I have a proxmox 6.3.2 server self hosted on a Dell PopweEdge R710 server. In which I have a centOS 8 machine, in which I have a web server installed. From within my network, by accessing the ip of said server, I can access and manage my website. What would I have to do to be able to access from outside my network using my domain. The domain points to my public ip address. I don't know how I should proceed to configure proxmox to be able to reach the web server, and to respond to requests sent from outside my network.
Help Configure network proxmos 6.3
- Thread starter manurando40
- Start date
You will need to pass through the traffic coming in to your public IP to the server.
This is done via port forwarding and has to be configured on your router/firewall.
Usually you want to limit this as much as possible, so only open the necessary ports (80 and 443 for http and https).
Since you are opening your network to a certain degree to the internet, you should take precautions. One common way is to isolate the publicly available servers in a separate network. A lot of times this is called a DMZ (demilitarized zone).
How you can do that depends heavily on the router/firewall and further network setup. The easiest would be if your router has, or can be configured to have one network port dedicated for the DMZ network. You can then connect the machines that should be available to that port.
If there is PVE involved you can use an unused port of the server for this to connect the PVE server to the DMZ port on the router. Then create a new
If you cannot use a dedicated cable, you could check if VLANs work. But I don't recommend it if you are just starting out setting up more complicated networks. All steps involved need to support it (router, switch, ....) and it has to be configured correctly for it to work.
This is done via port forwarding and has to be configured on your router/firewall.
Usually you want to limit this as much as possible, so only open the necessary ports (80 and 443 for http and https).
Since you are opening your network to a certain degree to the internet, you should take precautions. One common way is to isolate the publicly available servers in a separate network. A lot of times this is called a DMZ (demilitarized zone).
How you can do that depends heavily on the router/firewall and further network setup. The easiest would be if your router has, or can be configured to have one network port dedicated for the DMZ network. You can then connect the machines that should be available to that port.
If there is PVE involved you can use an unused port of the server for this to connect the PVE server to the DMZ port on the router. Then create a new
vmbr on that network interface. You con't need to assign an IP address as the PVE node itself (GUI, API, ....) does not need to be available in that network. Then in the NIC settings of the VM you can change the used vmbr to the one for the DMZ.If you cannot use a dedicated cable, you could check if VLANs work. But I don't recommend it if you are just starting out setting up more complicated networks. All steps involved need to support it (router, switch, ....) and it has to be configured correctly for it to work.
Thanks for your help.
If I clarify, the first thing to do is to do port forwarding on my router to direct the http port 80 traffic to the ip of the proxmox server. In proxmox create a new vmbr and in the network configuration of my VM assign that vmr correct?.
I assume that the VM on which the webserver is running has an IP address in your network right?
So the simplest way is to configure the port forwarding to the IP address of the VM.
To further improve on the security of the setup you could move the VM to a separate physical network with different IP addresses on the DMZ port of the router. For example, you might be using 192.168.1.x addresses in your network, you could use 192.168.10.x addresses in the DMZ network. Should an attacker be able to infiltrate the webserver, they are in the separate DMZ network and not in your normal network.
If you go down the DMZ route, you need to get the VM into that separate network. That's where the extra vmbr comes into play. As you then connected the DMZ port on the router to one of the free ports of the server.
There are quite a few resources on the internet on how to set up a DMZ. The only thing to keep in mind regarding PVE and VMs is how to connect the VMs only to the DMZ network and not the private network as you cannot physically connect them to the DMZ.
So the simplest way is to configure the port forwarding to the IP address of the VM.
To further improve on the security of the setup you could move the VM to a separate physical network with different IP addresses on the DMZ port of the router. For example, you might be using 192.168.1.x addresses in your network, you could use 192.168.10.x addresses in the DMZ network. Should an attacker be able to infiltrate the webserver, they are in the separate DMZ network and not in your normal network.
If you go down the DMZ route, you need to get the VM into that separate network. That's where the extra vmbr comes into play. As you then connected the DMZ port on the router to one of the free ports of the server.
There are quite a few resources on the internet on how to set up a DMZ. The only thing to keep in mind regarding PVE and VMs is how to connect the VMs only to the DMZ network and not the private network as you cannot physically connect them to the DMZ.
Last edited:
Thanks for your help, I have already worked segmenting the network into two my private network and the dmz network.
