Mount/Bind File in Proxmox LXC?

P

potter2010

New Member
Mar 30, 2025
3
0
1
Hello,

Hopefully, this question falls within the forum. I'm at a bit of a loss in configuring certificate authentication in NGINX Proxy Manager that's inside of a Proxmox LXC. All the information I can find is for a Docker environment and not Proxmox so I might be missing something easy in translating the steps.

NGINX Proxy Manager was installed in an LXC with https://community-scripts.github.io/ProxmoxVE/scripts?id=nginxproxymanager.

After much searching I found and have been largely following https://gist.github.com/olokelo/abd2040091893f2ff3167972a328a550 and the video https://www.youtube.com/watch?v=8DWcMbgQSZg.

At about the second last step I've been thwarted (https://gist.github.com/olokelo/abd2040091893f2ff3167972a328a550#changing-nginx-proxy-manager-configuration and https://youtu.be/8DWcMbgQSZg?si=eEAazHzTPEAomewb&t=1230). It involves modifying docker-compose.yml to add './certs/ca.pem:/etc/ssl/certs/mtls_ca.pem' under the Volumes section (instruction in the written guide reads as 'Mount certs/ca.pem in your Nginx Proxy Manager container under <ca path>.'), but I'm in Promox and the install script doesn't use Docker unless I've missed something.

I've been searching online for hours and I'm still at a loss so any assistance is much appreciated!
 
Hey,

what is it you are trying to do? And how does it relate to bind mounting something in a LXC? Do you own the domain you want certificates for subdomain of? If yes, configuring NPM to use DNS challenge to obtain a certificate for something like *.proxy.<your_doamin> and using it for all services is probably the easiest.
 
Hello,

I'm trying to set up certificate authentication for access to NGINX Proxy Manager that's installed in a Promox LXC. I'd like certain services accessible on the web, but not readily accessible to any person or bot who happens to find the domain. The client certificate would be installed on our devices and authenticated when connected to the server. I've created the certificates using gnutls-bin.

The only guide I can find is for Docker so I've been working through it and figuring out the equivalent steps in Proxmox. The part where it varies widely is adding the last line in the screenshot of the tutorial below. If I was to add the final line below, but in Proxmox instead of Docker, where would I do so to have the same effect? Is there an equivalent action in Proxmox?

(Screenshot from https://www.youtube.com/watch?v=8DWcMbgQSZg @ 20:30. In the tutorial this is about the second last step after everything has been installed.)
1743472897110.png

I will 100% admit this is new territory to me, so hopefully I'm making a bit of sense.
 
Have you set up port forwarding for ports 80 and 443 in the router/firewall? Without these, there are no certificates.

/certs/ca.pem volume is not normally required. Only the port forwarding ...
 
Last edited:
Ohh, you mean mTLS. Generally there is no need to bind mount[1] it, you can just copy it from the host into your container, alternatively just generate them in the container. Is there a reason you have to have those directly on the PVE host somewhere? Also data and letsencrypt, why not have it in the LXC itself, there is no real benefit of having them not in. Actually, you ideally want to include all of this in backups and for that you want all of this in the container, not bind mounted.

[1] https://pve.proxmox.com/wiki/Linux_Container#_bind_mount_points
 
Hannes Laimer said:
Ohh, you mean mTLS. Generally there is no need to bind mount[1] it, you can just copy it from the host into your container, alternatively just generate them in the container. Is there a reason you have to have those directly on the PVE host somewhere? Also data and letsencrypt, why not have it in the LXC itself, there is no real benefit of having them not in. Actually, you ideally want to include all of this in backups and for that you want all of this in the container, not bind mounted.

[1] https://pve.proxmox.com/wiki/Linux_Container#_bind_mount_points
Click to expand...
OMG, thank you. I was clearly in a mix of not fully understanding and waaaaaaaay over-complicating it. I have to do a bit more testing but I think with you help I have it working. Once I'm sure it's working I'm going to make sure to post what I did around.

Thank you again!
 
You must log in or register to reply here.
Top Bottom