Basic Install Recommendations

[friendofroot]

Hello,

I had success installing the Proxmox VE 6.10 with the provided ISO on a virtual root with 8 cores and ssd raid.
Works very well and seems very fast. GUI is very nice to work with.
I have downloaded templates and tried running a few services via the console on containers running debian 9, 10 and alpine.

The goal are simple things like:
- one container with Plesk for 5 larger clients with multiple sites (700GB)
- one container to develop apps with docker using php7.4 and nodejs (50GB)
- one container for a sugarcrm. (100GB)

Certainly not a network of containers, or a Ceph for now. But I need to route Domains, SSL certificates and Email.

Before I do more tests or later go to production I want to make sure that I am not missing something:

1) Is it fine that I installed Proxmox with the .iso rather than using a host operating system that I know like debian 9 or 10?

2) Shall I trust the firewall of Proxmox, or turn it off and take care of that on the host level?

3) Is a NGINX on the host system a good way to route domains on these containers and provide SSL certificates via registered certificates and let's encrypt? Or do we have an integrated solution for routing domains? Do you have maybe an example NGINX configuration for 2 containers?

4) Is there a monitoring solution already on board? Mostly monitoring is a client at each container, and a server and evaluation at the host level. Maybe this is already embedded in the templates, or there are special templates where all of this is taken care of.

5) How to connect ssh clients into the container for transferring files? Will I have several SSH services running for each container at different ports?

--

Maybe the questions here also help to understand what type of information a beginner needs to get going, and if it already exists.

I did watch: https://www.youtube.com/watch?v=azORbxrItOo and the official video https://www.youtube.com/watch?v=I-e1_CTa4s0.
Also I have read this in-depth discussion: https://www.lowendtalk.com/discussion/159381/proxmox-setup-reverse-proxy-for-containers.
But now I am stuck on what is the normal best-practice but simple way to set things up from here.

Thank you.

 

[Dominic]

Hi!

1) We recommend using the ISO installer for new and existing users.

2) Proxmox VE uses iptables. You can find more information about the firewall in our documentation. What do you mean with on host level if not Proxmox VE?

3) Proxmox VE does include certificate management. Here is some information about network configuration that might be interesting for you as well.

4) We do monitor disk health and you get email notifications for some events. Depending on your exact needs, you might want to add other solutions to the system. Please consider this thread for ideas.

5) Could you explain this a little more? You can push files to and pull files from the container with our tools, too.

 

[friendofroot]

Hi Dominic,

Thank you. This is all very helpful. Good to have these links.

What do you mean with on host level if not Proxmox VE?

I was thinking to install my own tools on the host system (Proxmox VE): pfSense Firewall and NGINX.
But, I certainly would like to avoid complicating things in the beginning and will stay with the internal Proxmox tools, as you suggested.

> 3) Is a NGINX on the host system a good way to route domains on these containers and provide SSL certificates via registered certificates > and let's encrypt? Or do we have an integrated solution for routing domains? Do you have maybe an example NGINX configuration for 2 > containers?
3) Proxmox VE does include certificate management. Here is some information about network configuration that might be interesting for you as well.

Maybe you can share your insights to this scenario:

Let's say I want to have one LXC container with Plesk (a managementsystem for webhosting, you can create domains right from Plesk).
I know the combination of Proxmox and Plesk is possible: https://talk.plesk.com/threads/plesk-performance-in-proxmox-ve.345270/

2 problems:

1) How to route a domain into a specific container? That is a really a basic one, but an example would help.

2) Does the network configuration in Proxmox need to be updated every single time when there is a new domain created in Plesk?
And, can I get around this problem, when I purchase a separate IPv4 for this container) So that the container becomes independent of the IPv4 shared with other containers?

Cheers

 

[oguz]

hi,

I was thinking to install my own tools on the host system (Proxmox VE): pfSense Firewall and NGINX.
But, I certainly would like to avoid complicating things in the beginning and will stay with the internal Proxmox tools, as you suggested.

you're probably better off installing them in virtual machines to not increase the attack surface on the hypervisor (if these services are exploited then the attacker would have access to all your guest infrastructure)

1) How to route a domain into a specific container?

i think the best way is to assign your container a public IP address and point the dns records to that.

2) Does the network configuration in Proxmox need to be updated when there is a new domain created in Plesk? Could I get around this problem, when I purchase a separate IPv4 for this container?

if you assign separate IPv4 addresses to your containers, then you wouldn't have to update anything in the network configuration (other than maybe allowing connections in the firewall settings)

 

[friendofroot]

Thank you, I ordered additional IPv4 addresses for all my containers.