only MAC adresses that were assigned to you. auto vmbr0 iface vmbr0 inet static address 1.2.3.4 netmask 255.255.255.0 network 1.2.3.0 broadcast 1.2.3.255 gateway 1.2.3.254 bridge_ports eth0 bridge_stp off bridge_fd 0 iface vmbr0 inet6 static address 1:2:3:4::5 netmask 64 post-up /sbin/ip -f inet6 route add 1:2:3:4:ff:ff:ff:ff dev vmbr0 post-up /sbin/ip -f inet6 route add default via 1:2:3:4:ff:ff:ff:ff pre-down /sbin/ip -f inet6 route del default via 1:2:3:4:ff:ff:ff:ff pre-down /sbin/ip -f inet6 route del 1:2:3:4:ff:ff:ff:ff dev vmbr0 As you can see above we have a working interfaces file just with pseudo IPs instead of real ones. yours will of course have your own IP. Also, you may not have an […]