1 public IP with multiple containers and vm - Looking for outside access with domain names

[kcdxb]

Hello, I am completely lost to be able to achieve the following:

I currently have moved from a synology based system to a proxmox with the idea of having multiple containers and 1 vm running with various service (I believe that each container for a service would make more sense, less chances of breaking things).

- 1 vm outside work accessible
- 5 containers each with service, nextcloud, a website, a central mysql, onlyoffice etc...

I have 1 public static ip, with a usg (from unifi running all firewall and gateway)

I also have unifi running on a container, I have managed to get it to work via a reverse proxy from synology since its in the same network, however I am not sure I did it well,
And this is not the setup I wish to keep.

What I am looking to do is to have an ssh for files and terminal access for the host and each container,
Have each container and services accessible via its own domain without ports and also have letsencrypt renew certificates automatically. Which I cant do as it needs port 80 which is not accessible for each container (or so I think)

I also though of having 1 nginx container with reverse proxy running to do the job?

Additionally I am a complete newby on proxmox, with limited network knowledge.

 

[oguz]

hi,

you need to set up NAT with forwarding to achieve what you want.

basically after setting that up you can forward ports to containers, i.e. your PVE host can forward port 2222 to port 22 of a container to grant ssh access from outside.

check here[0]

[0]: https://pve.proxmox.com/wiki/Networ...ith_tt_span_class_monospaced_iptables_span_tt

 

[kcdxb]

Thank you for your response oguz,
Will this work if I do this?
Also will I have to forward port 2222 manually to each host?

uto lo
iface lo inet loopback

iface enp0s31f6 inet manual

auto vmbr0
iface vmbr0 inet static
address 192.168.2.2
netmask 255.255.255.0
gateway 192.168.2.1
bridge_ports enp0s31f6
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o enp0s31f6 -j MASQUERADE
post-up iptables -t nat -A POSTROUTING -s '192.168.2.0/24' -o eno1 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.2.0/24' -o eno1 -j MASQUERADE

 

[oguz]

Also will I have to forward port 2222 manually to each host?

you will need to forward a different port for each port of container you want to access. you can do this with the pve-firewall on the GUI by adding a rule (or over the CLI with iptables)


try to do the /etc/network/interfaces config like it's on the wiki page i sent you.

 

[kcdxb]

Thank you, I am trying this,
Would you be able to give me a sample for the config of the firewall?

 

[oguz]

Would you be able to give me a sample for the config of the firewall?

something like this: iptables -t nat -A PREROUTING -i eth0 -p tcp --dport ${1} -j DNAT --to ${2}:${3}

where,

${1}: outside port
${2}: IP of CT
${3}: port of CT