Get server from hetzner for proxmox

[mfaridi]

I want use hetzner dedicated server and install on this server latest proxmox and install VMs on it and give SSH access to users from internet and they can connect to this VMs and use them.
Please help me to buy right server for my projects.
For example how many Lan or IPs this server should have?
Servers on hetzner has default hardware specifications, should I must change them? and which one should change?

 

[mfaridi]

Any help?
Any guide?

 

[leesteken]

Please help me to buy right server for my projects.

Any help?
Any guide?

You tell nothing about your projects (or your budget), so how can people help chose the right server for you?

EDIT: Your server needs at least one LAN and IP and it needs to be able to run Debian and/or Ubuntu.

 

[mfaridi]

You tell nothing about your projects (or your budget), so how can people help chose the right server for you?

EDIT: Your server needs at least one LAN and IP and it needs to be able to run Debian and/or Ubuntu.

Thanks,
I bought dedicated server from Hetzner with one IP public, I want install Proxmox and Run more than 100 VMs by proxmox, I want all these VMs can accessible from internet and user can ssh or rdp to these VMs and use these VMs.
I want best solution for this case. I search around and i saw many many ways, but I need simple way with low cost and low time to config.

 

[ubu]

Erstes Terminal:
watch -n 10 xtightvncviewer localhost &

----

Hetzner Webinterface Rescue System starten

Zweites Terminal:

scp ISO/proxmox-ve_8.1-1.iso RESCUE:

ssh RESCUE -L 5900:127.1:5900


altnames der Netzwerkinterfaces ermitteln:


ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen
1000
link/ether 23:b8:85:1fe2f:11 brd ff:ff:ff:ff:ff:ff
altname enp2s0
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 8c:61:0e:bc:7a:c2 brd ff:ff:ff:ff:ff:ff
altname enp7s0



qemu-system-x86_64 -m 4096 -k de -hda /dev/nvme0n1 -hdb /dev/nvme1n1 -bios /usr/share/ovmf/OVMF.fd -cdrom proxmox-ve_8.1-1.iso -boot d


Installation per VNC

qemu-system-x86_64 -m 4096 -k de -hda /dev/nvme0n1 -hdb /dev/nvme1n1 -bios /usr/share/ovmf/OVMF.fd

Einloggen, interface Namen in /etc/network/interfaces anpassen (altnames von vorher)

shutdown vm

reboot host

 

[mfaridi]

Erstes Terminal:
watch -n 10 xtightvncviewer localhost &

----

Hetzner Webinterface Rescue System starten

Zweites Terminal:

scp ISO/proxmox-ve_8.1-1.iso RESCUE:

ssh RESCUE -L 5900:127.1:5900


altnames der Netzwerkinterfaces ermitteln:


ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen
1000
link/ether 23:b8:85:1fe2f:11 brd ff:ff:ff:ff:ff:ff
altname enp2s0
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 8c:61:0e:bc:7a:c2 brd ff:ff:ff:ff:ff:ff
altname enp7s0



qemu-system-x86_64 -m 4096 -k de -hda /dev/nvme0n1 -hdb /dev/nvme1n1 -bios /usr/share/ovmf/OVMF.fd -cdrom proxmox-ve_8.1-1.iso -boot d


Installation per VNC

qemu-system-x86_64 -m 4096 -k de -hda /dev/nvme0n1 -hdb /dev/nvme1n1 -bios /usr/share/ovmf/OVMF.fd

Einloggen, interface Namen in /etc/network/interfaces anpassen (altnames von vorher)

shutdown vm

reboot host

Installation is done, what I must do about how user access to VMs from internet?

 

[leesteken]

I want install Proxmox and Run more than 100 VMs by proxmox, I want all these VMs can accessible from internet and user can ssh or rdp to these VMs and use these VMs.

Installation is done, what I must do about how user access to VMs from internet?

Buy "more than 100" IPs and assign each VM their own IP (inside each VM).
I'm curious how much memory each VM has and if you got m"ore than 100" times that amount for your server, as Proxmox does not really work well with memory overcommit.

 

[ubu]

1. You can use hetzners vSwitch feature to get additional official IPs, which you then can use on your VMs/containers.

2. You can set up a vmbrX interface with no physical network interface and a private network, eg 192.268.100.0/24.

Now you can enable ip_forward and create firewall rules to
a. masquerade outgoing traffic to your official IP, so that your guest can access the internet and
b. dnat incoming ports to the private IPs of your VMs/containers

I have just seen that you want a 100 VMs,
that complicates things, since you are limited to I think 5 vSwitches and I think 32 IPs per vswitch...

