Access to a local web based server

[DocYoda]

Hi. I am fairly new to proxmox. I have setup proxmox on the following specs:

mobo: gigabyte mu70-su0 c612
cpu: e5-2697av4
ram: 128gb ddr4 rdimm
nic 1: rj45 intel x540 dual 10gbe both bridged to vmbr0 and vmbr1, respectively
nic 2: intel x520 single sfp (reserved)
onboard nic: 4x 1gbe (1 port connected through passthrough to 1 windows VM to connect to a local webserver; 3 reserved), 1 x IPMI
storage:
1: 256gb sata m.2 (proxmox os)
2: 512gb m.2 nvme via pcie adapter configured for VMs and containers
3: 256gb m.2 nvme via pcie adapter configured for truenas os
4: 4 x 240 gb intel s4500 configured as radiz1 for truenas
5. 1 x 800gb intel s3520 for ISO images
6. 1 x 200gb intel s3510 for backups

I am running windows 10, windows server 2022, windows 11 as VMs and some linux distros e.g. ubuntu, fedora.

I am currently connect to this web based database server via a windows VM (nic passthrough through windows VM). Every time another user connects to the web based database server, the other user is disconnected as the RDP to this VM is limited to 1 single user only. Though I tried configuring it for multisession RDP, but its not working. I may have configured it wrong.

I am not really well versed with containers at this point and I all I do is grab some scripts through PVE Helper scripts website. Thats how I installed pihole and some other things.

What are your recommendations to have multiple users connect to this local web based database server? I was thinking of a container (a webserver) to this job. You might wonder, why not connect directly from their PCs/devices to this web server? The IT recommended to setup a VM and connect to their database server without internet access. Basically I just configured a windows VM, restricted net access and thats how users connect to this webserver. The IT provided only 2 PCs with access to this database server with around 50 users taking turns, hence the solution is users brought their own laptops, PCs, mobile devices connect to this VM I created. The IT provided a LAN connection connected to the nic passthrough to the VM. Type an IP address they provided (192.168.10.100) and a user login screen appears. We just type a username and password they provided to access the server. Our office have a dedicated networking setup composed of the following:

UDM SE
XG6 POE (4 port 10GbE switch)
USW 24 enterprise

I brought my home server to the office for this purpose and is currently connected to the XG6 PoE switch.

 

[sw-omit]

1. The tutorial tag is for if YOU are making a tutorial of how to do something, not if you're looking for help / a tutorial for something, so you might want to remove that for others to look at your topic too to help you.
2. If this database-server is the Windows Server 2022, it is very strange that it only allows for 1 user to log in via RDP, except if you are using the same username/password to log into the server instead of different ones.

 

[DocYoda]

1. The tutorial tag is for if YOU are making a tutorial of how to do something, not if you're looking for help / a tutorial for something, so you might want to remove that for others to look at your topic too to help you.
2. If this database-server is the Windows Server 2022, it is very strange that it only allows for 1 user to log in via RDP, except if you are using the same username/password to log into the server instead of different ones.

Hi. Sorry. I edited the thread already. Thanks for pointing that out. New here. I was looking for a flair/prefix of "help". I will try creating different user groups in windows server 2022. By the way is there a container that would just do accessing the IP of the webserver provided by the IT and just show up the login screen of that webserver?

 

[sw-omit]

You would either be looking for a proxy-VM/-Container or a router-VM/-Container most likely, as long as that webSITE itself had a login, as you're basically going from one network / IP to another. I don't have an example, as I don't use containers yet (fairly new to Proxmox too).

Also, Why would people need the login-screen of the web-server? A webserver is generally meant to not be logged in upon except for maybe updates and bugfixing, its the website that runs on that webserver that people would access to insert their changes to the site and/or database 99% of the time.

That said though, if using a prox or router to just transfer between networks is a smart and secure thing in your regard I'm not sure, for that I have too little info (and I won't be asking for more either), so probably best to discuses with your IT / Network-Security people.

As a general idea though, if it is that you want users to change things in a database through a website, think about the following things:

• Who is going to access this data?
• From where / what device should they be allowed to access this data? (Specific devices, specific networks, worldwide?)
• How are you going to confirm that only the correct people are accessing this data? (Login, 2fa (a second factor can also be access restricted from a device in a secure location), logging of activities)
• If a user got the username/password from someone else, or a person left their logged in session unattended, how bad would/could that be?

As you can see, a website to change things might be easy to do, but also easy to do wrong.