Access proxmox gui with domain name instead of local ip and port

[haris013]

Hello, newbie here, how can i access the gui of a single node proxmox installation with a use of a local domain name instead of ip and port? I don't have HA, clusters etc, only a single node with few VMs. i need something like homelab.local instead of ip:8006.
Is that possible?

 

[PlOrAdmin]

You could manually add an entry to your hostfile(of PC you connect with).

 

[haris013]

then can i create an ssl (ACME) in order to avoid the GUI certificate error?

 

[PlOrAdmin]

I assume so. Never done that myself.

 

[haris013]

i see many videos that proxmox gui url uses a domain name instead of an IP, how they done it? do they reach proxmox outside lan using a dns record?

 

[LnxBil]

i see many videos that proxmox gui url uses a domain name instead of an IP, how they done it? do they reach proxmox outside lan using a dns record?

You can use your local dns in your home network for this, just look in your router manual. You will not have LetsEncrypt SSL certificates for that, but you can just accept the SSL certificate permanently in your browser.

 

[Ivan Gersi]

The best way is if router/gw(dhcp server) in your network support static dns entries (e.g. every Mikrotik) + you can make harpin NAT.
Of course you have to use DNS of your router in your pc.

 

[Glowsome]

To get DNS resolution for your proxmox UI the solution depends on some conditions :

1. One management machine over dns/hostname resolution.
   Easyest way is to create hosts entries in C:\Windows\System32\drivers\etc\hosts
   Add a line to the file in the following format : ip (space or tab) fully qualified hostname like :
   
   10.10.10.299 host.domainname.com
   
   Explanation : Hostfile resolution is an override to DNS, if you query for a name it will always look first in the hosts file, and then actually query a DNS-server.
   
   
2. Multiple management machines over dns/hostname resolution.
   Either use router DNS capabillities to get resolvement in place, or get an internal DNS server installed and configure your workstations to use it (including forwarders for everything outside your zone) - there is alot of info on the net, but https://opensource.com/article/17/4/build-your-own-name-server should get you started.
   Explanation : it is not wise to use hosts -file as for multiple machines it would mean that every change requires alot of effort to keep the data in sync, use a dns-server to centralise, and point all clients to this dns-server.

Question remains why you would want to get a verified certificate on the Proxmox-UI .. as this is a management-UI it should (unless other measurements are taken) under no circumstance be exposed to the public internet !

 

[Jonathanyyf]

then can I create an ssl (ACME) in order to avoid the GUI certificate error?

No, you need to buy a domain at a registrar for that, because your domain needs to be accessible from the internet.
What you are asking for must be a Let's Encrypt certificate.
But yet you have to use a webserver etc.
Actually it is a pretty good project to practice but lots of concepts to learn.

 

[gradinaruvasile]

No, you need to buy a domain at a registrar for that, because your domain needs to be accessible from the internet.
What you are asking for must be a Let's Encrypt certificate.
But yet you have to use a webserver etc.
Actually it is a pretty good project to practice but lots of concepts to learn.

You can use a LE certificate internally too. The browser doesn't care how the DNS name was resolved or what IP points to (so you can use the hosts file, too for this, you don't even need an internal DNS to handle stuff).
But for generating the certificate you need internet connection and DNS access.
After you have the cert you can copy and use wherever you want (the IP address has to be resolved with the domain name of the certificate).

 

[LnxBil]

You can also always generate your own certificate chain, but this is out of the scope if you're struggling with DNS already.

 

[blackninja]

I'm close to having this all working. I set up dnsmasq via DD-WRT, registered a domain name, and setup the DNS there as well so that I can use LetsEncrypt. I got a wilcard cert by following instructions here: https://medium.com/@cubxi/add-wildcard-lets-encrypt-certifications-with-namecheap-6a466df0886f.

However, my browser is still having issues 'trusting' the cert, even though it validates. Close, but not 100% there yet

 

[gradinaruvasile]

I'm close to having this all working. I set up dnsmasq via DD-WRT, registered a domain name, and setup the DNS there as well so that I can use LetsEncrypt. I got a wilcard cert by following instructions here: https://medium.com/@cubxi/add-wildcard-lets-encrypt-certifications-with-namecheap-6a466df0886f.

However, my browser is still having issues 'trusting' the cert, even though it validates. Close, but not 100% there yet

Use the fullchain.pem instead of cert.pem

 

[KatyComputer]

A wildcard certificate covers your domain and subdomains, it uses dns records instead of a public facing html server, you should be able to create the certs behind your firewall, then update as needed.

One of these days, I am going to try implementing wildcard LetsEncrypt certificates using the Cloudflare API. Other DNS providers have an api for auto-updating of DNS records. There are quite a few interesting applications geeks have found for using these techniques.

 

[BobhWasatch]

One of these days, I am going to try implementing wildcard LetsEncrypt certificates using the Cloudflare API. Other DNS providers have an api for auto-updating of DNS records. There are quite a few interesting applications geeks have found for using these techniques.

There's a tool for that: https://github.com/go-acme/lego