For Webservers you could use a revers proxy with name based virtual hosts to forward to the right VM by domain name ...

Port based you could forward
1022 ->192.168.100.10:22
1122 ->192.168.100.11:22
...

 

[mfaridi]

Buy "more than 100" IPs and assign each VM their own IP (inside each VM).
I'm curious how much memory each VM has and if you got m"ore than 100" times that amount for your server, as Proxmox does not really work well with memory overcommit.

Thanks,
but I do not want buy many IPs.I want do this with one public IP or two public IP.

 

[ubu]

Then use the dnat method

 

[mfaridi]

Can I do this only by Proxmox ?

 

[ubu]

I am not sure, but I think not, sorry, have never used the built-in firewall

 

[Tharos47]

Yes you can do it only with proxmox.
Imho the best way to do it is by using a jump Host then create a firewall rule redirecting port 22 to the jump Host( a simple linux VM/CT). This way you "only" expose 1 ssh Host to the internet and have only one port forwarding to setup on proxmox. The 100 others VM/CTs then live only in a proxmox "lan".
Here is the proxmox Doc for the network setup : https://pve.proxmox.com/wiki/Network_Configuration#sysadmin_network_routed
Just add a post-up rule to forward port 22.
If you want Rdp instead of ssh you should probably setup apache guacamole or something similar instead of a port redirect.

 

[mfaridi]

Yes you can do it only with proxmox.
Imho the best way to do it is by using a jump Host then create a firewall rule redirecting port 22 to the jump Host( a simple linux VM/CT). This way you "only" expose 1 ssh Host to the internet and have only one port forwarding to setup on proxmox. The 100 others VM/CTs then live only in a proxmox "lan".
Here is the proxmox Doc for the network setup : https://pve.proxmox.com/wiki/Network_Configuration#sysadmin_network_routed
Just add a post-up rule to forward port 22.
If you want Rdp instead of ssh you should probably setup apache guacamole or something similar instead of a port redirect.

Thank,
nice guide, I see your link , but I do not understand this

auto lo
iface lo inet loopback

auto eno0
iface eno0 inet static
        address  198.51.100.5/29
        gateway  198.51.100.1
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up echo 1 > /proc/sys/net/ipv4/conf/eno0/proxy_arp


auto vmbr0
iface vmbr0 inet static
        address  203.0.113.17/28
        bridge-ports none
        bridge-stp off
        bridge-fd 0

and this

auto lo
iface lo inet loopback

auto eno1
#real IP address
iface eno1 inet static
        address  198.51.100.5/24
        gateway  198.51.100.1

auto vmbr0
#private sub network
iface vmbr0 inet static
        address  10.10.10.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0

        post-up   echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o eno1 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o eno1 -j MASQUERADE

and I can not mix them,
some VMs use 192.168.1.0/24 and some VMs use 10.10.10.1/24 and some VMs use 172.22.1.0/24,
I do not know how I config proxmox use these different subnet IPs and How config two config files I post above for these VMs. I want all VMs can go to internet and we can ssh to these VMs from internet,

 

[mfaridi]

Thank,
nice guide, I see your link , but I do not understand this

auto lo
iface lo inet loopback

auto eno0
iface eno0 inet static
        address  198.51.100.5/29
        gateway  198.51.100.1
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up echo 1 > /proc/sys/net/ipv4/conf/eno0/proxy_arp


auto vmbr0
iface vmbr0 inet static
        address  203.0.113.17/28
        bridge-ports none
        bridge-stp off
        bridge-fd 0

and this

auto lo
iface lo inet loopback

auto eno1
#real IP address
iface eno1 inet static
        address  198.51.100.5/24
        gateway  198.51.100.1

auto vmbr0
#private sub network
iface vmbr0 inet static
        address  10.10.10.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0

        post-up   echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o eno1 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o eno1 -j MASQUERADE

and I can not mix them,
some VMs use 192.168.1.0/24 and some VMs use 10.10.10.1/24 and some VMs use 172.22.1.0/24,
I do not know how I config proxmox use these different subnet IPs and How config two config files I post above for these VMs. I want all VMs can go to internet and we can ssh to these VMs from internet,

Any guide or help