How do I configure proxmox to listen for traffic from a domain with cloudflare?

J

jumpin_jamie

New Member
Mar 13, 2023
6
0
1
Hi, I have been using Proxmox for a few years now, but always wanted to access it from out of my network. I have an unused domain that I setup with Cloudflare with an A record pointing to my public IP address. I have security measures set up on my network through my ISP. I am encountering an error when visiting my domain (https://www.mydomainexample.com). It is a 521 error that says that the web-server is down. Although it should not be so. My nginx config looks like this:

Code: 
upstream proxmox {
    server "www.mydomainexample.com";
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name _;
    ssl_certificate /etc/pve/local/pve-ssl.pem;
    ssl_certificate_key /etc/pve/local/pve-ssl.key;
    proxy_redirect off;
    location / {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass https://localhost:8006;
        proxy_buffering off;
        client_max_body_size 0;
        proxy_connect_timeout  3600s;
        proxy_read_timeout  3600s;
        proxy_send_timeout  3600s;
        send_timeout  3600s;
    }
}

My hosts file looks like this:

Code: 
127.0.0.1 localhost.localdomain localhost
*private_ip* www.mydomainexample.com pve

Please let me know if this is correct or is brutally wrong. I am still basically new and followed some confusing tutorials from Proxmox. Please be kind. Thanks for your help!!
 
Have you set up port forwarding in your router/firewall? If not the requests will be stopped at the firewall and never make it into your network. I really hate port forwarding. You might be better served by using a Cloudflare tunnel to give that domain access to your Proxmox server. I think it is much safer than port forwarding and no one will ever know your actual public IP address with a tunnel. It will show up as a Cloudflare IP.

But why on earth would you ever want to expose your Proxmox UI to the outside world? That seems incredibly dangerous to me. The way I access my Proxmox environments (or the rest of my homelab environment) is through Tailscale. I installed Tailscale on my pfSense firewall, and use the "advertise routes" feature in Tailscale to make all the services I want, available to me. I then run Tailscale on my phone and on my laptop. So where ever I am in the world, I log into Tailscale and turn it on, and I have a wireguard encrypted private connection back to my homelab. In April I took a prolonged vacation 2000 miles from home and I was able to operate my home lab exactly as if I was sitting at home. If you want to give someone else access to your homelab just include them in your Tailscale network. But be careful. Tailscale doesn't do tuypical password based user authentication. They rely on google and similar services for user authentication. There are probably other overlay network services (like maybe Twingate?) that may suit you better.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back