Guidance and opinions for Proxmox with PfSense Build for selfhosting 2 VM WebServers

hevski

New Member
May 2, 2022
4
0
1
I don't have Proxmox and PfSense experience, but have watched a couple of YouTube videos about setup.

Wonder if I can get any opinions and guidance from anyone with more experiance on a small self-hosting web hosting solution I’m imminently looking to setup.

Networking

Modem -> PFsense Box -> Managed Switch configured with Two VLANS (1 VLAN id(101) for Home LAN, 1 VLAN dedicated (id 901)for exposing the Proxmox Box) -> Proxmox Box

VMs On Proxmox

I only require two VM’s on the Proxmox box:
  • Windows Server 2019 – Only hosts 2 sites.
  • WHM/cPanel- will host 10 sites and more to come.
This is where I get more confused, the PfSense routed web traffic to the Proxmox box is this routed to the virtual NICs (I think there is a concept on Proxmox), does a virtual NIC give you seperate IP address for each VM instance.
  • Is this understanding following roughly correct for PFSense configuration? A possible way to go about the setup, PFSense would be configured so all web traffic port HTTP 80, HTTPS 443 gets routed to the VLAN 901, to the Proxmox box virtual IP address for the WHM/cPanel VM instance.
  • And then setup two specific domain name pattern match PFSense rules for for the 2 sites to route to the Windows Server VM instance virtual NIC.
Would I get two virtual IP addresses from one physical NIC card on the Proxmox box? So one virtual IP for the Windows Server 2019 VM and one virtual IP for the WHM/cPanel VM?

Or would it be a better solution to get a dual-port NIC card and map/bridge the traffic from each NIC to each VM?

Sorry not sure about the terminology I'm using is correct here.
 
I don't have Proxmox and PfSense experience, but have watched a couple of YouTube videos about setup.

Wonder if I can get any opinions and guidance from anyone with more experiance on a small self-hosting web hosting solution I’m imminently looking to setup.

Networking

Modem -> PFsense Box -> Managed Switch configured with Two VLANS (1 VLAN id(101) for Home LAN, 1 VLAN dedicated (id 901)for exposing the Proxmox Box) -> Proxmox Box

VMs On Proxmox

I only require two VM’s on the Proxmox box:
  • Windows Server 2019 – Only hosts 2 sites.
  • WHM/cPanel- will host 10 sites and more to come.
This is where I get more confused, the PfSense routed web traffic to the Proxmox box is this routed to the virtual NICs (I think there is a concept on Proxmox), does a virtual NIC give you seperate IP address for each VM instance.
You attach your VMs with virtual NICs to bridges and these bridges are connected to your physical NICs. Usually you want to give each VM its own IP (either static or using DHCP), or multiple in case then should ne member of several subnets/VLANs, so you might want to setup a reverse proxy to be able to forward traffic to the different IPs of your webservers.
  • And then setup two specific domain name pattern match PFSense rules for for the 2 sites to route to the Windows Server VM instance virtual NIC.
For that you use a reverse proxy. Not sure about pfsense but OPNsense got some plugins for that like HAproxy. I guess pfsense got something similar.
 
Thanks for the info Dunuin.
You attach your VMs with virtual NICs to bridges and these bridges are connected to your physical NICs. Usually you want to give each VM its own IP (either static or using DHCP), or multiple in case then should ne member of several subnets/VLANs, so you might want to setup a reverse proxy to be able to forward traffic to the different IPs of your webservers.

Good to know about virtual NICS to bridges then bridges connected to the physcial NICs just trying understanding the terms gets me closer to be able to set this up. Would you recommend getting two phyisical NIC cards or is it fine for one NIC to be virtualised into two v-NICS? I'm not going to saturate a single inteface card.

For that you use a reverse proxy. Not sure about pfsense but OPNsense got some plugins for that like HAproxy. I guess pfsense got something similar.

I've heard of HAProxy, pfSense has the plugin for that as well, will do some research on setting this up for doing the reverse proxy. Cheers
 
Would you recommend getting two phyisical NIC cards or is it fine for one NIC to be virtualised into two v-NICS? I'm not going to saturate a single inteface card.
One NIC is fine. But using two NICs also got some advantages, like for example when using a bond with fail-over for some redundancy. But to make really use of that the complete chain should be redundant, so two pfsenses, two switches and so on so you don`t got a single point of failure. So I would just go with a single NIC if you don't need the additional bandwidth.
 
One NIC is fine. But using two NICs also got some advantages, like for example when using a bond with fail-over for some redundancy. But to make really use of that the complete chain should be redundant, so two pfsenses, two switches and so on so you don`t got a single point of failure. So I would just go with a single NIC if you don't need the additional bandwidth.
Heard a saying in IT "Two is one and one is none." Thanks for the input. Going to attempt to get this working with just 'one' initially. Thanks for the help, I'll let you know how it goes.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!